ddib

Author Archives: ddib

Key Factors in Attracting and Retaining Talent

Yesterday I posted a tweet on company culture that received a lot of positive feedback:

People thought this should be saved in a blog post, so this is it.

Company Culture

Do you want to attract and retain talent and high performers? Of course you do. Do you understand how to do that and are you willing to change your company culture?

Everything starts with culture. You may have heard the quote “Culture eats strategy for breakfast”, meaning that even the best stratety can’t compete with a company that has a great culture. Strategy without culture does not create success.

Gimmicks Are Not Culture

Most companies, such as the web scalers, often confuse gimmicks with culture. We have great company culture! We have ping pong tables, flipper games and even artists who play music for us! While these things can be entertaining, don’t mistake them for culture. Continue reading

Why I Have Almost Quit Podcasts

Fear Of Missing Out

People that know me know that I like to stay up to date on what’s going on in the industry, new technologies, and so on. Mostly this is because I have a passion for technology and for learning. However, there is almost certainly a part of me that also, as many people do, has the fear of missing out (FOMO). That is, you are afraid to get left behind so you keep sipping from the fire hose constantly, because you believe everyone else is doing the same.

So Much Content!

There are many many fine podcasts out there. I used to listen to Packet Pushers, Software Gone Wild, Talk Python to Me, Clear to Send, and many more. These shows are extremely good at producing content consistently. Unfortunately, that means that you have maybe 4-5h of content to consume each week. That’s too much for me.

It’s Not You, It’s Me

I’m a very analytical person. Both by nature, and in my job role as an Architect. My brain is constantly analyzing, thinking, trying to solve problems. This makes me very efficient, but it also adds stress, and can make it difficult to wind down. As Continue reading

CML-P – Why 20 Nodes Is Not Enough

Intro

Cisco recently announced that they are releasing CML-P, which is version two of the product formerly known as VIRL. First of all, I’ve seen the product demoed and helped with feedback on it, it looks stunning! The architecture looks great, it’s fully leveraging APIs and it’s an entirely different beast than VIRL. This is a great product and I want to see it succeed. Unfortunately, this product is never going to be as successful as it could be. Why?

CML-P

CML-P, where P stands for Private, supports a maximum of 20 nodes. This is supposed to be a differentiator to the the -E version, which is for enterprises that wish to run this product at larger scale, including support. First of all, I don’t agree that a node limit is the proper way to differentiate -P from -E. That can be done through support, training and other means.

CML-P Competition

CML-P’s competition is going to be GNS3 and EVE-NG. These are freely available, but also offer paid versions with a more advanced feature set. There is no node limit with these products. You can run as much as your server can handle. If CML-P is going to compete Continue reading

When do You Quit Certifications?

I received a question on Twitter from my friend Fernando on feedback on when to give up on certifications:

First of all, not everyone will agree that you even need certifications. That’s another discussion and I think there are not many reasons to avoid them entirely, but let’s assume that you already have certifications, when do you give up on them?

That is going to be a choice each person has to make, and it will depend on a number of factors, I think. Here are some that immediately come to mind:

  • How do you learn?
  • Current role
  • Bonus models
  • Future role
  • Number of years in the industry
  • Body of work
  • Are you well known in the industry?

What’s your method for learning a new skill? People use certifications differently but for me it’s about a guided learning path. I know roughly what to study to become decently skilled at a topic. For example, when I wanted to learn more about AWS and their networking, I decided to study for the AWS Solutions Architect Associate. For me, it’s motivating to Continue reading

Cisco to Offer Online Testing

Other vendors such as Juniper and AWS have already started doing it, now it’s Cisco’s turn to offer online testing. This is especially welcome in Covid times where it’s difficult to go visit an on-premises Pearson/Vue test center. Starting April 15, Cisco will offer remote testing and this means you can take your test any time, any day, around the year. Almost all of the written tests will be offered, including the DevNet ones! The CCDE is one of the excluded tests.

What is required to take the test online? There are some prerequisites:

  • Quiet, private location 
  • Reliable device with a webcam 
  • Strong Internet connection 
  • OnVUE software 
  • Government-issued identification

Your test will be proctored by an online proctor. Before the test starts, you will need to show your room, that there are no books or notes, that you are alone in the room and that you can close the room etc. As well that you are not wearing a watch or have access to a mobile phone. You will also need to provide a valid ID before starting the test. If you break any rules, you will of course not receive a passing score. You can find more information in Susie Wee’s Continue reading

My Cisco Certified DevNet Professional Journey, Part 2 by Nick Russo

On 27 February 2020, I took and passed the Automating Cisco Enterprise Solutions (ENAUTO) exam on my first attempt. This was the last exam I took that day, having taken DEVASC and DEVCOR in earlier. This exam was a bit different for a few reasons, which I’ll discuss shortly. Passing both DEVCOR and ENAUTO has earned me the Cisco Certified DevNet Professional certification. Like the other DevNet exams, it was fair and reasonably well-written.

