Denise "Fish" Fishburne

Author Archives: Denise "Fish" Fishburne

Verify Your Segmentation is Working with Stealthwatch

Network segmentation…. air gap segmentation… the names go on and on.  But no matter what you call it, you designed it and deployed it for a reason.  Likely a very good reason.  Potentially even a reason with fines and consequences should the segmentation not work.  So once you deploy it…. what then?  Just trust it is working and will always stay working?

 Trust, But Verify

I admit I am likely viewed as boringly logical when it comes to the network.  It just doesn’t seem logical to me to spend so many hours in the design and the deploy phase and then just trust that it is working.   

Don’t just trust.  Verify. 

Use whatever tool you want.  Just please… know what is really going on in your network.  Know reality.   

In this blog I’m going to show you how you can use Stealthwatch to get visibility into what is REALLY going on in your networking in reference to your segmentation.  

How can Stealthwatch tell you if your segmentation is working or not?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If Continue reading

Find Rogue DNS Servers in your Network with Stealthwatch

Rogue DNS kinda reminds of me of a crime scene show I saw once.  The killer was hijacking the GPS mapping system in the rental cars of their victims.

Imagine that who you think is your valid DNS server actually isn’t.  Yeah… i know – scary.   …. If you are not familiar with the term “Rogue DNS” … maybe you might know the exposure via other terms like DNS hijacking or DNS redirection to name just a few.

In this blog I’m not going to teach about what Rogue DNS… DNS hijacking… or DNS redirection. Nor am I going to talk about solutions like OpenDNS (Cisco’s Umbrella).  I’m going to just show you how you can use Stealthwatch to get visibility into what is REALLY going on in your network in reference to DNS.  We are going to cover 2 situations where having a tool like Stealthwatch could help you with your DNS.

  1. Finding Rogue DNS
  2. DNS Server Cutover:  Checking Reality before Decommissioning DNS Servers

How does Stealthwatch do this?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If there are rogue DNS in your network and your end devices are Continue reading

The Case of the Missing LDP Neighbor

R1 and R2 are cabled up twice to each other via their gig0/0/1 interfaces and their gig0/0/7 interfaces. Each connection is in its own subnet, and each interface configured for OSPF and MPLS.  But while we have 2 OSPF neighbors between them… we only have 1 LDP neighbor.

R1#show mpls int
Interface IP Tunnel BGP Static Operational
Gi0/0/1 Yes (ldp) No No No Yes
Gi0/0/7 Yes (ldp) No No No Yes

So as you can see from the output of show mpls interface, gig0/0/1 and gig0/0/7 are both configured for MPLS LDP.  Why then if we look below do we see only 1 MPLS LDP neighbor between them?  

What is the problem?  Actually… in this situation there isn’t a problem.  This is actually expected behavior.

R1#sh mpls ldp neighbor
Peer LDP Ident:; Local LDP Ident
TCP connection: -
State: Oper; Msgs sent/rcvd: 184/184; Downstream
Up time: 02:32:11
LDP discovery sources:
GigabitEthernet0/0/1, Src IP addr:
GigabitEthernet0/0/7, Src IP addr:
Addresses bound to peer LDP Ident:
Continue reading

Troubleshooting Basic MPLS L3VPN – Part 2 – MPLS

Ready for part 2 of our Network Detective MPLS L3VPN Ride-Along?  In part 1 we were presented with the “Case of the Failed L3VPN Ping”.   We started, like any ping troubleshooting, on the IP subnets themselves – do they exist in the routing table?… are they being advertise? …. are the advertisements being received?   In part 1 we stayed focused on the knowledge of the IP addresses and stayed in the BGP… interviewed witnesses… gathered facts and followed clues.  We found a number of things not configured correctly and we fixed them.

And yet… while we fixed many things that needed to be fixed in the BGP…. we still couldn’t ping.

Ready to begin?  Grab your Network Detective badge and something to take notes with.  In this part 2 blog we will focus on the MPLS portion.

As we go along… continue to keep in your mind the Network Detective  Mantra “Be Prepared, Find the Suspects, Question the Suspects, Improve”

First Pass: Pick a PE and Check the Basics

Deja vu eh?  Weren’t we just here in the last blog?  Didn’t we “do” the first pass already? Why are we Continue reading

Troubleshooting Basic MPLS L3VPN – Part 1 – BGP

Time for a little more fun in the Network Detective series!   Today’s “Network Detective Ride-Along” will bring us into the config setup of someone very new to MPLS L3VPNs.

