The F-Script – Now on GitHub

A while back I posted about my “f-script”, a tool that reads device configurations and extracts IP/subnet information so that it can quickly and easily queried to find where an IP might exist on the network, and what else is on the same subnet.

I was also lucky enough to take part in an early episode of Ivan Pepelnjak’s “Software Gone Wild” podcast where I talked about network automation and in particular, the f-script. In that podcast I promised that I would put the f-script up on GitHub once I had the time to clean it up a little and remove things that tied it to a particular environment.

At the end of 2014 I finally uploaded the scripts, and you are now in the lucky position of being able to laugh at how badly it’s written (and really, it is) or, better still, to help me improve it by submitting your own edits. Bear in mind that this started off as a hack (“I’ll do it like this just to prove that it can work”) and as with so many temporary solutions, ended up never being rewritten “properly”. Still, it works and has been pretty Continue reading

Big Switch Is Getting Bigger. Much Bigger.

Cool news today from BigSwitch who have taken some big steps forward with their rather awesome Big Cloud Fabric (BCF) solution.

Building on the existing features of BCF 2.0 that was announced last July (see my post on the BCF launch for more details), version 2.5 adds some pretty good new features and a surprise partner.

BCF 2.5 New Features

VMWare vCenter Support

BCF now supports VMWare vCenter. BigSwitch sees an Ethernet fabric as a complementary technology to VMWare’s NSX, not a competitor; very wisely they would like to be the underlay while NSX provides the overlay. The BCF controller integrates right into vCenter so that network configuration can be automated with the virtual environment, and the controller provides a single interface to the entire fabric.

CloudStack / OpenStack

The original BCF supported OpenStack. BCF 2.5 now has more elements of OpenStack (Juno) support and adds CloudStack support. With this and the vCenter integration, BCF has positioned itself quite nicely for full server and switch automation.

Brite Box Switching?

My first question when I heard about this was “What on earth is Brite Box switching?” It turns out that somebody somewhere coined the phrase Continue reading

Netscreen Packet Capture – Snoop

I’ve worked with Netscreens for a few years now, starting with ScreenOS version 5.x, and when troubleshooting I had always been pointed towards debug flow as the way to see what was going on. I suspect many of you have also been taught:

• clear db
• debug flow basic
• (wait for packets you wanted to capture)
• undebug all
• get db stream (to view output)

This is definitely helpful for rule debugging but for simple packet capture is a bit over the top, which is where the snoop command comes in.

Snoop

To be clear, snoop won’t tell you anything about what decisions the firewall made about the packets, but it’s a simple way to see the actual traffic. Here’s an example of the output produced by snoop:

19944926.0: ethernet2/1(o) len=206:0010dbff2070->00005e000101/8100/0800, tag 1872
              1.4.63.82 -> 1.15.18.27/17
              vhl=45, tos=00, id=13096, frag=0000, ttl=64 tlen=188
              udp:ports 500->500, len=168
              00 00 5e 00 00 01 00 10 db a1 27 a1 81 00 07 50     ..^........p....
              08 00 45 00 00 bc 33 28 00 00 40 11 b6 18 01 04     ..E...3([email protected]
              3f 52 01 0e 12 1b 01 f4 01 f4 00  Continue reading

OpenGear at Interop – Introducing the CM7100

During my all too brief visit to Interop in New York last year, I did a quick tour of the expo hall to see if there were any interesting products around. I followed Greg Ferro’s suggestion which, to paraphrase, is to seek out the booths around the edge of the show in preference to the huge booths in the middle of the floor, because the small booths around the outside are more likely to be the startups with interesting products.

Towards the end of my “small booth” tour, I bumped into some familiar faces at the Opengear booth. I first heard of OpenGear at Networking Field Day 4 where they impressed me with the flexibility of their console server products, though to call the products “console servers” rather understates some of the product capabilities which can include RPS control, TTL I/O, GPS and 3G cellular capabilities. If you haven’t seen these products before I would encourage you to look at some of my other posts about OpenGear.

OpenGear CM7100

New for OpenGear at Interop was their CM7100 Console Server.

There’s not a lot going on on the front panel of the device, but as you’d probably expect, the back panel Continue reading

That HP SDN App Store

December 2014 found me in Barcelona as a guest of HP at the “HP Discover” event. Nominally I went to see what was up in the world of networking, but as you can imagine with the breadth of products that HP produces, I found myself looking at all sorts of things. I’ll cover a few fun things in other posts, but I’ll start with a bit of networking because, well, this is MovingPackets after all.

HP SDN App Store

I mentioned the HP SDN App Store in a previous post about HP Openflow. One of the fears I raised was how an App Store would work in terms of support. Talking to a contact at HP made things a little clearer, and there’s actually quite a nice – and perhaps obvious – support plan for the Apps you can download. Effectively, there are three tiers of supported applications as I understand it, and a glance at the App Store shows that these are now called “Apps Circles”:

1. App Circle 1: Apps that HP develops. These have full support direct from HP, as they are HP products, effectively.
2. App Circle 2: Apps that are developed by HP AllianceOne partners Continue reading

Welcome to MovingPackets.NET!

