The threat of ransomware has never been more pronounced than it is today? Financial institutions process more digital transactions today than at any point in human history. The potential for exploiting significant financial gains through disruptions in massive monetary markets is of paramount importance.
Prior to a 24-month period, ransomware and malware had been primary areas of focus for regulatory bodies.
2024 is poised to break another record year for the number of documented safety vulnerabilities, perpetuating the alarming rate of exponential growth in this trend. According to recent estimates, the number of publicly disclosed vulnerabilities (CVEs) this year has more than doubled since seven years ago, itself a significant increase over the figure from seven years prior.
As the threat landscape continues to evolve, financial institutions are increasingly expected to meet higher standards for mitigating security risks. To mitigate potential risks, it is essential to stay on top of software updates and patch requirements to address identified public vulnerabilities. Financial institutions face a daunting challenge between conflicting forces.
In recent years, the in-service software program options within the NX-OS product family have undergone a substantial enhancement. Pioneering the flexibility to perform stateful switchover and in-service software upgrades (ISSU) for twin supervisor configurations has long been a hallmark feature, but patching the standalone supervisor high of rack switches within the Nexus product line presented concerns that relied on network design to successfully execute ISSU. Tuning a community to quickly converge on nodes can inadvertently generate false positives within ISSU, necessitating the restart of the management plane. However, this notion has since been dispelled with the advent of multi-supervisor programs.
The latest options leverage advancements in technology to introduce a containerized, redundant “supervisor” that enables seamless failover of management planes within a latency of under one second.
Recently, I had the opportunity to examine the latest possibilities. Particularly, a lab for a fortune 50 buyer that wished to discover scale parameters beforehand unprecedented, together with a Vxlan material with 1300 Vteps (1100 lively in forwarding airplane), 90K mac, 90k IPv4, > 200 VRF, > 2000 vlans, > 128k IPv4 LPM routes, all lively within the knowledge airplane of the gadget, in a community with optimized routing timers with dwell overlay L3 visitors in a full mesh between 50 hosts throughout a multisite surroundings. The primary objective of the laboratory experiment was to identify anomalous readings and investigate the operational characteristics of devices under those conditions. The eISSU system performs well with this configuration when experiencing a surge in active users.
To investigate scale and explore possibilities, we conducted an Integrated Supply-Chain Simulation (ISSU) within the scaled environment on this platform. As marketed, the improve labored flawlessly, each time (we did it a number of instances), throughout MAJOR releases (10.4 -> 10.5). One notable impact was on our SSH sessions, which are designed not to fail over, a phenomenon also referred to as session hijacking – happily, this does not result in a failure.
There has been no occurrence of packet loss in either the Spirent full-mesh flows or ICMP packets. Within a remarkably swift 8 minutes, I managed to complete the task, encompassing creation of a secondary support structure, synchronization processes, preparatory work, and a momentary pause for sanity, followed by an impressively prompt failover sequence.
Following rigorous scale and cargo testing, the enhanced ISSU function operated flawlessly, demonstrating seamless sub-second management plane and administrative plane switching, with zero packet or management plane losses during a comprehensive software update.
These innovative solutions are precisely what the financial sector needs today.
To explore additional ways to apply what you’ve learned in your everyday environment, consider reaching out to your account team for guidance.
Share:
