ASK THE EXPERT - USING CISCO DATA CENTER ASSURANCE PROGRAM DESIGNS

Unanswered Question
May 4th, 2007
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss with Cisco expert Steve Young how the Cisco DCAP assists customers in their deployment of Cisco's data center products with consistent and documented testing of Cisco data center designs. Steve has been with Cisco Systems for six years. He began his career with Cisco, doing systems testing on the Catalyst 5000 switches. He then transitioned to testing the Catalyst 6500 as a founding member of the Safe Harbor team. Now, a manager on the Safe Harbor team, Steve is currently overseeing the Data Center Assurance Program. For more information you can go to Data Center Design Zone - http://www.cisco.com/en/US/netsol/ns743/networking_solutions_program_home.html


Remember to use the rating system to let Steve know if you have received an adequate response.


Steve might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through May 18, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

HI


We have router A and B

Router A has static ip and Ip block is Routed to that Router A Static Ip


We made the VPN for VOICE over ip we need to block 3 ips in IP Block and USe the rest

plz explain how will that be possible


ip route 69.xx.xxx.112 255.255.255.248 192.168.189.1


the Above command Allows these ips to be used in VPN

69.xx.xxx.114/115/116/117/118 ip to be use


we need to disable or block 114 and 115 and 116 to be used plz send me the config or guide it will be of great help






*******************Current Config

Building configuration...


Current configuration : 917 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$fPLo$HCnPLCd6vJrm7wlmHvkhm1

enable password cisco

!

no aaa new-model

ip subnet-zero

ip cef

!

!

no ip domain lookup

!

ip audit po max-events 100

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Tunnel321

ip address 192.168.189.2 255.255.255.252

tunnel source 69.xx.xxx.114

tunnel destination 203.xx.xxx.137

!

interface Ethernet0/0

ip address 69.xx.xxx.114 255.255.255.248

no ip mroute-cache

half-duplex

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

ip route 69.xx.xxx.112 255.255.255.248 192.168.189.1

ip route 69.xx.xxx.120 255.255.255.248 192.168.189.1

!

!

!

!

!

dial-peer cor custom

!

!

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

!

!

end

******************************************


Yasear Saad

smyoung Mon, 05/07/2007 - 06:27
User Badges:
  • Cisco Employee,

Hi Yasear,


It appears that you posted this in the "Storage Networking: ASK THE EXPERT - USING CISCO DATA CENTER ASSURANCE PROGRAM DESIGNS" forum. If that is the case, you may want to repost in another forum, since this is not geared towards answering these types of questions.


Thanks,

Steve

thomas.chen Tue, 05/08/2007 - 09:56
User Badges:
  • Silver, 250 points or more

Hi Steve,


Does Cisco provide any uptime guarantees if we implement the complete DCAP 2.0 design? If not, what benefits can we expect by deploying the full DCAP 2.0 design?


Thanks,

Tom

smyoung Tue, 05/08/2007 - 18:30
User Badges:
  • Cisco Employee,

Hi Tom,


We are not able to provide any uptime guarantees with our testing. The testing that we do is meant to provide assurance that the recommended data center designs are tested in a consistent and transparent manner. Some of the benefits of tracking DCAP testing include:


1) End-to-end verification: The test topology covers multiple platforms, vendors and technologies to verify a basic level of interoperability and functionality.


2) Faster deployment cycles: We understand that the FCS date for new hardware or software is not the date that you will deploy into your production environment; It is very likely that it may take many months of validation before you give a stamp of approval to anything new. If your topologies are built tracking validated Cisco DC designs, there is a good chance that the DCAP team will have already covered much of your validation needs through its testing. This has the potential to reduce the cycles you spend on your own validation.


3) Transparent and reproducible results: The end of each phase of testing is followed closely by the availability of detailed documentation of the testing, including step-wise procedures so that you can see exactly what was done in a given test case and even recreate the testing in your own labs.