As we go along remember the Network Detective  Mantra “Be Prepared, Find the Suspects, Question the Suspects, Improve”

Ready to begin?  Grab your Network Detective badge and something to take notes with.  In this part 1 blog we will focus on the BGP and the routing.  🙂

The Symptom

So the symptom is pretty basic.  IP addresses that exist on the PEs inside VRF Customer1 cannot ping each other.

As a Network Detective we

  • Gather the Facts
  • Collect the Clues
  • Interview the Witnesses
  • Question the Suspects
  • Find out Who Done It

What is the difference between a “Fact” and a “Clue”?  Knowledge.  Knowledge that you need to build in the “Be Prepared: Knowledge is Key” portion.   Obviously, we have to have knowledge of how this is all supposed to work, so we can figure out what is not “right”.

First Pass: Pick a PE and Check the Basics

Like any good Detective, we need to start with the basics.  I usually pick Continue reading

Knowledge of the “Truths in Your Network” is KEY

I am a huge believer in “knowledge is key”.  Yeah… I know… just reading that statement you are probably saying “well yeah… duh”.

Of course knowledge is key… duh, Fish!  We know that!  We love knowledge.  We are knowledge seekers and we love to learn!  I mean… if we didn’t love learning and knowledge why would we be reading this?   Okay… got it.  You love knowledge.  You want to grow your knowledge.   I hear you.  You are basically saying… bring on the knowledge… max the setting!   Got it.

So you most likely extend that desire for knowledge to most of the areas in your life.

For example….

  • Buying a House:  When buying a house you want the knowledge you can get by hiring a subject matter expert to walk thru the entirety of the house and inspect it.  You want knowledge of the truths of that house.
  • Hiring a Financial Advisor: When hiring a financial advisor you just go and “bare all” in reference to your financial situation so they can review every nuance of it.   You want knowledge of the truths of your finances.

Let’s Continue reading

Stealthwatch: The “Network Detective Command Console”

Stealthwatch, to me, is like having a Network Detective working in my very own network!  I truly love Stealthwatch and I am playing with every chance I can get.

Disclaimer:   I do not get commissions from you buying Stealthwatch nor am I part of the Cisco Business Unit for Stealthwatch.  I just really honestly and for realsies super love it.

I tossed together a ~31 minute YouTube.  Obviously you can watch the entire thing.  Or… here you go for the big sections.

Setting Up Addressing and Routing: FTDv Fun

In my previous blog (Fun in the Lab: FTDv & FMC – Install and Deploy) we deployed a FMC VM and a FTDv VM and ended the blog with the FTDv successfully added to the FMC.

Now?  Now let’s add IP addressing for the FTDv and also set up routing protocol neighbor relationships.  I learned what I am about to show you from my co-worker and friend, Keith Brister.  So don’t thank me, thank Keith.  🙂

I tossed together a ~29 minute YouTube.  Obviously you can watch the entire thing.  Or… here you go for the big sections.

Done and Done.  Easy Peasy!


Fun in the Lab: FTDv & FMC – Install and Deploy

This is my Stealthwatch playground…. errrr… I mean … ahem… “work environment” for a Technical Solution Workshop I am working on for Stealthwatch.

Going to set up FTDv and FMC today.  A co-worker and friend, Scott Barasch, helped me get jump started… so figure I’ll pass on what I just learned to you. 🙂

What this blog will cover is

    1. Deploying the OVF for FTDv
    2. Deploying the OVF for FMC
  2. VMware settings
    1. Tweak for FTDv
    2. Tweak for FMC
  3. Prepping to Power On
    1. Snapshot Both Before Power On
    2. Power Both On
  4. Setup via Console
    1. FMC – console in and setup IP address
    2. FTDv – console in and step thru the prompts
  5. Test IP Connectivity
    1. Ping FMC and FTDv from the PC
    2. Notice Can’t ping FTDv
    3. Fix
    4. Ping
  6. Browse into FMC
    1. Change password
    2. Setup DNS
    3. Setup NTP
    4. Accept EULA
    5. Apply
    1. License FMC
  8. FMC/FTDv: Make the Connection
    1. FTDv – Point FTDv to FMC
    2. FMC – bring the FTDv into the fold.  🙂


So let’s begin.  What I have to host my FMC & FTDv VMs is a UCS M4 with a NIC connected to a Cat4948 in vlan 1.  That NIC is tied to vSwitch0 in the UCS. Continue reading

Hello There! :) Update from the FishBowl

June 28th… wow…. lol… my last blog out here was June 28th!  Too funny!  So where have I been and what have I been doing?

