0

When Is Something SD-WAN?

A couple of days ago, I wrote on LinkedIn asking you what a SD-WAN solution should consist of.

https://www.linkedin.com/posts/danieldib_sdn-sdwan-wan-activity-6583614108971655168-BH8x

The post was meant to create a discussion and there were a lot of great answers. Some of the features are “must have” and some of them are “nice to have”. I’m not claiming to have all of the answers but here are some of my thoughts on the topic.

Automated VPN – There should be a mechanism to help you build the IPSec tunnels. You should not have to configure them manually. Traditionally, we often used something like DMVPN to build the tunnels for us. Consider the following:

• How are devices onboarded? Who can join the overlay?
• Are tunnels built using certificates or pre-shared key?
• How often are keys rotated? If at all
• How do you prevent a stolen router from joining the overlay?

Separation of control- and data plane – This one is debatable but there should a mechanism to influence topology of the overlay, and routing of the edge devices, using a central mechanism. With DMVPN, we had the ability to do Hub & Spoke or fully meshed, but there was no granular control. We could Continue reading

0

Impostor Syndrome and Loser DNA

Most of you are probably already familiar with impostor syndrome. Wikipedia defines it as:

Despite external evidence of their competence, those experiencing this phenomenon remain convinced that they are frauds, and do not deserve all they have achieved. Individuals with impostorism incorrectly attribute their success to luck, or as a result of deceiving others into thinking they are more intelligent than they perceive themselves to be.

Basically, it’s the feeling that you don’t really know how things work and one day you’ll get caught, your lies will be exposed, and the world will come crashing down.

Let me let you in on a secret, all people has likely felt as an impostor at times. Even the people you look up to the most. Lately, there has been a lot of tweets and blog posts on impostor syndrome, and that is great. Raising awareness is the first step. However, not many people are saying what to do about it or how to prevent you from developing a “loser DNA”. What is loser DNA?

My Friend Nick Russo wrote about it after listening to Gary Vaynerchuck. Loser DNA is when you compare yourself to others that are, at least according to you, a lot more advanced Continue reading

0

The Tale of the Mysterious Traceroute

If you follow me on Twitter ( https://twitter.com/danieldibswe), you know I have been doing a lot of SD-WAN lately and I recently built my own lab. In this lab, I wanted to try a feature known as service chaining. What is service chaining? It’s a method of sending traffic through one or more services, such as a firewall, before the traffic takes the “normal” path towards its destination.

Before we dive deeper in, let me show the topology in use:

When I tested this feature, the data plane was working perfectly but my traceroute looked very strange. The traceroute was also not finishing.

root@B1-S1:/# traceroute 10.1.2.10
traceroute to 10.1.2.10 (10.1.2.10), 30 hops max, 60 byte packets
 1  10.1.1.1 (10.1.1.1)  6.951 ms  36.355 ms  39.604 ms
 2  10.1.0.2 (10.1.0.2)  11.775 ms  15.047 ms  15.535 ms
 3  10.0.0.18 (10.0.0.18)  28.540 ms  28.538 ms  28.532 ms
 4  10.1.2.10 (10.1.2.10)  41.748 ms  41.746 ms  41.736  Continue reading

0

Major Updates to Cisco Certifications Part IIII (CCIE)

The CCIE, now 25 years old, has always been the pinnacle of Cisco certifications. There has been a lot of buzz on the importance of certs, and the CCIE, in the “new” era. For that reason, it’s more important than ever that the CCIE gets updated and stays current.

With Cisco’s new announcements, what is changing with the CCIE?

The first thing to mention, for those that already have a CCIE, is that the recert cycle is now being changed to match the other certs such as CCNA and CCNP, so that the recert cycle is 3 years. This means that the suspended status is gone. The cert is now valid for 3 years and there is no suspended status. This means that you need to keep track of your date because there is no “grace period”, after 3 years, if you miss to recert, you’re out! This also means that effective 24 February 2020, if you are still active or suspended, you get an extra year “for free” and you will be a active CCIE to your new expiration date.

Because the recert cycle is now 3 years, you will need to get 120 CE credits instead of 100, Continue reading

0

Major Updates to Cisco Certifications Part III (CCNP)

What is changing for CCNP? And why?

Some of the problems that existed in the current CCNP were:

• No way of showing progress until you took all 3 exams and became CCNP certified, usually a 1+ year commitment
• Needed to pass CCNA before being able to become CCNP certified
• The certification wasn’t modular and it was a lot of work to update the certification
• Difficult to stay current with new technologies

Effective 24 February 2020, it will be possible to jump in at CCNP level, meaning that you don’t need to be CCNA certified to become a CCNP.