4) Ability to influence DCAP coverage: The DCAP topology is not intended to cover the specifics of any single customer. Rather, we focus on the commonalities shared between our customers (the old 80/20 rule). As such, we depend on our customers to educate us about their deployments so that we can better increase our coverage. Do you have something configured that we don't? Let us know. If it makes sense to add it (80/20), we will put it in the queue and add it, hopefully with your guidance and assistance. In this way, you can influence the short- and long-term direction of our testing, based on your needs.


Thanks.

Steve

federico_caminos Tue, 05/08/2007 - 10:33
User Badges:

Hello Steve

I think DCAP is very oriented towards design with modules, is there any information available or designs with appliances instead of modules.

Thanks in advance.

Federico

smyoung Tue, 05/08/2007 - 18:52
User Badges:
  • Cisco Employee,

Hi Frederico,


Are you talking about Cisco appliances, such as AVS, WAE, etc. (answer is 'yes')? Or are you talking about non-Cisco appliances, such as NetScreen firewall (answer is 'no')?


From an appliance perspective, we already have Cisco's WAAS and GSS products in place in our testing for traffic optimization and global load balancing. We also have plans on adding the AVS appliance in the coming 3-6 months.


Interestingly, in the second data center in our test topology, we have removed the service modules from the aggregation switches themselves, and placed them in a separate switch connected to the Aggregation Layer. So we have a Cat6k dedicated to providing L4-7 services (CSM/FWSM/SSLM). This not only increases the number of slots available for SM scaling in the Agg Layer, but also frees up aggregation slots for increased port density down to the Access Layer.


For more information on data center designs that may incorporate more of the Cisco appliances than we do at this point, I'd recommend you visit the Enterprise Solution Engineering (ESE) team's external page. You can find many good design guides there, many written around leveraging appliances in the data center.


http://www.cisco.com/go/srnd


(I should point out that the focus of DCAP testing is to validate these designs through ongoing and consistent testing. When we do add these appliances to our test topology, we will be using the ESE design guides, as well as customer input, for our starting point.)


Regards,

Steve

federico_caminos Wed, 05/09/2007 - 06:33
User Badges:

Hello Steve,


Thank you for your previous response.


Definitely I am talking about Cisco appliances, In my particular case, our data center design approach is based on Cisco appliances, mainly because of budget constraints, we are planning to use CSS115XX (instead of CSM) and ASA/PIX (instead of FWSM) we are still using Cat6k5 with SUP1.


Even though this is a poor guy?s approach we still think it is very important to adecuate our service to best practices design, like high availability, redundancy, diversity, tested and well documented design and IOS versions... like the pros.


With every budget cycle, and as the service demand grows, we plan to upgrade from SUP1 to SUP2 to SUP720 for the Cat6k5, from CSS to CSM and from ASA to FSWM.


My first question is if your group is considering a gradual growth design, like my companys approach, going from Cisco appliances to Cisco modules, and the other is if you can clarify or comment on how we as a customer can participate and get information from your group?s work (at least for me this is not clear).


Regards

Federico


smyoung Wed, 05/09/2007 - 07:41
User Badges:
  • Cisco Employee,

Hi Frederico,


We started our testing with CSM/FWSM/SSLM in our aggregation switches. We will be migrating to the ACE blade and eventually the ACE appliance (for the integrated AVS functionality) for load-balancing. We don't have any plans on using the CSS or ASA/PIX in DCAP.


We did not pursue the gradual growth design, as you describe. Instead, we chose to give our customers a reference model that they can leverage as they move to the more empowering technologies in the data center. This way, you can have a clearer picture of where you want to go.


As for how you can participate in DCAP, I would suggest you start by going to the Safe Harbor external web page (DCAP is an extension of the Safe Harbor testing):


http://www.cisco.com/go/safeharbor


There is a link there that you can use to subscribe to the Safe Harbor public alias. Once subscribed, you will get an email 1x/week notifying you of the status of all Safe Harbor testing, including DCAP. You can also send emails to the alias. It is moderated, so any information you send will only be seen by the moderators (us), not by anyone else on the alias.


