Category Archives: CCIE Security

Evolving Technologies – Northbound vs. Southbound Protocols

This is another post from my ongoing series here at AJSNetworking regarding Evolving Technologies. This addresses the Evolving Technologies section of the CCIE Written Exams. The complete list of topics and my previous posts can be found here:

Free Evolving Technologies Training!

I think the best way to get a handle on the location of the Northbound and Southbound protocols  is to actually see them in relation to the other components. Remember, when we say network programmability, you should think Software Defined Networking (SDN). Figure 1 below makes this clear:

 Figure 1Evolving

Notice the “Northbound” APIs (protocols) communicate between your network management station running its network apps and the SDN controller. The “Southbound” APIs occur between the controller and the actual network devices themselves.

Northbound APIs

For the Northbound APIs, Cisco likes to use REST-based APIs. What is a REST-based API? A REST API, or an API that is RESTful (adheres to the constraints of REST) follows six constraints:

  • Client-Server – exists to maximize the portability of server-side functions to other platforms. This means that completely different applications, even in different languages, can use the same functions in a REST API.
  • Stateless – all state is kept client-side. The server does not retain any record of client state; results in a much more efficient SDN controller
  • Caching – just like cookies in your web browser. It is a good idea for the client to maintain a local copy of information that is commonly used; this improves performance and scalability.
  • Layered System – a REST API must be built in a way that a client interacts with it’s neighbor and does not need to see “beyond” that neighbor.
  • Uniform Interface – no matter the information retrieved, the method by which it is presented is always consistent.
  • Code-on-Demand – to transmit working code inside an API call.

A REST API is often just a Web server that accepts HTTP POSTs, GETs. These requests typically contain standard elements like XML, JSON, SOAP, or others.

Southbound APIs

What is common for the Southbound APIs? Cisco loves to keep it simple with the Command Line Interface (CLI) and Simple Network Management Protocol (SNMP).

Certainly the most well-known Southbound API is OpenFlow, but obviously there are other options available and in development. The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to communicate with the switches and routers to install and make configuration changes. Lisp, also promoted by ONF, is available to support flow mapping. In addition, there are more established networking protocols finding ways to run in an SDN environment, such as OSPF, MPLS, BGP, and IS-IS.

Happy Holidays and IT Training!

Happy Holidays to all my faithful blog followers here at Thank you so much for another incredible year of fun and interesting comments and discussions regarding mainly IT Training. 🙂

IT Training

My Holiday gift to many of you this year is to finally get after my Free Evolving Technologies Training as I promised. This is that new section of every CCIE Written Exam that is causing great stress for many candidates. Stress not. I will do the hard work of finding the correct documentation and detailing it for you on every topic on this list!

Something else I will be doing more than ever per reader request is many more quizzes here at the site. These will run the gamut from Cisco to Juniper to Microsoft and more and will cover all levels of professional certification.

If you are interested in my non-free IT Training stuff 🙂 here is a run down of what I am currently working on this Holiday Season:

  • The Exam 70-698 Installing and Configuring Windows 10 Course for CBT Nuggets; this course features Nugget-based Hands On Labs so you can follow along with me in a Windows 10 Pro environment as you enjoy your IT Training! There are about 46 Nuggets complete and up there at the moment. The total course will be close to 80 Nuggets and completes around 1/13/2017. All of the Nuggets are uploaded by that date, it just takes some time for the video reviewers to watch and approve them.
  • Mastering Agile Project Management is most likely my next course for CBT Nuggets; then I will be looking to hit some key Router and Switch Technologies for you like QoS and Multicast and the like. These topics appear in more professional certifications than ever before (as they should) and there seems to be a drought of great training in these areas.
  • My CCENT ICND1 100-105 Exam Cram, 3rd Edition arrives in print on December 30, 2016 just in time for the new year! You will love this text. Keith Barker was the Tech Editor and we created a work of art here when it comes to your exam success. use the link at the bottom of this blog post for a nice discount on your order!
  • My CCNA Routing and Switching 200-125 Exam Cram, 5th Edition arrives in print on March 1, 2017 (or sooner). Again, Keith Barker helped me create an incredibly laser focused and concise guide to exam success.
  • My MCSA 70-740 Cert Guide: Installation, Storage, and Compute with Windows Server 2016 (Certification Guide) arrives in print around March 2017 and features critical and hard to find documentation on this exciting new Server Operating System from Microsoft. The goal in this text is to get you up and running in production data centers with the new OS, but also to ensure the exam is a manageable and pleasant experience! This can be a challenge when it comes to Microsoft Certs to say the least!

Thanks again for visiting my site – and of course – HAPPY HOLIDAYS!

The CCENT/ICND1 Exam Cram for 100-105icon

Port Security Basics



Catalyst switch port security is so often recommended. This is because of a couple of important points:

  • There are many attacks that are simple to carry out at Layer 2.
  • There tends to be a gross lack of security at Layer 2.
  • Port Security can guard against so many different types of attacks. Just a few to mention are MAC flooding, MAC spoofing, and rouge DHCP and APs.

There are often two main points that are confusing for engineers about this feature, however.

1.What is Sticky Learning and how does it work?

2.What is the difference between the different violation modes and how can I remember them?

Port Security Sticky Learning:

Sticky learning is a convenient way to set static MAC address mappings for MAC addresses that you allow on your network. What you do is confirm that the correct devices are connected to the appropriate switch ports. You then turn on sticky learning and the port security feature itself, for example:

switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security

Now what happens is the 2 MAC addresses for the two devices you trust (perhaps an IP Phone and a PC) are dynamically learned by the switch. The switch automatically writes static port security entries in the running configuration for those two devices. All you have to do is save the running configuration, and poof, you are now configured with the powerful static MAC port security feature.

Please note that it is easy to forget to actually turn on port security after setting the parameters. This is what the third line is doing in the configuration above. Always use your show port-security commands to confirm you remembered this important step of the process!

This post continues – be sure to click Read More below!

E-Book Deal of the Day!icon

Continue reading Port Security Basics