Q&A
OVERVIEW
Q. What is Cisco® Network Planning Solution (NPS)?
A. Cisco NPS is a decision support tool that helps network planning, engineering, and operations organizations to support growth, ensure network resiliency including during unplanned changes or failures, improve application and service continuity, plan for new technology deployments, and validate planned configuration changes. It uses a high-fidelity software model of the IT infrastructure, accurately simulating the behavior of routers, switches, protocols, and individual applications, to enable a broad scope of change impact ("what-if") analyses. Using current or projected traffic data, Cisco NPS automates network design and optimization to support the deployment of new applications and services, and help ensure efficient use of resources. Cisco NPS also incorporates a rules-based engine for configuration analysis, so that proposed changes can be validated prior to deployment.
Cisco NPS is a combination of integrated software applications: a Design and Analysis engine that actually builds a network model, performs analysis and design, and provides visualization and reporting; and a Virtual Network Data Server that facilitates the creation of a high-fidelity network model based on configuration, topology, and traffic information.
Q. What types of users will benefit from Cisco NPS?
A. Cisco NPS is suitable for any medium-sized or large enterprise that operates an IP or ATM-based network to support critical business applications. It supports numerous planning and operational decision studies for network planning, operations, and engineering staff. Cisco NPS is unique in its broad and detailed support for Cisco devices and configuration commands, comprehensive and automated data-management capabilities, and integrated modeling of IP (and ATM) networks.
Q. Is Cisco NPS suitable for service provider networks?
A. Cisco NPS 1.0 does not currently incorporate support for service provider-centric technologies such as Multiprotocol Label Switching (MPLS) or Intermediate System-to-Intermediate System (IS-IS) Protocol. Additionally, networks that have a large number of internal Border Gateway Protocol (iBGP) speakers, like those of network service providers, are considered to be service provider class, and are not supported by Cisco NPS 1.0.
Q. What are some typical studies a user would perform with Cisco NPS?
A. Typical studies include:
• Visualizing and understanding connectivity, routing, and link utilization in the production network
• Planning network capacity, including projecting future traffic demands and automatically sizing links
• Assessing network resiliency by predicting the impact of link, node, and resource group failures on application flows and link utilization
• Validating the integrity and effectiveness of a network change before deploying it, such as a configuration or topology change
• Planning for the deployment of new applications, or technologies and services such as VPNs, voice over IP (VoIP), and others
• Developing and "testing" alternative strategies for network convergence, consolidation, and migration
Q. What technologies and protocols does Cisco NPS support?
A. Cisco NPS helps enable modeling of hundreds of technologies and protocols. The following is a partial list, featuring primary examples:
• IP, ATM, Frame Relay
• Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Routing Information Protocol (RIP), RIP Next Generation
• Ethernet, Gigabit Ethernet, Spanning Tree, Token Ring, SONET, Fiber Distributed Data Interface (FDDI), VLAN, and more
• IPv4, IP Multicast, Internetwork Packet Exchange (IPX) protocol, Hot Standby Router Protocol (HSRP)
• Quality of service (QoS)-committed access rate (CAR)/Policing, Custom Queuing, Distributed Weighted Fair Queuing (DWFQ), Class-Based Weighted Fair Queuing (CBWFQ), Deficit Weighted Round Robin (DWRR), Modified Deficit Round Robin (MDRR), Modified Weighted Round Robin (MWRR), FIFO, Low Latency Queuing (LLQ) with Rate Limit, Marking, Priority Queuing, Random Early Detection (RED) and Weighted RED (WRED)