I’ve been working with Cisco products for more than 10 years and earning Cisco certifications for about 8 years, and this was my first specialist exam. You can learn more about the ENAUTO exam here. About 40% of the exam is based on general programming principles and network automation techniques, most of which overlap nicely with DEVASC and DEVCOR. The remaining 60% is divided evenly between Cisco’s biggest three enterprise solutions: DNA Center, SD-WAN, and Meraki at 20% each.

Before attempting this exam, you should already have a DevNet Associate certification (not required) or comparable knowledge, plus at least 3 years of network automation experience. Those skills alone cover probably 30% of the blueprint. If you already passed the DEVCOR exam (or have comparable Continue reading

My Cisco Certified DevNet Professional Journey, Part 1 by Nick Russo

On 27 February 2020, I took and passed the Cisco Certified DevNet Professional Core (DEVCOR) exam on my first attempt. For those who like to memorize dates, yes, I did pass DEVASC and DEVCOR on the same day to cut down on trips to the test center. Like DEVASC, this exam was fair and all blueprint topics were appropriately represented. You can read about my DEVASC blog here (provide link to other blog).

I want to focus on what I did to succeed and less about the exam structure itself. You can learn more about the official certification here. This blog is focused primarily on the DEVCOR exam. Before talking about the exam, just know that you need to pass the core exam plus one concentration exam to earn the Cisco Certified DevNet Professional certification. I also passed the ENAUTO exam, which focuses on enterprise network automation. I’ll write about it in “part 2” later.

Before attempting this certification, you should already have a DevNet Associate certification (not required) or comparable knowledge, plus at least 3 years of software development/automation experience. The DEVCOR exam was no joke. It was harder than the CCIE RS and SP written exams, and about Continue reading

Virtual Conferences – Nice In Theory

As COVID-19 (Corona) has spread around the world, and while we can argue how serious that is, a lot of tech conferences have been cancelled, and rightfully so. Safety always comes first.

People have suggested that virtual conferences could be a replacement, but as I’ll explain in this blog, they can never really replace a standard conference, rather just be a complement.

First, let me just clear a couple of things:

  • Safety comes first, if the prize of safety is to cancel a tech conference, that’s a small prize to pay
  • We should generally try to travel less and replace some of the travel with the use of collaboration apps such as Webex, Zoom etc
  • There are virtual conferences, such as the PacketPushers VDC, that do work in a virtual format

The first challenge is that we are all in different time zones. When I go to Cisco Live in the US, I adjust to the US time. If I’m staying here in Sweden, I’m not going to stay up late to watch a stream coming from the US.

When you travel to a conference, you are away from work and family, you have dedicated that time to make the Continue reading

My Cisco Certified DevNet Associate Journey by Nick Russo

On 27 February 2020, I took and passed the Cisco Certified DevNet Associate (DEVASC) exam on my first attempt. TLDR; it was a well-structured and fair exam. I think it was my favorite Cisco exam of all time. It had clear questions, good depth, no off-blueprint curveballs, and a great measure of candidate skill. The distribution of questions was also in accordance with the blueprint topic weights.

I’m known for being a concise and high signal-to-noise blogger, so I won’t turn this into a blueprint exploration article. You can learn more about the official certification here. Instead, I’ll focus on how I prepared for this exam.

Above all else, you need to sign up for an account at Cisco DevNet. It’s 100% free and contains many excellent resources to help you learn software-related topics. This is more than just “network automation” as you’ll be exposed to software development techniques and strategies, too. While everything on DevNet is useful, I believe the following three resources are the most important for this exam. Learning the content and passing any DevNet exam would be almost impossible without them:

  1. Sandboxes: These are demo environments that learners can use for testing specific products and Continue reading

How Valuable Is Your Time?

The last couple of days, there have been a lot of tweets with messages like “You need to work tons of overtime in your 20’s to be successful in your career”. There have been also been plenty of counters to these tweets.

This kind of logic is seriously seriously flawed, and bad bad advice. As readers of this blog, you would know that I always talk about tradeoffs. Firstly though, let’s talk about blindly following others footsteps. If I do everything Russ White does, do I become as smart as Russ White? Of course not. If I do everything Warren Buffet does, do I become as rich? Of course not. If I do everything Ivan Pepelnjak does, will I become as experienced as him? Of course not. There are many many paths that can lead to success, whatever that is, and they are not always straight.