Instead of taking 3 exams, only 2 exams are needed, one Core exam and one concentration exam. You can take them in any order and you can also keep taking concentration exams to show you have skills in newer technologies such as SD-WAN. These concentration exams will show as badges.

Because the certification is now more modular, it will be easier to keep the certification up to date and to update it as technologies evolve and new ones come to the fore.

Another change is that the RS and Wireless track are now merged into CCNP Enterprise where the Core exam is Continue reading

0

Major Updates to Cisco Certifications Part II (CCNA)

Let’s go more into depth what the new updates really mean. We will start by analyzing the CCNA. As I described in the previous post, gone are the days of having 11 different tracks, instead there is 1 exam. Why?

Take a second to think about what you expect from a Junior Network Engineer, that is after all what a CCNA is expected to be. I, probably Russ White, and many other with me, would argue that what is important at any level, but certainly as a junior, is to understand the fundamentals well. That is to know binary, subnetting, supernetting, basic TCP/IP, basic routing and switching, a little about wireless, a little about security. You don’t need to specialize at a junior level. Many athletes do several sports until they have to pick one and studies have shown that this is often has a positive effect compared to focusing on a single one too soon.

The change in the CCNA is therefore to better align with the expected job role of a CCNA. What domains are being tested? The domains being tested are:

• Network Fundamentals
• Network Access
• IP Connectivity
• IP Services
• Security Fundamentals
• Automation and Programmability

The blueprint can Continue reading

0

Major Updates to Cisco Certifications

As you most likely will have seen, Cisco is “rebooting” their certifications to better align with what is expected of the future work force. As I’ve been busy with Cisco Live, I’m only now starting to write these posts. I’m expecting to write a couple of them rather than writing one LONG one.

As a member of the CCIE Advisory Council, I’ve been in the loop for a while and I truly believe these changes are for the better. We’ve tried to do what is best for people that are certified or looking to get certified. There will certainly be corner cases or questions that need answers, but we have done our best to leave noone behind.

This first post will look at what is changing at a high level and then we can dive deeper into the different certifications in the coming posts.

DevNet certifications – There has been some training on automation and even some exams, but no real certifications. This is all changing now. There will be corresponding DevNet certifications for CCNA, CCNP and in the future, CCIE. This offers more career paths within the Cisco world. I will cover the DevNet certifications in a future post.

Continue reading

0

Lessons Learned in Cloud Networking – AWS vs Azure

I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:

Cloud networking is easy! – Not necessarily so. I’ll explain more.

We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.

This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.

System Routes

Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading

0

Interview with Joe Onisick

With this blog, I try to inspire and mentor. One person I have a lot of respect for is Joe Onisick. I had the pleasure of interviewing Joe. Joe has really transformed himself and everything about him lately and I thought it would be nice to give you readers some more insight to his journey. Here is Joe’s story:

Q: Hi Joe, welcome to the blog! Please give the readers a short introduction of yourself.

A: I’m a technology executive who’s been in the field for 23 years, with the exception of a five-year break to serve as a US Marine. I started in network/email administration and have spent most of my career in the data center space on all aspects of delivering data center resources, up to IaaS and private-cloud.

Q: Many people probably know you best from your time at Cisco, working for the Insieme BU, responsible for coming up with ACI. What was your time at Cisco like? How were you as a person at that time?

A: I joined a startup called Insieme Networks that was in the early stages of developing what became Cisco ACI and Nexus 9000. When the product was ready to launch, Continue reading

0

SDN Ate My Hamster

I posted a Tweet the other day which gained a lot of attention in the networking community:

Can we as a community please stop spreading lies? No, the rise of #SDN does not mean networking goes away. Roles change but isn’t the network more important than ever? Did virtualization and cloud remove all Sysadmin jobs? And we still support broken apps. Reskill and flourish.

— Daniel Dib (@danieldibswe) February 3, 2019

As SDN gains more traction, people start fearing for their jobs. Some jobs will decrease in demand and some will disappear entirely. However, we can’t stop progress just to keep those jobs hanging around. In the Twitter thread I made what could be seen as an elitist comment:

If you are replaceable by a script or controller, you were never a Network Engineer to begin with.