Send us an email and we can get a conversation going.


The way the engagement typically goes is that we will start off with an overview of the program with you. On occasion we will have a conversation with you or your account team. We'd like you to review our past results and make suggestions for future coverage. We'd also like to get a picture of where you are and where you're going so that we can direct our testing appropriately.


Look forward to talking to you!


Thanks,

Steve

bbaley Wed, 05/09/2007 - 08:57
User Badges:

Hello Steve,


We are planning a new data center within the next 9 months - how will the DCAP designs help us ? won't the designs change a couple of times over the next 9 months - so shouldn't we just wait for the new designs?


Thanks - Bill

smyoung Wed, 05/09/2007 - 11:15
User Badges:
  • Cisco Employee,

Hi Bill,


The starting point for the DCAP testing is the designs that come from Cisco's Enterprise Solutions Engineering (ESE) data center team.


http://www.cisco.com/go/srnd


Depending on your team's knowledge of available data center technologies, these design guides can serve to get you started, or reinforce the direction you've already been taking.


If you leverage the designs from ESE/DCAP, you can be a step ahead with a basis that's been developed in the lab and tested consistently in an end-to-end environment.


Moreover, the DCAP program gives you the ability to influence the direction and focus of the testing. Take a look at the design guides and at our recent results. If there's something that is missing that would benefit you, or something that's different, let us know. If it makes sense for us to add it, we will prioritize it and put it on the roadmap.


For the large part, the overall design will stay static for a long period of time. Different elements may be added to it, and configurations may be tweaked somewhat to accomodate these additions, but, generally speaking, the model is not built to accomodate frequent and drastic overhauls to the design. That simply is not in line with our goals.


When changes are warranted, we try to make use of the fact that we have two data center topologies at our disposal. We can make a change to one and keep the older design in the other.


Regards,

Steve

nagudotadm Thu, 05/10/2007 - 02:04
User Badges:

Helo Sir,

I am Nagendra recently i purchased cisco SD2008 gigabit switch when i connect to the system it was conectin only 100 mbps i want configure 1000 mbps please help me

smyoung Thu, 05/10/2007 - 05:41
User Badges:
  • Cisco Employee,

Hi Nagendra,


Your question is outside the scope of this forum, which is focused on the DCAP data center testing program.


Have you tried the Tech Support resources on www.linksys.com? They are classifying this as an "unmanaged" switch, which may mean that there's no interface available for actually changing the configuration on the device.


Have you verified your remote side settings?


Sorry I couldn't help more.


Steve

mwenyajames Mon, 05/14/2007 - 06:27
User Badges:

Help me with advice on why my client's CISCO 6340 router is hanging up on my G.703 E1 at both ends of the PDH radio link.

smyoung Mon, 05/14/2007 - 06:56
User Badges:
  • Cisco Employee,

Hi James,


Your question is outside the scope of this forum, which is focused on the DCAP data center testing program.


Perhaps there is another forum better suited to your question?


Thanks,

Steve

Antonio Brandao Tue, 05/15/2007 - 07:28
User Badges:

Hi,


I would like to implement a cisco solution using :


- Cisco asa 5520.

- VPN.

- Teleworkers with fingerprint authentication.

- CA on verisign.


Do you can help me to build a draft about this solution ?


Att


Antonio

smyoung Tue, 05/15/2007 - 12:52
User Badges:
  • Cisco Employee,

Hi Antonio,


The DCAP program is not geared towards building solutions from a list of technologies or hardware. Instead, we rely on the solutions developed by the Cisco Enterprise Solutions Engineering data center team as the starting point for our testing. The solutions from ESE are our starting point for testing.


As such, we don't currently have the items you mentioned on our roadmap. Further, the designs we ultimately test with are not modelled around a single customer. Instead we cater to a generic topology in which 80% of all customers needs can be met.