So, following in someone’s footsteps does not equal success. Therefore, blindly following advice about working your ass in your 20’s does not hold any real value. What about doing what successful people do? Some successful people wake up early, some do a lot of reading, some exercise a lot. Will you trying to repeat Continue reading

Choosing SD-WAN Vendor – Have You Found the Tradeoff?

When I studied for my CCDE, I had the good fortune of receiving mentoring from Russ White. Something he taught me, that I really took to heart, is that in every design and choice you make, there is a tradeoff.

If you haven’t found the tradeoff, you haven’t looked hard enough.

From a SD-WAN perspective, in selecting your vendor of choice, what does that mean?

SD-WAN vendors, for a loose definition of SD-WAN, come mainly from three different camps:

  • Router vendor
  • Firewall vendor
  • WAN optimization vendor

There are also vendors that were born in the SD-WAN era and have no previous background.

Cisco of course, through the acquisition of Viptela, bought a company that was very strong in routing, control- and data plane design. A solution designed by Architects/Engineers with profound experience of large scale networking, from large enterprises and service providers. Viptela was born in the SD-WAN era, with no legacy platforms or products to take into consideration. With the background of Viptela, this means that this is a SD-WAN product where the main strength is on routing, separation of control- and data plane, and the flexibility of the product. Other vendors with the same background will also likely Continue reading

How Difficult is SD-WAN?

In a recent Packet Pushers Heavy Networking episode, Ethan and Greg discussed how difficult SD-WAN is, and why you shouldn’t outsource your SD-WAN to a MSP. So, how difficult is really SD-WAN?

Now, this is of course going to depend on your organization’s level of skill, as well as what vendor you go with, but there are still some conclusions that we can come to.

Most of the SD-WAN solutions are operated by cloud-hosted SDN controllers, where the vendor has setup the virtual machines running the software for you. This greatly simplifies a lot of things that have been painful in the past. From a Cisco perspective, this is some of the pain that has been removed from you:

  • Controllers – Controllers are installed for you and backed up by Cisco
  • Software – Software is managed centrally, don’t need to login to each device to update it
  • Traffic engineering – Can modify routing behavior without being an expert in say BGP
  • Certificates – Only devices with a valid certificate can join the overlay, you don’t need your own Public Key Infrastructure (PKI)
  • Pre Shared Keys (PSK) – Keys used for IPSec are rotated automatically without manual intervention

This means Continue reading

When Is Something SD-WAN?

A couple of days ago, I wrote on LinkedIn asking you what a SD-WAN solution should consist of.

https://www.linkedin.com/posts/danieldib_sdn-sdwan-wan-activity-6583614108971655168-BH8x

The post was meant to create a discussion and there were a lot of great answers. Some of the features are “must have” and some of them are “nice to have”. I’m not claiming to have all of the answers but here are some of my thoughts on the topic.

Automated VPN – There should be a mechanism to help you build the IPSec tunnels. You should not have to configure them manually. Traditionally, we often used something like DMVPN to build the tunnels for us. Consider the following:

  • How are devices onboarded? Who can join the overlay?
  • Are tunnels built using certificates or pre-shared key?
  • How often are keys rotated? If at all
  • How do you prevent a stolen router from joining the overlay?

Separation of control- and data plane – This one is debatable but there should a mechanism to influence topology of the overlay, and routing of the edge devices, using a central mechanism. With DMVPN, we had the ability to do Hub & Spoke or fully meshed, but there was no granular control. We could Continue reading

Impostor Syndrome and Loser DNA

Most of you are probably already familiar with impostor syndrome. Wikipedia defines it as:

Despite external evidence of their competence, those experiencing this phenomenon remain convinced that they are frauds, and do not deserve all they have achieved. Individuals with impostorism incorrectly attribute their success to luck, or as a result of deceiving others into thinking they are more intelligent than they perceive themselves to be.

Basically, it’s the feeling that you don’t really know how things work and one day you’ll get caught, your lies will be exposed, and the world will come crashing down.

Let me let you in on a secret, all people has likely felt as an impostor at times. Even the people you look up to the most. Lately, there has been a lot of tweets and blog posts on impostor syndrome, and that is great. Raising awareness is the first step. However, not many people are saying what to do about it or how to prevent you from developing a “loser DNA”. What is loser DNA?

My Friend Nick Russo wrote about it after listening to Gary Vaynerchuck. Loser DNA is when you compare yourself to others that are, at least according to you, a lot more advanced Continue reading

The Tale of the Mysterious Traceroute

If you follow me on Twitter ( https://twitter.com/danieldibswe), you know I have been doing a lot of SD-WAN lately and I recently built my own lab. In this lab, I wanted to try a feature known as service chaining. What is service chaining? It’s a method of sending traffic through one or more services, such as a firewall, before the traffic takes the “normal” path towards its destination.