• VoIP, HTTP, FTP, Telnet, e-mail, video, others
Q. How is the software model of a network created?
A. The model of an existing network can be created automatically through the Cisco NPS Virtual Network Data Server. This integrated component of Cisco NPS automatically maintains a detailed, near real-time data model of the production network comprising configuration, topology, and traffic information. You can obtain data automatically directly from a broad scope of network devices using Telnet/Secure Shell (SSH) Protocol and Simple Network Management Protocol (SNMP), including Cisco routers, Cisco Catalyst® switches, the Cisco PIX® Security Appliance, and devices from many other vendors. You can import data from CiscoWorks (including Resource Manager Essentials and Campus Manager) for supported devices, as well as Cisco WAN Manager for wide-area ATM networks. Topology data can be imported from Cisco Network Connectivity Center, HP OpenView NNM, SMARTS InCharge, and others. Alternatively, integrated Layer 2 and 3 connectivity can be inferred automatically by analyzing neighbor protocol information, content-addressable memory (CAM) and Address Resolution Protocol (ARP) tables, and other sources. You can import traffic information from Cisco NetFlow FlowCollector, or a broad scope of third-party tools. The Cisco NPS Virtual Network Data Server can also poll devices directly for baseline interface utilization statistics.
For a relatively simple network, you can create a model by importing static device-configuration files. ATM network configuration information can be imported through ASCII files. You can also use the GUI to create a model.
Q. How can I apply changes to the network model to analyze impact?
A. You can apply modifications to an existing network through the GUI. The configuration of Cisco devices in the model can also be modified using a "virtual" CLI. If the model was initially created by importing static device-configuration files, it can be "updated" by incrementally importing new or revised files that contain the changes to be analyzed.
Q. How does Cisco NPS support network security?
A. Cisco NPS supports network security through configuration analysis and validation, with nearly 100 rules for security-related issues. It includes rule suites for authentication, authorization, and accounting (AAA), kerberos, RADIUS, TACACS+, SNMP, system logging, device administration, and others. A "test" traffic matrix that includes both valid and invalid flows can be used in a "Security Demands" simulation, to predict whether unauthorized flows could penetrate the infrastructure. Unlike typical online vulnerability testing, a Security Demands analysis can be conducted under simulated failure conditions, to ensure that the backup network configuration would be secure. It also pinpoints nodes that inappropriately block valid network traffic.
Q. Is Cisco NPS based on solutions from OPNET Technologies?
A. Yes, Cisco NPS is based on OPNET applications and modules to provide comprehensive network planning and operations support.
PRODUCT INTEGRATIONS
Q. With what (other) Cisco products does Cisco NPS integrate?
A. Cisco NPS Virtual Network Data Server obtains network data automatically through Telnet/SSH and SNMP from Cisco routers (running Cisco IOS® Software), Cisco Catalyst switches (running Catalyst OS, Cisco IOS Software), and the Cisco PIX Security Appliance. Data can be imported from CiscoWorks for supported devices (including Resource Manager Essentials and Campus Manager), as well as Cisco WAN Manager for wide-area ATM switches. Topology data can be imported from Cisco Network Connectivity Center.. Traffic data can be imported from Cisco NetFlow FlowCollector.
The Virtual Network Data Server can be configured to integrate with Cisco Info Center to obtain real-time awareness of network events that may indicate a configuration change, and automatically update its data for the affected devices.
For topology and configuration information, the Virtual Network Data Server will automatically reconcile conflicting or overlapping data based on user-configurable priorities.
Q. Does Cisco NPS provide multiple-vendor device support? How does this support differ from support for Cisco devices?
A. Cisco NPS supports Check Point, Extreme, Foundry, Juniper, Nokia, and Nortel devices. In every case, support is more robust for Cisco devices. That is, the scope of supported configuration commands and device attributes is significantly broader for Cisco solutions.
INSTALLATION AND IMPLEMENTATION
Q. Does installation require multiple platforms?
A. Yes. As noted previously, Cisco NPS contains a Design and Analysis engine and Virtual Network Data Server, each on separate installation CDs. A large library of technology, protocol, and device models accompanies the Design and Analysis engine, to provide the appropriate modeling "behavior" during a simulation. The Design and Analysis engine is typically implemented on the user desktop. The Virtual Network Data Server is generally implemented on a dual-processor platform with the prerequisite database environment, located in the network operations center (NOC). Both components are provided with online user documentation that is installed with the product.
Q. Can the Virtual Network Data Server and prerequisite Oracle data systems be implemented on separate platforms?
A. Yes, these components can be implemented on separate platforms. However, the platforms should feature a fast FSB (~800MHz) and be connected via a high-speed link (not over a WAN) that is unimpeded by a firewall. Implementing the database remote from the Virtual Network Data Server is not supported.