This was not meant to insult anyone, but rather be a wake-up call. If the only value you provide to the business is that you deploy templates someone else created, configure VLANs on a trunk, or can trace a flapping MAC in the network, you need to reskill and find ways of providing more value. This is not about Junior vs Senior. It’s Continue reading

0

Vendor Lock-in – Is It Really That Bad?!

In today’s IT infrastructure, open source software is a common component. Many organizations and network engineers stay away from certain architectures and products citing vendor lock-in as their only argument but often lack the understanding to why they think vendor lock-in is a problem. Let me explain.

There are lock-ins of different forms. For example if you are buying MPLS VPN service from a SP, you are somewhat locked in to their offering and pricing. I see at least three types of different lock-in:

Vendor lock-in – This is the one that everyone is familiar in. It means that the vendor has a solution that is proprietary, perhaps using proprietary management or routing protocols so that it can’t interact with solutions from other vendors.

Tools lock-in – This may or may not be as much of a lock-in as vendor lock-in, but when an organization has invested enough time, money and manpower into a specific toolset, it’s difficult to move to other tooling.

People lock-in – An often oversighted form of lock-in. Depending on architecture, toolset and so on, your organization may need a certain type of engineers to work on the network. These may be difficult to find which Continue reading

0

SD-WAN – Glorified DMVPN?

I had an interesting discussion with Jon Cooper in the Network Collective Slack. The discussion was around SD-WAN. We were discussing if SD-WAN is just a “glorified DMVPN” or if it’s something more than that. Note that this was a bit tongue in cheek comment from Jon but it’s interesting for the sake of discussion.

To compare the two, let’s look at some of the design and operational challenges of running a DMVPN.

Physical design – How many Hub routers do you need? In a DMVPN, the Hub router is a special type of device that is responsible for mapping the underlay IP address to the overlay IP address. If a Hub needs to be added, this Next Hop Server (NHS) needs to be added to the spokes. With Cisco SD-WAN, this is handled by the vBond which is a virtual machine running in a public cloud. Adding a device is simple as the WAN edge routers use a hostname (DNS) to ask for the IP of the vBond. This means that the physical design is less rigid.

Logical design – In a DMVPN, you need to decide on the number of DMVPN clouds. Do you do a single cloud Continue reading

0

Cisco IT Blog Awards Finalist

I’m proud to announce that I’ve been selected as a finalist in the Cisco IT Blog Awards in the “most inspirational” category.

I’m happy to be in this category as I hope that my posts here have inspired others to learn about design, architecture and to have an open mindset towards technology.

If you want to vote for me, you can do that here. Thanks for your support!

The post Cisco IT Blog Awards Finalist appeared first on Daniels Networking Blog.

0

Do I Need a WAN?

In the latest Network Break, Network Break 213 from Packet Pushers, they discussed some of the latest news in networking, such as Amazon Outpost. With the rise of SaaS applications, the questions was also raised, do I even need a WAN?

Let’s assume you are running Office365. Your e-mail and office application is in the cloud. You are using Salesforce for your CRM. You ERP is also cloud-hosted. You’ve moved pretty much all of your previously internal apps to the cloud. Do you still need a WAN? I would argue yes. Considering all the applications mentioned previously have been moved, what do we still have left?

All though we’ve been talking about paperless societies for ages, have you ever seen an office environment without a printer? Neither have I. Your printers likely need to reach a print server.  Do you have Active Directory? Would you be comfortable putting it entirely in the cloud? How do you provision PC images? Do you use something like SCCM? Do you have lighting, doors, larms etc that are connected to the network? Are all of your stored files in the cloud? Probably not depending on how sensitive they are. Do your offices Continue reading

0

Passed AWS Solutions Architect Associate

Hi,

Yesterday I took the AWS Solutions Architect Associate and passed it which means I’m now certified. I started studying for this exam around the August time frame. I had wanted to get some exposure to public cloud to broaden my skill set and AWS was the natural one to go after first considering their dominant position on the market. My goal is to do the networking specialty in order to know all of the networking products inside of AWS. I also have a project I’m working on now in AWS which helps with both motivation, knowledge and hands-on experience.

So, what was the exam like?

