1. Direct IPSec for smaller implementations for simplicity.  Nearly any firewall and many sub-$1000 routers will accomplish this.  Fastest failover to backup hub gateway can be achieved here in under 2 seconds.  This is the quick-and-dirty lowest-cost option.  As usual, such solutions can grow hard to manage and troubleshoot.

2. Multiple IPSec tunnels with GRE for improved reliability and redundancy.  Routers become the main option here unless another device is introduced to handle the IPSec termination only.  Per-tunnel QoS is one feature unique here.  Multicast support is introduced at this level.

3.  Dynamic Multipoint VPN uses GRE, NHRP, IPSec and an IGP to further improve resilience and scalability.  Full mesh and minimal spoke configurations are significant advantages. I’ve heard of DMVPN with hundreds of spokes on sub-$2k routers and the headend running a $5k router.  Let me know of other scalable solutions you like!

I’ve heard of DMVPN with hundreds of spokes on sub-$2k routers and the headend running a $5k router.  Let me know of other scalable solutions you like!

Cisco VFrame DC offers a rich middleware platform to orchestrate the provisioning of VMware ESX Server in a quick, easy, consistent, and repeatable manner. Cisco VFrame DC will integrate with VMware VI3 to automate the provisioning of stateless, network-based ESX Server images onto a utility pool of Intel and AMD processor based servers.

Cisco VFrame Data Center manages the external dependencies VI3 does not address. It orchestrates the configuration of all the services downstream from the hypervisor

More consolidation means maturing technology and increased meaningful competition. Is this enough for these guys to join Cisco, Riverbed, and Juniper? The big 3 in WAN Optimization have thorough solutions using hardware at both ends of the WAN. I’ve always seen Blue Coat and Packeteer as the leaders in a single-end caching, scanning, and prioritizing solution. While this does get them unique technologies, I don’t see it helping them branch out into a more complete solution. Even with Packeteer’s SkyX very-late-to-market solution. I guess if you liked their solutions before, you will even more now. And you’d only need to buy a handful of boxes.  I guess that’s why they are now the largest at 35% of that market!

context name
 allocate-interface vlan vlan or range
 member resource-class-name

The resource controls are defined at its most basic by placing a percentage cap on usage of all system resources by using the all keyword for type and setting max equal-to-min.

resource-class name
 limit-resource type minimum percent maximum {equal-to-min|unlimited}    

Other resource types can be controlled individually with keywords “acl-memory, buffer , conc-connections, mgmt-connections, proxy-connections, rate {bandwidth | connections | inpsect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog}, regexp, sticky, and xlates.

 It is best to keep the “Admin” context only for definining system management and resources.  ACE comes with 5 contexts and can be licensed for more.  Up to 100 resource classes may be configured.

Brian Tracy says this is one of  his favorite techniques in The Power of Clarity. He calls this “Zero-based Thinking”.

• Ask a successful acquaintance.
• Read.  Read more. Preferably nonfiction or periodicals you’d never ordinarily pick up.
• Consider the opposite course of action.
• Third-person thinking; how would a reasonable neutral party assess a situation?