I don't want to leave you high and dry here, though. Here are some places I would recommend you start:


1) (Since this is a DCAP-focused forum, you'll excuse my shameless plug.) If your company has one or more data centers, I'd invite you to look a little more into the DCAP program. We may be able to help you out in other areas. Please check my replies to some earlier posts in this forum as well as the following URL:


http://www.cisco.com/go/safeharbor


2) Check the list of design guides from ESE, available at the following URL. It is possible that there is a DG available that incorporates your needs:


http://www.cisco.com/go/srnd


3) Engage Cisco's Advanced Services team for some customized design work and testing. While DCAP testing is focused on covering the 80% that many customers have in common, the AS teams are there to fill in the 20%.


Hope this is of some help!


Thanks,

Steve

colin.mcnamara Tue, 05/15/2007 - 10:05
User Badges:
  • Bronze, 100 points or more

Is there a formal process for submitting architectures to be considered in the DCAP program?


Does a design / architecture have to have a SRND created prior to being tested and verified in DCAP?


--Colin

smyoung Tue, 05/15/2007 - 18:14
User Badges:
  • Cisco Employee,

Hi Colin,


The DCAP program is an extension of Safe Harbor testing. Please browse to:


http://www.cisco.com/go/safeharbor


and send an email to the external mailing list shown there. Include in your email that you are wanting more information about the DCAP program. I, or one of our program managers, will get back to you with more details about the engagement process. The process is only as formal as you want it to be, but that is the first step regardless. (The alias is moderated, so your email will be seen only by the internal Safe Harbor/DCAP team.)


It is ideal, from our perspective, to start with an SRND, rather than reinventing the wheel. It saves us many cycles for actual testing work. There are several areas in our current testing (active/active Oracle 11i, MS Exchange 2003, SAN Extension, e.g.), however, in which there is no SRND to start us off.


So, a short answer is no, it's not a requirement, though it is desirable. We do follow the 80/20 rule when deciding what deployments to test, so we would also have to take that into consideration when reviewing a request for a design that fell outside the scope of an existing SRND.


Look forward to hearing from you.


Thanks,

Steve

lisa.hall Wed, 05/16/2007 - 11:35
User Badges:

Steve,


In the storage fabric you tested with EMC DMX-3, HP XP10000 and NetApp FAS6070.What made you choose these systems and what if I am using other storage systems like IBM's Enterprise Storage ?


Thanks,

Lisa


smyoung Wed, 05/16/2007 - 12:12
User Badges:
  • Cisco Employee,

Hi Lisa,


We chose the EMC frames because of their high adoption rate (read: market share) in the field. The majority large enterprises using storage arrays are using EMC.


The HPs and NetApps were chosen because we have been able to develop a relationship with those two vendors. We are working to develop similar relationships with other storage vendors, including IBM, so that we might incorporate their gear in our test bed as well.


We have found that most of the differences between array vendors is found in the replication functionality. If you are using Cisco MDS gear for the SAN infrastructure, there's still value in our testing for you, outside of the SAN extension scope.


How closely does the rest of your SAN environment match with our topology?


Thanks,

Steve

fmeetz Thu, 05/17/2007 - 06:58
User Badges:
  • Bronze, 100 points or more

Steve,


We are planning on deploying blade servers - will you include any Ethernet and FC blade switches in your next DCAP testing phase.


Thanks,

Frank


smyoung Thu, 05/17/2007 - 07:10
User Badges:
  • Cisco Employee,

Hi Frank,


In our current phase of testing, we have a pair of HP c-Class BladeSystems (one in each data center). Each of these is equipped with Cisco 3020 integrated blade switches, for LAN connectivity. For SAN connectivity, we are currently using pass-thru FC modules, but plan to equip them with SAN switches in the future.


We have AMD and Intel blades in each of the chassis, configured as Oracle 11i app servers. In the next phase of testing, we will be running multiple virtual machines (via VMware) on these blades to present multiple Oracle app servers from a single blade.


We are also looking into adding blade server solutions from other vendors, in the future.


Thanks,

Steve

Actions

This Discussion