Before we dive deeper in, let me show the topology in use:

SD-WAN Topology

When I tested this feature, the data plane was working perfectly but my traceroute looked very strange. The traceroute was also not finishing.

root@B1-S1:/# traceroute 10.1.2.10
traceroute to 10.1.2.10 (10.1.2.10), 30 hops max, 60 byte packets
 1  10.1.1.1 (10.1.1.1)  6.951 ms  36.355 ms  39.604 ms
 2  10.1.0.2 (10.1.0.2)  11.775 ms  15.047 ms  15.535 ms
 3  10.0.0.18 (10.0.0.18)  28.540 ms  28.538 ms  28.532 ms
 4  10.1.2.10 (10.1.2.10)  41.748 ms  41.746 ms  41.736  Continue reading

Major Updates to Cisco Certifications Part IIII (CCIE)

The CCIE, now 25 years old, has always been the pinnacle of Cisco certifications. There has been a lot of buzz on the importance of certs, and the CCIE, in the “new” era. For that reason, it’s more important than ever that the CCIE gets updated and stays current.

With Cisco’s new announcements, what is changing with the CCIE?

The first thing to mention, for those that already have a CCIE, is that the recert cycle is now being changed to match the other certs such as CCNA and CCNP, so that the recert cycle is 3 years. This means that the suspended status is gone. The cert is now valid for 3 years and there is no suspended status. This means that you need to keep track of your date because there is no “grace period”, after 3 years, if you miss to recert, you’re out! This also means that effective 24 February 2020, if you are still active or suspended, you get an extra year “for free” and you will be a active CCIE to your new expiration date.

Because the recert cycle is now 3 years, you will need to get 120 CE credits instead of 100, Continue reading

Major Updates to Cisco Certifications Part III (CCNP)

What is changing for CCNP? And why?

Some of the problems that existed in the current CCNP were:

  • No way of showing progress until you took all 3 exams and became CCNP certified, usually a 1+ year commitment
  • Needed to pass CCNA before being able to become CCNP certified
  • The certification wasn’t modular and it was a lot of work to update the certification
  • Difficult to stay current with new technologies

Effective 24 February 2020, it will be possible to jump in at CCNP level, meaning that you don’t need to be CCNA certified to become a CCNP.

Instead of taking 3 exams, only 2 exams are needed, one Core exam and one concentration exam. You can take them in any order and you can also keep taking concentration exams to show you have skills in newer technologies such as SD-WAN. These concentration exams will show as badges.

Because the certification is now more modular, it will be easier to keep the certification up to date and to update it as technologies evolve and new ones come to the fore.

Another change is that the RS and Wireless track are now merged into CCNP Enterprise where the Core exam is Continue reading

Major Updates to Cisco Certifications Part II (CCNA)

Let’s go more into depth what the new updates really mean. We will start by analyzing the CCNA. As I described in the previous post, gone are the days of having 11 different tracks, instead there is 1 exam. Why?

Take a second to think about what you expect from a Junior Network Engineer, that is after all what a CCNA is expected to be. I, probably Russ White, and many other with me, would argue that what is important at any level, but certainly as a junior, is to understand the fundamentals well. That is to know binary, subnetting, supernetting, basic TCP/IP, basic routing and switching, a little about wireless, a little about security. You don’t need to specialize at a junior level. Many athletes do several sports until they have to pick one and studies have shown that this is often has a positive effect compared to focusing on a single one too soon.

The change in the CCNA is therefore to better align with the expected job role of a CCNA. What domains are being tested? The domains being tested are:

  • Network Fundamentals
  • Network Access
  • IP Connectivity
  • IP Services
  • Security Fundamentals
  • Automation and Programmability

The blueprint can Continue reading

Major Updates to Cisco Certifications

As you most likely will have seen, Cisco is “rebooting” their certifications to better align with what is expected of the future work force. As I’ve been busy with Cisco Live, I’m only now starting to write these posts. I’m expecting to write a couple of them rather than writing one LONG one.

As a member of the CCIE Advisory Council, I’ve been in the loop for a while and I truly believe these changes are for the better. We’ve tried to do what is best for people that are certified or looking to get certified. There will certainly be corner cases or questions that need answers, but we have done our best to leave noone behind.

This first post will look at what is changing at a high level and then we can dive deeper into the different certifications in the coming posts.

DevNet certifications – There has been some training on automation and even some exams, but no real certifications. This is all changing now. There will be corresponding DevNet certifications for CCNA, CCNP and in the future, CCIE. This offers more career paths within the Cisco world. I will cover the DevNet certifications in a future post.

Continue reading

Lessons Learned in Cloud Networking – AWS vs Azure

I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:

Cloud networking is easy! – Not necessarily so. I’ll explain more.

We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.

This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.

System Routes

Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading

1 5 6 7 8 9 12