How Valuable Is Your Time?
The last couple of days, there have been a lot of tweets with messages like “You need to work tons of overtime in your 20’s to be successful in your career”. There have been also been plenty of counters to these tweets.
This kind of logic is seriously seriously flawed, and bad bad advice. As readers of this blog, you would know that I always talk about tradeoffs. Firstly though, let’s talk about blindly following others footsteps. If I do everything Russ White does, do I become as smart as Russ White? Of course not. If I do everything Warren Buffet does, do I become as rich? Of course not. If I do everything Ivan Pepelnjak does, will I become as experienced as him? Of course not. There are many many paths that can lead to success, whatever that is, and they are not always straight.
So, following in someone’s footsteps does not equal success. Therefore, blindly following advice about working your ass in your 20’s does not hold any real value. What about doing what successful people do? Some successful people wake up early, some do a lot of reading, some exercise a lot. Will you trying to repeat Continue reading
Choosing SD-WAN Vendor – Have You Found the Tradeoff?
When I studied for my CCDE, I had the good fortune of receiving mentoring from Russ White. Something he taught me, that I really took to heart, is that in every design and choice you make, there is a tradeoff.
If you haven’t found the tradeoff, you haven’t looked hard enough.
From a SD-WAN perspective, in selecting your vendor of choice, what does that mean?
SD-WAN vendors, for a loose definition of SD-WAN, come mainly from three different camps:
- Router vendor
- Firewall vendor
- WAN optimization vendor
There are also vendors that were born in the SD-WAN era and have no previous background.
Cisco of course, through the acquisition of Viptela, bought a company that was very strong in routing, control- and data plane design. A solution designed by Architects/Engineers with profound experience of large scale networking, from large enterprises and service providers. Viptela was born in the SD-WAN era, with no legacy platforms or products to take into consideration. With the background of Viptela, this means that this is a SD-WAN product where the main strength is on routing, separation of control- and data plane, and the flexibility of the product. Other vendors with the same background will also likely Continue reading
How Difficult is SD-WAN?
In a recent Packet Pushers Heavy Networking episode, Ethan and Greg discussed how difficult SD-WAN is, and why you shouldn’t outsource your SD-WAN to a MSP. So, how difficult is really SD-WAN?
Now, this is of course going to depend on your organization’s level of skill, as well as what vendor you go with, but there are still some conclusions that we can come to.
Most of the SD-WAN solutions are operated by cloud-hosted SDN controllers, where the vendor has setup the virtual machines running the software for you. This greatly simplifies a lot of things that have been painful in the past. From a Cisco perspective, this is some of the pain that has been removed from you:
- Controllers – Controllers are installed for you and backed up by Cisco
- Software – Software is managed centrally, don’t need to login to each device to update it
- Traffic engineering – Can modify routing behavior without being an expert in say BGP
- Certificates – Only devices with a valid certificate can join the overlay, you don’t need your own Public Key Infrastructure (PKI)
- Pre Shared Keys (PSK) – Keys used for IPSec are rotated automatically without manual intervention
This means Continue reading
When Is Something SD-WAN?
A couple of days ago, I wrote on LinkedIn asking you what a SD-WAN solution should consist of.
https://www.linkedin.com/posts/danieldib_sdn-sdwan-wan-activity-6583614108971655168-BH8x
The post was meant to create a discussion and there were a lot of great answers. Some of the features are “must have” and some of them are “nice to have”. I’m not claiming to have all of the answers but here are some of my thoughts on the topic.
Automated VPN – There should be a mechanism to help you build the IPSec tunnels. You should not have to configure them manually. Traditionally, we often used something like DMVPN to build the tunnels for us. Consider the following:
- How are devices onboarded? Who can join the overlay?
- Are tunnels built using certificates or pre-shared key?
- How often are keys rotated? If at all
- How do you prevent a stolen router from joining the overlay?
Separation of control- and data plane – This one is debatable but there should a mechanism to influence topology of the overlay, and routing of the edge devices, using a central mechanism. With DMVPN, we had the ability to do Hub & Spoke or fully meshed, but there was no granular control. We could Continue reading
Impostor Syndrome and Loser DNA
Most of you are probably already familiar with impostor syndrome. Wikipedia defines it as:
Despite external evidence of their competence, those experiencing this phenomenon remain convinced that they are frauds, and do not deserve all they have achieved. Individuals with impostorism incorrectly attribute their success to luck, or as a result of deceiving others into thinking they are more intelligent than they perceive themselves to be.
Basically, it’s the feeling that you don’t really know how things work and one day you’ll get caught, your lies will be exposed, and the world will come crashing down.