Welcome to my new home! If you’ve come over here because you used to read my drivel on LameJournal, then thank you! If you’re a new visitor, you are very welcome and I hope you choose to subscribe by RSS or Email so you can get notified of new posts.

MovingPackets.net is the new name for LameJournal. All the networking and computer-related content from LameJournal has been duplicated here at MovingPackets, but the photography content is gone and I’ll attempt to stay focused on things related to moving packets around as I post here going forward.

I have a new site theme, and with the new name as well, things are still likely to change a bit here visually (I have no logo yet for example). Still, there’s no time like the present so I decided to launch the site and I’ll tweak things as we go along with the aim of making the content more easily accessible. I hope you like my new home; it’s going to take a while before it feels comfortable!

Thanks for stopping in at MovingPackets.

John.

If you liked this post, please do click through to the source at Welcome to MovingPackets.NET! and give me a share/like. Thank you!

MovingPackets.NET – The New Name for LameJournal

I’ve been quiet lately, mostly because I’ve been horribly busy but also in part because I’ve been thinking that it’s about time to rebrand LameJournal to something that better reflects the content. And to that end, MovingPackets.net has been born. All the … Continue reading →

If you liked this post, please do click through to the source at MovingPackets.NET – The New Name for LameJournal and give me a share/like. Thank you!

30 Blogs in 30 Days – Lessons Learned

So with some triumph and minor exhaustion, I completed Etherealmind’s 30 Blogs in 30 Days challenge; but so what? Does it change anything? Do I get a prize? Here’s what I learned. 30 Blogs in 30 Days As a reminder, … Continue reading →

If you liked this post, please do click through to the source at 30 Blogs in 30 Days – Lessons Learned and give me a share/like. Thank you!

30 Blogs in 30 Days – Lessons Learned

So with some triumph and minor exhaustion, I completed Etherealmind’s 30 Blogs in 30 Days challenge; but so what? Does it change anything? Do I get a prize?

Here’s what I learned.

30 Blogs in 30 Days

As a reminder, I started this challenge on October 16 and posted every day from then until November 16 (actually just over 30 days, but who is counting). I found the process quite interesting, so I decided to share a few things that struck me along the way.

Write It Down

It sounds obvious, but if you’re a blogger, how many times have you thought to yourself “Oooh, such and such would make a good blog post,” then when you have a chance to write some content you go blank on what this great topic was? I have this happen a lot. Trying to create one blog post a day meant that forgetting posts topics was not a luxury I could afford to have if I wanted to avoid staring at my screen for hours. I had to start keeping a Notes file open on my phone, occasionally took an audio note, and kept an iCloud-synced “Ideas for Blog” file in MultiMarkdown Composer. I found Continue reading

Viva España – Heading to HP Discover

It’s ironic to end the 30 day challenge by not posting for a short while, but what can I say? I’ve been very busy! Today I’m traveling to Barcelona to attend the HP Discover 2014 Barcelona event as a guest … Continue reading →

If you liked this post, please do click through to the source at Viva España – Heading to HP Discover and give me a share/like. Thank you!

Viva España – Heading to HP Discover

It’s ironic to end the 30 day challenge by not posting for a short while, but what can I say? I’ve been very busy! Today I’m traveling to Barcelona to attend the HP Discover 2014 Barcelona event as a guest of HP’s Independent Blogger Programme. It looks like HP will be keeping us busy while we’re there, so I would predict quite a few posts coming out of this trip in the near future and I’m looking forwarding to hearing more about what HP is up to.

In early October I posted about HP’s SDN Mojo and OpenFlow deployment at Interop after they presented to us as part of Tech Field Day Extra. In that post I was impressed that HP had moved from talk to action as regards OpenFlow. I wonder what else HP has up its sleeves?

Do take a moment to check out HP Discover Barcelona 2014 and look at the Content Catalog. If nothing else, check out the SDN sessions in the content catalog. Hopefully that link will take you directly to the right results; there are some interesting sessions on that topic alone.

Like other events, HP will also be streaming some content live for Continue reading

See Schprokits Dance! Demo of Unreleased Code

My second “Secret Sunday” post back in August introduced Schprokits, a company founded by Jeremy Schulman, previously the Director of Network Automation at Juniper. I was truly flattered when Jeremy invited me to be part of a small team testing … Continue reading →

If you liked this post, please do click through to the source at See Schprokits Dance! Demo of Unreleased Code and give me a share/like. Thank you!

See Schprokits Dance! Demo of Unreleased Code

My second “Secret Sunday” post back in August introduced Schprokits, a company founded by Jeremy Schulman, previously the Director of Network Automation at Juniper.

I was truly flattered when Jeremy invited me to be part of a small team testing early Schprokits code (and trust me, I am way outclassed by the rest of the testers!), and having had a chance to try out what is probably only a small proportion of the code, I thought I would take the opportunity to share some early impressions of the software.

TLDR: I’m having fun!

What Is Schprokits?