Q. Do multiple concurrent users require more than one license?
A. Yes. Concurrent users require an equivalent number of Cisco NPS licenses. Alternatively, multiple users may share a single license for Cisco NPS but not concurrently. A License Server allows each user to "check out" a license on an as-needed basis and return it automatically when completed.
Q. What is the difference between a restricted license for Cisco NPS and a nonrestricted license?
A. The Cisco NPS restricted license confines use within a single IP network by default subnet class. The Cisco NPS nonrestricted license offers the most flexibility for organizations that operate multiple IP networks. Licenses can be accessed by users of workstations on the same IP network as the License Server and up to 100 additional IP networks. Users must maintain connectivity to the designated IP network(s) in order to use each license.
Q. What is provided with Cisco NPS Additional User License?
A. As noted previously, Cisco NPS contains two components: the Design and Analysis engine and Virtual Network Data Server. Cisco NPS Additional User License does not include the Virtual Network Data Server component. The Virtual Network Data Server that is part of Cisco NPS can be used in a single network management environment with an additional Cisco NPS license added per concurrent user to provide design and analysis capability. Some customers will require separate network management environments (such as North America, Europe, etc.) and therefore will require multiple Virtual Network Data Servers.
Q. What are the various licensing options?
A. All the components of Cisco NPS obtain a license from a License Server at the time of startup. The Design and Analysis engine is implemented on a user desktop. The License Server can be implemented on the user desktop as well, if the license is not intended to be shared among multiple users. Alternatively the license can be shared from a License Server accessible to all the intended users. Only a single user at a time can "check out" a license for the Design and Analysis engine. Multiple licenses are required for multiple concurrent users.
The Virtual Network Data Server operates automatically, rather than being operated by multiple users. It is essentially licensed per instance. It is recommended that the License Server be implemented on the same platform as the Virtual Network Data Server for availability reasons. Note that it is possible to use the same License Server for all Cisco NPS software or two separate servers, one for the Design and Analysis users, and the other for the Virtual Network Data Server.
Q. What skill level is required to implement and use Cisco NPS?
A. A basic working understanding is required of the network technologies, protocols, and devices that are to be analyzed in Cisco NPS, such as IP/ATM; EIGRP, IGRP, OSPF, BGP, and others; and routers, switches, and firewalls. In general, enough expertise is required to understand what types of questions or studies are reasonable-for example, how OSPF link weight metrics might be changed to achieve a particular operational objective, to "test" these in Cisco NPS.
Cisco NPS actually provides an excellent training environment. It provides a better understanding of "real-world" network behavior, and accelerates learning for new technologies such as VPNs and VoIP by simulating their operational characteristics in the "virtual" network.
Q. How much time and effort is required to implement Cisco NPS? Are professional services needed for implementation?
A. The time and effort required to implement the Cisco NPS Design and Analysis engine is small-very little "configuration" is required. Sample models and tutorials are provided to introduce users to the GUI, product features, scope of technology and protocol support, etc., thereby accelerating their "learning curve." Additionally, detailed methodology guides are included in the product documentation to walk the user through workflows and approaches for common analyses, such as network capacity planning.
The Virtual Network Data Server component of Cisco NPS is integrated with the production network and management environment, and requires thoughtful planning, some assessment and configuration of target data sources to enable integration, custom configuration of the Virtual Network Data Server, and subsequent validation of the end-to-end workflow. Troubleshooting is often required to resolve unanticipated issues that result from target devices or network management platforms not being configured properly, device credentials being inaccurate, source data being unreliable, etc.
Cisco NPS requires professional services to accelerate solution deployment. Engagements vary depending on the scope and complexity of the target network and data sources, but are typically two to four weeks long. These services are priced, contracted, and delivered separately.
For more information about the Cisco Network Planning Solution, visit http://www.cisco.com/en/US/products/ps6363/index.html or contact your local account representative at Cisco Systems® or netwrk-ap-mktg@cisco.com.
