Multicast Community Forum - New York
Dec 05, 2006
On Dec 5th 2006, Cisco NSSTG and Advanced Services held a Multicast Community
Forum (MCF) in New York with the key leaders in the Financial industry.
The Goals of the MCF are:
* Engage key industry leaders to discuss industry wide solutions
* Discuss interactions between Financial Service Providers and customers
* Drive consensus on networking requirements for Financial market space
Cisco has hosted several MCFs in London and New York. In the past we have
tried to keep the number of customer attendees down to a minimum to
foster informal discussions about the industry. This time there was strong
interest both from the customer side and internally at Cisco and
we expanded the audience. There were approximately 70 attendees from
customers, partners, and Cisco field, marketing and development.
The customers in attendance included:
Chicago Mercantile Exchange
Citigroup
CSFB
Deutsche Bank
Fidelity
Lehman Bros
Nasdaq
JPMC
Representatives from the middleware vendors Tibco and 29 West also attended.
The agenda consisted of both Cisco and partner presentations as well as
a round table discussion. The overall focus of the event was Multicast
Network Management and Security. The agenda as presented to the customers
for the event is this file: mcf-ny-dec-5-2006-agenda-final.pdf
A summary of the Top Issues:
- mAAA availability
The group-range command would make a huge difference in being able to
deploy multicast applications securely
The Public Sector group could use mAAA for access control of their
City-wide Video Surveillance (CVS)
- Group Encrypted Transport (GET) VPN availability on 6500
- Long lead time in general for Multicast Feature support on the 6500
- Latency - monitoring and measuring in the network
Below are summaries of the presentations and the round table discussion.
Cisco IOS Update - Dima Khoury
Dima presented an overview of the IOS software strategy focusing on the
platforms and features that would be of interest to the Financial community.
This included multicast security and HA features as well as other topics
of interest such as OER and NBAR. Dima's presentation can be found here:
IOS-Update-NY-Dec06.pdf
Multicast Network Management Overview - Andy Kessler
Andy presented an overview of the instrumentation available in IOS to
enable Multicast Network Management. The topics included SNMP MIBs for
Multicast, Syslogs, and Netflow. There was also an overview of the
future support for Multicast with IP SLA. Andy's presentation can be found
here:
mcast-net-mgmt.pdf
Multicast Management using Netflow Tracker - Mike McGrath
Mike is the CTO of Crannog Software. Mike presented on the background,
challenges and benefits of using netflow to monitor multicast traffic.
The presentation included details on Crannog's Netflow Tracker product
and how it can be used for security threats, traffic profiling, QoS
troubleshooting and specific multicast issues. Mike's presentation
can be found here:
Netflow-Tracker-Overview-NY.pdf
Cisco Multicast Manager 2.3(4) - Paul Gilbert
Paul presented an overview of the current features in CMM that enable
Monitoring, Reporting and Diagnostics in typical Financial application
environments. Future roadmap plans for CMM was also discussed. Paul's
presentation can be found here:
CMM-2.3.4-MCF.pdf
Group Encrypted Transport (GET) VPN - Donovan Williams
Donovan presented the details of encrypting multicast in different
customer deployment scenarios using GDOI. There was discussion on
how GDOI can be used over a typical enterprise WAN, together with mVPN or
for PIM control plane authentication. Donovan's presentation can be found
here:
GetVPN-MCF-DW.pdf
IP Interoperability Collaboration Systems - Keith O'Brien
Keith delivered an overview of the IPICS solution is being used today
for Public Safety and Security. The presentation drew parallels on how
the same technology can be used for Hoot and Holler in Financial
environments. There was one customer in the audience that is leveraging
their multicast infrastructure and IPICS today for their enterprise
safety and security. Keith's presentation is here:
IPICS-Tech-Talk.pdf
Round Table Discussion - moderated by Andy Kessler
The Round Table Discussion consisted of three main topics - Network
Management, Security and Hoot n' Holler. A set of general questions
were displayed for the group to foster the discussion. The slides
with the general questions are here:
mcf-questions.pdf
Discussion:
Management and Monitoring:
* Latency in the network means potential loss of revenue to the financial
customers. The majority of latency is often due to the applications
themselves but the network Ops folks need ways to monitor latency and
prove that it is or is not the network.
We discussed using IP SLA as a tool to monitor latency - both using
the unicast support today and then multicast support in the future. NTP
clock drift is a known issue and makes one way latency measurements
challenging. We spoke about a number of different options for making
accurate time comparisons on the network:
o Deployment of GPS on both ends of the network
o Using a Timing T1
These solutions have scaling and cost issues.
Going forward Cisco is working with folks at Symmetricom
<http://www.symmetricom.com> to understand better ways of achieving
accurate time synching than NTP.
Cisco is also investigating IEEE-1588 <http://ieee1588.nist.gov/> a new
standard for time measurement.
Customers indicated that they need sub millisecond measurements
capability.
Accurate time synch is also important to be able to correlate syslog
messages from servers and routers throughout the network.
* Microbursts - servers sending out a burst of traffic can cause temporary
congestion and packet loss. Network Ops are always looking for ways
to be able to go back and determine the cause of packet drops. Common
tools that customers said they use are Niksun and InfiniStream.
Niksun
http://www.niksun.com/Products_Appliance.htm
InfiniStream
http://www.networkgeneral.com/Products_details.aspx?PrdId=20046117180712
* Tibco spoke about RVTrace which is a standalone application that can
capture RV packets and report statistics on traffic rates, sequence
gaps and retransmissions on a per group or per subject basis. Typically,
RVTrace is a tool that is used for troubleshooting and is run on a
non-production machine that is connected to a SPAN port. Rvtrace has mib
support so that you can query the stats. It also has the ability to set a
threshold for a certain level of retransmissions and then generate a trap.
Tibco indicated that they are working with on a strategy internally and
with vendors for a robust messaging monitoring and management platform.
Tibco has the enhanced retransmission control in RV 7.5 which will help
in the fast producer/slow consumer situations when there are
machines that consistently can't keep up.
* Several customers indicated frustration with the long cycle time on
getting features delivered to the Cat6k. They said new features always
seem to get to the 6500 last.
Security
* Some customers were interested in the ability to encrypt multicast with
the GET VPN solution. One possible application would be home based
trading. Traders should be able to take home a PC and have the same
environment as the trading room floor. It would need to be secure through
a variety of different access methods.
* One customer suggested simplifying the config commands for GET VPN.
* Many customers were not satisfied with the Cisco firewalls in terms
of feature set, performance and configurability.
After the Round Table discussion there were two more presentations.
PIX Firewall Multicast Case Study - Peter Fyffe
Peter presented an overview of the multicast support in the PIX and
FWSM. He also spoke about a case study showing how in the past multicast
would need to be forwarded using GRE tunnels but today the traffic can
be forwarded natively in multicast.
PIX_Multicast_Case Study.pdf
Virtual RP in an ECN Feed Architecture - Reed Streifthau
Reed delivered a detailed presentation on a redundant feed architecture
for Electronic Communication Networks. The scenario represented is typical
of a major exchange data distribution network. Reed's presentation can be found
here:
ECNfeed-05Dec06.pdf
Customer Feedback:
At the end of the event questionnaires were handed out for feedback.
The average rating was 4.11 (1 - 5 with 5 being excellent).
The full feedback results are here:
feedback.html