Well June was CiscoLive in the beginning and then SharkFest at the end.  I think i hit some “being social” limit and became a hermit for most of July and August.  Then 2 weeks of vacation for the first 2 weeks of September.  Two full weeks.  It was AWESOME!  Then Florence came to visit… 🙂  She hung around for a little while.  Like one of those visitors who come stay with you at your house and just won’t leave.    Oh.. and then breaking a finger September 15th and struggling to type for the rest of the month.

Hello!  I’m BACK! 

And I have REALLY missed being here!  At the same time… that break was REALLY needed!  🙂   Awesome summer with the wife and family!  Woot woot!  Work hard… play hard!

So what am I up to?  Stealthwatch Baby!  Woot woot!  Been with Cisco for 22 years and I have NEVER loved a product and a GUI so Continue reading

Techniques of a Network Detective: A New Series

Put your detective hat on your head and your Network Detective badge on your lapel.  Introducing a new blog series – Techniques of a Network Detective.  This series will focus on the detective work (troubleshooting side) of our jobs as network engineers.

For over 30 years I’ve been playing in the “world of IT”. During those years there have been a lot of changes in our world. But through all that change, there has been a thread, for me, that has always remained constant. A thread and a passion that always seemed to be with me in every job over all these years.


Being a “Network Detective” is much the same as being a regular detective in many ways.  As a Network Detective we get put on a “case” – the “Case of the Missing Packets” maybe.  We go to the crime scene and try to find answers so we can solve the “who done it”


When a “crime” happens you need to be right there interviewing the suspects, surveying the crime scene, asking the right questions.  Trying to quickly figure out what is happening, where it is happening, and why it Continue reading

SharkFest 2018!! Woot woot! So Excited!

On Saturday I leave North Carolina to head to Sunnyvale, California for…… (insert drumroll here)… SharkFest!  I’m am so pumped and excited!  I have wanted to attend SharkFest since 2009 when I first learned about it!  I’m finally going!  Woot woot!

It is not uncommon that I find myself having to explain what SharkFest is… even to diehard WireShark users and enthusiasts.  So let me take a step back and explain what SharkFest is.

What is SharkFest?

SharkFest™, launched in 2008, is a series of annual educational conferences staged in various parts of the globe and focused on sharing knowledge, experience and best practices among the Wireshark® developer and user communities.

SharkFest attendees hone their skills in the art of packet analysis by attending lecture and lab-based sessions delivered by the most seasoned experts in the industry. Wireshark core code contributors also gather during the conference days to enrich and evolve the tool to maintain its relevance in ensuring the productivity of modern networks.

Teehee.  So basically it is a major WireShark geek fest!!!!  And I am STOKED!  Who wouldn’t be?  Just look at the classes I’ve Continue reading

Network Detective Ride-Along: Troubleshooting Multicast

Grab your Network Detective badge!  It’s time for another Network Detective ride-along.  🙂   Multicast this time.

We need to solve the case of the missing Multicast streams.  ONLY 2 multicast streams ( and are getting thru to the hosts who requested them. The other 4 streams the same hosts requested are NOT getting thru.  Let’s go to the crime scene and review the facts.

Fact #1 – Host off of Cat9K-40 is sending IGMPv2 membership reports to join ASM groups, and
Fact #2 – Host off of Cat9K-50 is sending IGMPv3 membership reports to join SSM groups, and
Fact #3 – All multicast sources are off of Cat9k-10 in subnet They are sending the mcast for all 3 SSM groups and all 3 ASM groups
Fact #4 – Cat9K-20 is the Rendezvous Point (RP) for all 3 ASM groups

Any thoughts at first glance?  Time to go to the YouTube ride-along ~11 minute video!  Good luck!  Have fun!

Networking With Fish: YouTube Channel

Blogging, originally, was my go to and preferred method for sharing information to others – teaching, sharing, etc.  For a few corner case type things I found video (YouTube) to be a better tool for those specific items.  Recently, however, I am finding about half of my ideas of things I want to “pass on” to others… would be best (in my opinion) via video.