I don’t know if it was pure shock at first but I felt very uneasy in the beginning of the exam. The questions I got felt very different to the material and questions I had based my studies on. After a while I felt a bit better but it was still a tough exam for me. I had to really think through all of my answers and only a couple of questions, mostly the ones on networking, I felt confident answering immediately. The exam did feel balanced though covering a broad range of topics Continue reading

0

The Road to Success – Not Always Straight

A lot of people look to me for mentoring and advice. When you see someone in the industry having success, it’s easy to think that they know it all and never have any setbacks, that their career was a straight path to success from day one. When I look at someone like Ivan Pepelnjak, a person I have a tremendous respect for, I imagine him knowing it all from day one. Of course, in reality, he had to learn it the hard way like the rest of us.

A couple of days ago I thought about writing a little about my background. To show people that it’s normal to have some bumps in your career and that success is not achieved overnight.

When I think back of my career so far, there’s two or three things that really bother me and where I had to learn some hard lessons.

When I was done with upper secondary school, I was SO tired of school. I had no motivation. My grades were mediocre. I didn’t know what I wanted to do with my life. All I knew was that I had an interest in IT and that I was going to go Continue reading

0

Introducing Network4dev

Intro

Some of you may have heard it through the grapevine but it’s time to make my plans known. I have founded a new website called Network4dev which has been setup by my friend Cristian Sirbu.

What is it?

Network4dev is a web site about networking mainly for people that are developers, systems administrators or that spend most of their time working on applications. The goal is to provide short, concise and to the point articles on different networking topics. The articles will stay at a technical level suitable for someone that is not mainly into networking.

Why?

In todays IT infrastructures it’s important to break down silos. We in networking must understand a bit about compute, storage, virtualization, applications and automation. It is equally important for someone working with applications to understand a bit about networking.

For people in networking learning about apps and automation, there are many initiatives such as Devnet, but there isn’t much available for a people working with apps to learn about networking. Most of the networking content out there is aimed for people in networking (naturally). I don’t expect a person not in networking to go after for example the CCNA or to read Continue reading

0

Networking in the Cloud – Different but the Same

Networking in the cloud is impressive. Building redundant internet access is as easy as attaching an internet gateway (IGW) to your VPC. In an on-premises network we would have to build VLANs, subnets, IGPs, possibly HSRP and BGP etc. This holds true for many of the services in the cloud.

I’ve seen statements as “The networking team is going away because everyone is moving to the cloud”. “The networking team is going away because webscaler/startup company X networking team is only Y number of people”. This is like comparing apples to ostridges. I call BS. Why?

Networking in the cloud is relatively easy when you can leverage the standard services available, which is not always the case. It’s relatively easy because people are in the beginning of their cloud journey. They have one or a couple of VPCs. If they really move a major part of their app stack to the cloud, networking won’t be so easy. Let’s think about some examples.

In the cloud you can provision resources into different subnets, meaning different availability zones. This leads to a very high availability but it’s not enough. To build a really resilient service you need to be in different regions. Continue reading

0

Snowflake Networks

Snowflake networks, sounds like a good name for a network design company, but this is not what this post is about. Are you familiar with the concept of a snowflake network? This terminology comes from the notion that each snowflake is unique at a molecular level. In networking, many networks don’t look the same, so the term snowflake networks was coined.

Lately there’s been a lot of discussions on networks being snowflakes. Especially on some of the podcasts (you know which ones). What is being discussed is that we need to move away from designing networks that are complex, networks that are snowflakes. Every network is 95% the same and only the last 5% is unique. First, let me agree that snowflakes are bad. Personally I believe we should adhere to the following design tenets if possible:

Don’t use more complexity than needed
Use as much L3 as possible
No stretching of L2
Don’t use more protocols than needed
Don’t change default setting unless needed
Don’t “gold plate” the design
Don’t use “nerd knobs”

I think most of us, if not all, can agree that these tenets make sense when designing a network. So why do networks end up being Continue reading

0

CCIE Datacenter Updated to Version 2.1

Last year Cisco announced that they would revise their certifications more often and in smaller increments instead of doing only major revisions which had problems keeping up with the pace of the industry.

This is exactly what they are now doing to the CCIE Datacenter certification which is being updated from version 2.0 to 2.1.

The full list of changes can be seen in this link.

Some highlights of the change below:

• FabricPath is being removed
• ACI multipod and multi-site added
• Intersight is being added
• CloudCenter is being added
• vPath is being removed
• RISE is being removed
• UCS Central is being removed

It is clear that ACI and cloud are important going forward and some older technologies had to be removed to make room for the new additions. Seems like a good updated to me. I’m happy to see these minor revisions coming in instead of the major ones which usually only took place every four years or so.

The post CCIE Datacenter Updated to Version 2.1 appeared first on Daniels Networking Blog.