The Schprokits website says that it is “Inspired By DevOps. Built For NetOps.” Jeremy is trying to take the principals behind DevOps and apply them to something that’s usable by people who don’t program every day but want to automate their networks nonetheless. And so it does. Schprokits “coding” is based around Workbooks and those workbooks contain a number of Actions. Workbooks are written in YAML which is probably one of the easier formats to learn as it’s very human-readable. In case you haven’t seen YAML before, what do you think is going on in the code below?

  actions:
    - info:  Continue reading

Secret Sunday – Greg Ferro

Just over a month ago I accepted Etherealmind’s “30 Blogs in 30 Days Challenge”, and this Friday I ‘m pleased to say that I completed the challenge without missing a day. It seems appropriate then that I should use today’s Secret Sunday … Continue reading →

If you liked this post, please do click through to the source at Secret Sunday – Greg Ferro and give me a share/like. Thank you!

Secret Sunday – Greg Ferro

Just over a month ago I accepted Etherealmind’s “30 Blogs in 30 Days Challenge”, and this Friday I ‘m pleased to say that I completed the challenge without missing a day. It seems appropriate then that I should use today’s Secret Sunday to give a shout out to the man behind the mission, Greg Ferro (aka Etherealmind).

In some ways it feels like cheating to include Greg because he’s unlikely to be a new discovery for anybody reading my blog, but credit is due where it’s due; you can’t argue that Greg does not give back to the networking community. His Etherealmind website has a huge following and a wealth of content written over a number of years. He’s a co-host of the PacketPushers podcasts, generating hundreds of podcasts dedicated to the networking industry. He has written three books that he has published on LeanPub and has a fourth on the way, co-authored with the venerable Brent Salisbury.

Greg is never short of an opinion, and I suspect that one of the reasons for his large following is that he isn’t afraid to go out there and let you know what he thinks, even if “you” are a vendor, and what Continue reading

Infuriating Inconsistent Interfaces; F5 on the stand.

Ok, it’s another f5 post and if you’re not using f5 you might think this is irrelevant to you. However, I beg you to read on because the issue I’m describing today has a relationship to SDN and network automation, … Continue reading →

If you liked this post, please do click through to the source at Infuriating Inconsistent Interfaces; F5 on the stand. and give me a share/like. Thank you!

Infuriating Inconsistent Interfaces; F5 on the stand.

Ok, it’s another f5 post and if you’re not using f5 you might think this is irrelevant to you. However, I beg you to read on because the issue I’m describing today has a relationship to SDN and network automation, and why they are such a pain to do in so many cases.

f5 SSL Profiles

The day began simply enough: news had broken about the “Poodle” SSLv3 vulnerability, and like the majority of network and server nerds we needed to disable or block SSLv3 as quickly as possible in order to remove that particular attack vector. My job was to look at the f5 load balancers, and to do so I realized that I needed to understand what SSL we had out there, and I’d also need to determine the exact change I would be making.

I wrote a couple of scripts to analyze our f5 configurations, and soon enough I had a spreadsheet showing all the SSL client profiles that were in use on each load balancer. It’s important, at this point, to understand how the f5 configures SSL profiles. Fundamentally, a custom profile inherits all of its settings from a “parent” profile, unless you specifically choose to Continue reading

Cisco ISR: Enable Features, No Performance Hit?

Last month I visited Interop NYC 2014 as a guest of Tech Field Day Extra! where our group was given a presentation about the new Cisco ISR routers by Matt Bolick, a Technical Marketing Engineer for Cisco. The Integrated Service … Continue reading →

If you liked this post, please do click through to the source at Cisco ISR: Enable Features, No Performance Hit? and give me a share/like. Thank you!

Cisco ISR: Enable Features, No Performance Hit?

Last month I visited Interop NYC 2014 as a guest of Tech Field Day Extra! where our group was given a presentation about the new Cisco ISR routers by Matt Bolick, a Technical Marketing Engineer for Cisco.

The Integrated Service Routers (ISRs) themselves seem pretty feature packed, covering four key areas:

• Transport independence (DMVPN)
• Intelligent Path Control (PfR v3)
• Application Optimization (WAN optimization, ADC and WAAS)
• Secure Connectivity (Scalable, strong encryption, IPS, web filtering, etc.)

Rather than reinvent the wheel, Matt explained that the idea was to use existing protocols in a useful new way; in this case in particular to offer secure hybrid transport across MPLS and Internet for private cloud and DC access, probably ultimately moving to just Internet connectivity base on the shift Cisco has seen in how corporations see their branch offices (and specifically how much they want to reduce costs!).

So far so cool, but I figure you can look up all the specifications and features for yourselves so I won’t bore you with much more of that here. There was something else that tickled me though.

ISR Performance Figures

The new routers have some interesting performance claims:

• 4321 = 50–100 Mbps
• 4331 Continue reading

Scary Poodle: Quickly Checking Websites for SSLv3

Weird looking poodle, right? *coughs* With the recent SSLv3 Poodle vulnerability being disclosed, there has been a rush to disable SSLv3. But if you manage quite a few web sites, how can you quickly check whether or not you are … Continue reading →

If you liked this post, please do click through to the source at Scary Poodle: Quickly Checking Websites for SSLv3 and give me a share/like. Thank you!