I’ve been trying to figure out and think about how best to have the two sharing tools – this blog site and the YouTube channel – best compliment each other.  So I have been experimenting with this.  What I have come up with that I like and works for me is the following…..

  • “Standalone Video” – If the YouTube is really a “standalone” and blogging with additional text around it here doesn’t “help” communicate what I’m trying to get across… then I won’t be blogging about it here.
  • “Video Series” – There will be series that will be building on each other – like the videos in the playlist “BGP Show and Tell: Beginners” and the playlist “Label Swapping Fun”.   Video series, I believe, would definitely benefit from larger big Continue reading

CiscoLive 2018: ‘Summer Camp for Geeks’

Are you ready for CiscoLive US 2018?  Ready for Summer Camp for Geeks?!    I think it is hard to truly be completely ready for the experience nowadays.  Why?  Because CiscoLive US is just huge with so many options of things to experience as an attendee…. more options than you have time for.  If you have been to CiscoLive US before… you KNOW this is true. And every year more and more …. and more and more … get added.  For 2018 my favorite CiscoLive add is the new ‘Content Cafe’ session type (30 minutes).  Other favorites of mine are the ‘Flip Sessions’ and the “Beers with Engineers”.  🙂

Deciding where to spend your time and energy during #CLUS can be overwhelming and daunting.

What is my absolute #1 suggestion to anyone going to a CiscoLive event?  Easy – “Begin with the End in Mind“.  Know what your priorities are and then schedule your week accordingly.


STEP #1: Create Your Cisco Live 2018 Priority List

Take your goals and translate them into a priority list.

STEP #2: Learn from the Past

If you have been to CiscoLive before… Continue reading

Resumes: “Begin with the End in Mind” – Musings from the FishBowl

I feel like I should go to some “Resume PTSD” meetings.. are there such things?  LOL.  I can imagine a dark room like they have in the movies for 12 step meetings.  Some podium up in the front where everyone has to tell their story.  The lead nods to me that it is my turn and I go up to the podium….

“Hello, my name is Fish, and I have Resume PTSD.  It all started for me one evening when I was 16 years old. I remember was in the family room of our house in Princeton, New Jersey… it was deep winter out so we had the fire in the fireplace going.  Dad walked across the room to sit by the fire… he put before him 2 stacks of resumes – one stack for people applying to be a Vice President and another stack for people applying to be a Lobby Ambassador and Admin.  I watched in appropriate 16 year old horror as he glanced at each piece of paper and within 5-10 seconds he decided if it went in the pile for definitely interview, or the pile for review resume again Continue reading

Woot Woot! 16 Weeks of Security Learning!! — SECURITY ZERO-TO-HERO

Just signed up last week for the Micronic’s “Security Zero-to-Hero” class. I am beyond stoked and excited!  I have been searching for awhile now for a class to take to help me really “go to the next level” in Security. But I just wasn’t finding the kind of class I was looking for. Every class I saw offered was either focused on one narrow aspect of the security landscape OR focused on helping people pass the CCIE Security.  Neither or which matched what I was searching for.

The class I was hoping to find would be structured more like a semester long college class with real world production discussions and also hands on labs. A class where … over weeks of learning and labbing in my personal time… the learning would just continue to seep deeper and deeper and the “aha” moments would just keep coming.  There were lots of one week classes to choose from. But, for me,  I just don’t see a one week class as a great “immersive” experience  into the complex landscape of the world of Security.  There is a “learning limit”, for me, as to how much my brain can retain Continue reading

Casting Call: Coming Soon to the NWF YouTube Channel

You know those times in life when you just know, in your heart of hearts, you are at the beginning of some incredible and life changing adventure?  Some new journey you will be embarking on that you know will be a watershed moment for you……. but you are still in the “seeing it” and “trying to figure it out” phase?   That phase where it feels like you almost cannot seem to keep up with the complex network of neurons firing in your brain.   The creativity starts and then a new idea comes along… neurons fire…. adrenaline rushes… you read something or someone says something…. and POW!…. ideas flood forward… and you get a few steps closer to clarity on that seeming elusive bigger picture still slowly taking shape.

The details are still forming… but the bigger picture is finally formed —   “Casting Call: Angling for Good Tech and Good Conversations”

Yes, you are right… I’m getting ahead of myself.

Okay… okay… let me slow down.

I will soon be launching a new video series on my Networking with Fish YouTube Channel.

Casting Call: Angling for Good Tech and Good Conversations”

It all started Continue reading

1 2 3 6