Denise "Fish" Fishburne

Author Archives: Denise "Fish" Fishburne

Understanding the BGP Table Version (3 part Blog Series)

The BGP Table Version is the most unknown and unexplained BGP concept/value that I rarely ever troubleshoot without. Seriously, I cannot imagine troubleshooting BGP without understanding the BGP table version.  I always “eyeball” it at the very least when I’m... Read More ›

The post Understanding the BGP Table Version (3 part Blog Series) appeared first on Networking with FISH.

Verify Your Segmentation is Working with Stealthwatch

Network segmentation…. air gap segmentation… the names go on and on.  But no matter what you call it, you designed it and deployed it for a reason.  Likely a very good reason.  Potentially even a reason with fines and consequences should the segmentation not work.  So once you deploy it…. what then?  Just trust it is working and will always stay working?

 Trust, But Verify

I admit I am likely viewed as boringly logical when it comes to the network.  It just doesn’t seem logical to me to spend so many hours in the design and the deploy phase and then just trust that it is working.   

Don’t just trust.  Verify. 

Use whatever tool you want.  Just please… know what is really going on in your network.  Know reality.   

In this blog I’m going to show you how you can use Stealthwatch to get visibility into what is REALLY going on in your networking in reference to your segmentation.  

How can Stealthwatch tell you if your segmentation is working or not?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If Continue reading

Find Rogue DNS Servers in your Network with Stealthwatch

Rogue DNS kinda reminds of me of a crime scene show I saw once.  The killer was hijacking the GPS mapping system in the rental cars of their victims.

Imagine that who you think is your valid DNS server actually isn’t.  Yeah… i know – scary.   …. If you are not familiar with the term “Rogue DNS” … maybe you might know the exposure via other terms like DNS hijacking or DNS redirection to name just a few.

In this blog I’m not going to teach about what Rogue DNS… DNS hijacking… or DNS redirection. Nor am I going to talk about solutions like OpenDNS (Cisco’s Umbrella).  I’m going to just show you how you can use Stealthwatch to get visibility into what is REALLY going on in your network in reference to DNS.  We are going to cover 2 situations where having a tool like Stealthwatch could help you with your DNS.

  1. Finding Rogue DNS
  2. DNS Server Cutover:  Checking Reality before Decommissioning DNS Servers

How does Stealthwatch do this?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If there are rogue DNS in your network and your end devices are Continue reading

The Case of the Missing LDP Neighbor

R1 and R2 are cabled up twice to each other via their gig0/0/1 interfaces and their gig0/0/7 interfaces. Each connection is in its own subnet, and each interface configured for OSPF and MPLS.  But while we have 2 OSPF neighbors between them… we only have 1 LDP neighbor.

R1#show mpls int
Interface   IP        Tunnel    BGP Static Operational
Gi0/0/1   Yes (ldp)     No       No  No     Yes
Gi0/0/7   Yes (ldp)     No       No  No     Yes
R1#

So as you can see from the output of show mpls interface, gig0/0/1 and gig0/0/7 are both configured for MPLS LDP.  Why then if we look below do we see only 1 MPLS LDP neighbor between them?  

What is the problem?  Actually… in this situation there isn’t a problem.  This is actually expected behavior.

R1#sh mpls ldp neighbor
    Peer LDP Ident: 10.100.100.2:0; Local LDP Ident 10.100.100.1:0
    TCP connection: 10.100.100.2.22592 - 10.100.100.1.646
    State: Oper; Msgs sent/rcvd: 184/184; Downstream
    Up time: 02:32:11
    LDP discovery sources:
      GigabitEthernet0/0/1, Src IP addr: 10.1.1.2
      GigabitEthernet0/0/7, Src IP addr: 10.1.7.2
        Addresses bound to peer LDP Ident:
           Continue reading

Knowledge of the “Truths in Your Network” is KEY

I am a huge believer in “knowledge is key”.  Yeah… I know… just reading that statement you are probably saying “well yeah… duh”.

Of course knowledge is key… duh, Fish!  We know that!  We love knowledge.  We are knowledge seekers and we love to learn!  I mean… if we didn’t love learning and knowledge why would we be reading this?   Okay… got it.  You love knowledge.  You want to grow your knowledge.   I hear you.  You are basically saying… bring on the knowledge… max the setting!   Got it.

