ASA-cx,wsa,scansafe positioning and Differences

Cisco has several products in Market for Web content security. We need to understand their differences and positioning.Cisco has ASA CX Context-Aware Firewall, the Cisco Web Security Appliance (WSA), and ScanSafe Cloud Security service (aka Cloud web security).
These devices have some overlapping features and also has some positioning differences

Web Security Appliance (WSA)-

The Web Security Appliance is suitable for customers who want:

-A dedicated proxy or web-security gateway
-Comprehensive web content filtering
-Anti-malware scanning
-Data Loss Prevention
-Caching


ScanSafe is suitable for customers who want:

-Web security for mobile users without the need to backhaul all traffic
-Distributed enterprise with many Internet access points
-Ease of deployment to existing network


ASA CX Context-Aware Firewall is suitable for customers who want:

-Inline protection
-Full firewall capabilities with some content controls
-Visibility and control of web and non-web protocols and applications that may use non-standard ports
(eg. Skype, P2P, or Voice protocols like h323, SIP)

Click Here To Read Rest Of The Post...

Difference in Cisco AP SW images

There are two image types at the time of ordering any Cisco LAP. The two images can be used in situations given below-


S3G2RK9W8-12423JY  IOS Wireless LAN Recovery-should be used for Controller based deployment

AND

SWLAP3600I-MESH-K9  Enterprise Wireless Mesh - AP3600I Controller-based SW Image-used for Wireless MESH deployments only

Click Here To Read Rest Of The Post...

Difference Between Optimum , Fast and CEF Switching

With reference to my last post on Interrupt Context Switching Vs Process Switching; I am explaining more on to the Interrupt Context Switching Mechanism which is being used by Fast Switching, Optimum Switching & CEF Switching. All the three mentioned switching techniques uses the cache. So you can see how the cache is used by the switching methods and becasue of that cache fact it is said that cisco uses interrupt context switching.

Fast Switching
Fast switching stores the forwarding information and MAC header rewrite string using a binary tree for quick lookup and reference. In Fast Switching, the reachability information is indicated by the existence of a node on the binary tree for the destination of the packet. The MAC header and outbound interface for each destination are stored as part of the node's information within the tree. The binary tree can actually have 32 levels. In order to search a binary tree, you simply start from the left (with the most significant digit) in the (binary) number you are looking for, and branch right or left in the tree based on that number. For instance, if you are looking for the information related to the number 4 in this tree, you would begin by branching right, because the first binary digit is 1. You would follow the tree down, comparing the next digit in the (binary) number, until you reach the end.

Optimum Switching
Optimum switching stores the forwarding information and the MAC header rewrite information in a 256 way multiway tree (256 way mtree). Using an mtree reduces the number of steps which must be taken when looking up a prefix. Each octet is used to determine which of the 256 branches to take at each level of the tree, which means there are, at most, 4 lookups involved in finding any destination. For shorter prefix lengths, only one−three lookups may be required. The MAC header rewrite and output interface information are stored as part of the tree node.

CEF (Cisco Express Forwarding) Switching
Cisco Express Forwarding also uses a 256 way data structure to store forwarding and MAC header rewrite information, but it does not use a tree. Cisco Express Forwarding uses a trie, which means the actual information being searched for is not in the data structure; instead, the data is stored in a separate data structure, and the trie simply points to it. In other words, rather than storing the outbound interface and MAC header rewrite within the tree itself, Cisco Express Forwarding stores this information in a separate data structure called the adjacency table.


regards
shivlu jain
Click Here To Read Rest Of The Post...

Interrupt Context Switching Vs Process Switching

Process Switching
Process switching is the default switching technique used by all cisco routers and ios. According to process switching when the packet comes from media to the interface it will check the following steps given below:-
1) Check the destination address in the routing table.
2) Look for the recursive lookup or find the directly connected outgoing interface.
3) Mac rewrite for the next hop.
For every packet the same steps need to be followed which actually involves the cpu and lot of processing consequence diminish in performance.

Interrupt Context Switching
This is also switching technique used by many cisco routers and ios. According to interrupt context switching a cache is maintained which stores the information of packet which comes first. After that if it finds the same packet credentials then instead of going to the processor it will go to the cache. From cache it gets it all the requirements and forwards the packet towards the destination. That’s why it is called fast switching; optimum switching and cef switching all are using interrupt context switching.
Difference between process and interrupt context switching
1) A cache is maintained in the interrupt context switching where as in process switching it follows all the steps mention above.
2) Interrupt context switching is faster that process switching.
3) Interrupt context switching uses destination based load balancing whereas process switching uses per packet based load balancing.

regards
shivlu jain
Click Here To Read Rest Of The Post...