So you most likely extend that desire for knowledge to most of the areas in your life.

For example….

  • Buying a House:  When buying a house you want the knowledge you can get by hiring a subject matter expert to walk thru the entirety of the house and inspect it.  You want knowledge of the truths of that house.
  • Hiring a Financial Advisor: When hiring a financial advisor you just go and “bare all” in reference to your financial situation so they can review every nuance of it.   You want knowledge of the truths of your finances.

Let’s Continue reading

Stealthwatch: The “Network Detective Command Console”

Stealthwatch, to me, is like having a Network Detective working in my very own network!  I truly love Stealthwatch and I am playing with every chance I can get.

Disclaimer:   I do not get commissions from you buying Stealthwatch nor am I part of the Cisco Business Unit for Stealthwatch.  I just really honestly and for realsies super love it.

I tossed together a ~31 minute YouTube.  Obviously you can watch the entire thing.  Or… here you go for the big sections.

Setting Up Addressing and Routing: FTDv Fun

In my previous blog (Fun in the Lab: FTDv & FMC – Install and Deploy) we deployed a FMC VM and a FTDv VM and ended the blog with the FTDv successfully added to the FMC.

Now?  Now let’s add IP addressing for the FTDv and also set up routing protocol neighbor relationships.  I learned what I am about to show you from my co-worker and friend, Keith Brister.  So don’t thank me, thank Keith.  ?

I tossed together a ~29 minute YouTube.  Obviously you can watch the entire thing.  Or… here you go for the big sections.

Done and Done.  Easy Peasy!

 

Fun in the Lab: FTDv & FMC – Install and Deploy

This is my Stealthwatch playground…. errrr… I mean … ahem… “work environment” for a Technical Solution Workshop I am working on for Stealthwatch.

Going to set up FTDv and FMC today.  A co-worker and friend, Scott Barasch, helped me get jump started… so figure I’ll pass on what I just learned to you. ?

What this blog will cover is

  1. DEPLOY
    1. Deploying the OVF for FTDv
    2. Deploying the OVF for FMC
  2. VMware settings
    1. Tweak for FTDv
    2. Tweak for FMC
  3. Prepping to Power On
    1. Snapshot Both Before Power On
    2. Power Both On
  4. Setup via Console
    1. FMC – console in and setup IP address
    2. FTDv – console in and step thru the prompts
  5. Test IP Connectivity
    1. Ping FMC and FTDv from the PC
    2. Notice Can’t ping FTDv
    3. Fix
    4. Ping
  6. Browse into FMC
    1. Change password
    2. Setup DNS
    3. Setup NTP
    4. Accept EULA
    5. Apply
  7. LICENSING
    1. License FMC
  8. FMC/FTDv: Make the Connection
    1. FTDv – Point FTDv to FMC
    2. FMC – bring the FTDv into the fold.  ?

 

So let’s begin.  What I have to host my FMC & FTDv VMs is a UCS M4 with a NIC connected to a Cat4948 in vlan 1.  That NIC is tied to vSwitch0 in the UCS. Continue reading

Hello There! :) Update from the FishBowl

June 28th… wow…. lol… my last blog out here was June 28th!  Too funny!  So where have I been and what have I been doing?

Well June was CiscoLive in the beginning and then SharkFest at the end.  I think i hit some “being social” limit and became a hermit for most of July and August.  Then 2 weeks of vacation for the first 2 weeks of September.  Two full weeks.  It was AWESOME!  Then Florence came to visit… ?  She hung around for a little while.  Like one of those visitors who come stay with you at your house and just won’t leave.    Oh.. and then breaking a finger September 15th and struggling to type for the rest of the month.

Hello!  I’m BACK! 

And I have REALLY missed being here!  At the same time… that break was REALLY needed!  ?   Awesome summer with the wife and family!  Woot woot!  Work hard… play hard!

So what am I up to?  Stealthwatch Baby!  Woot woot!  Been with Cisco for 22 years and I have NEVER loved a product and a GUI so Continue reading

1 2 3 4 8