Let me let you in on a secret, all people has likely felt as an impostor at times. Even the people you look up to the most. Lately, there has been a lot of tweets and blog posts on impostor syndrome, and that is great. Raising awareness is the first step. However, not many people are saying what to do about it or how to prevent you from developing a “loser DNA”. What is loser DNA?
My Friend Nick Russo wrote about it after listening to Gary Vaynerchuck. Loser DNA is when you compare yourself to others that are, at least according to you, a lot more advanced Continue reading
The Tale of the Mysterious Traceroute
If you follow me on Twitter ( https://twitter.com/danieldibswe), you know I have been doing a lot of SD-WAN lately and I recently built my own lab. In this lab, I wanted to try a feature known as service chaining. What is service chaining? It’s a method of sending traffic through one or more services, such as a firewall, before the traffic takes the “normal” path towards its destination.
Before we dive deeper in, let me show the topology in use:
When I tested this feature, the data plane was working perfectly but my traceroute looked very strange. The traceroute was also not finishing.
root@B1-S1:/# traceroute 10.1.2.10 traceroute to 10.1.2.10 (10.1.2.10), 30 hops max, 60 byte packets 1 10.1.1.1 (10.1.1.1) 6.951 ms 36.355 ms 39.604 ms 2 10.1.0.2 (10.1.0.2) 11.775 ms 15.047 ms 15.535 ms 3 10.0.0.18 (10.0.0.18) 28.540 ms 28.538 ms 28.532 ms 4 10.1.2.10 (10.1.2.10) 41.748 ms 41.746 ms 41.736 Continue reading
Major Updates to Cisco Certifications Part IIII (CCIE)
The CCIE, now 25 years old, has always been the pinnacle of Cisco certifications. There has been a lot of buzz on the importance of certs, and the CCIE, in the “new” era. For that reason, it’s more important than ever that the CCIE gets updated and stays current.
With Cisco’s new announcements, what is changing with the CCIE?
The first thing to mention, for those that already have a CCIE, is that the recert cycle is now being changed to match the other certs such as CCNA and CCNP, so that the recert cycle is 3 years. This means that the suspended status is gone. The cert is now valid for 3 years and there is no suspended status. This means that you need to keep track of your date because there is no “grace period”, after 3 years, if you miss to recert, you’re out! This also means that effective 24 February 2020, if you are still active or suspended, you get an extra year “for free” and you will be a active CCIE to your new expiration date.
Because the recert cycle is now 3 years, you will need to get 120 CE credits instead of 100, Continue reading
Major Updates to Cisco Certifications Part III (CCNP)
What is changing for CCNP? And why?
Some of the problems that existed in the current CCNP were:
- No way of showing progress until you took all 3 exams and became CCNP certified, usually a 1+ year commitment
- Needed to pass CCNA before being able to become CCNP certified
- The certification wasn’t modular and it was a lot of work to update the certification
- Difficult to stay current with new technologies
Effective 24 February 2020, it will be possible to jump in at CCNP level, meaning that you don’t need to be CCNA certified to become a CCNP.
Instead of taking 3 exams, only 2 exams are needed, one Core exam and one concentration exam. You can take them in any order and you can also keep taking concentration exams to show you have skills in newer technologies such as SD-WAN. These concentration exams will show as badges.
Because the certification is now more modular, it will be easier to keep the certification up to date and to update it as technologies evolve and new ones come to the fore.
Another change is that the RS and Wireless track are now merged into CCNP Enterprise where the Core exam is Continue reading
Major Updates to Cisco Certifications Part II (CCNA)
Let’s go more into depth what the new updates really mean. We will start by analyzing the CCNA. As I described in the previous post, gone are the days of having 11 different tracks, instead there is 1 exam. Why?
Take a second to think about what you expect from a Junior Network Engineer, that is after all what a CCNA is expected to be. I, probably Russ White, and many other with me, would argue that what is important at any level, but certainly as a junior, is to understand the fundamentals well. That is to know binary, subnetting, supernetting, basic TCP/IP, basic routing and switching, a little about wireless, a little about security. You don’t need to specialize at a junior level. Many athletes do several sports until they have to pick one and studies have shown that this is often has a positive effect compared to focusing on a single one too soon.
The change in the CCNA is therefore to better align with the expected job role of a CCNA. What domains are being tested? The domains being tested are:
- Network Fundamentals
- Network Access
- IP Connectivity
- IP Services
- Security Fundamentals
- Automation and Programmability
The blueprint can Continue reading
Major Updates to Cisco Certifications
As you most likely will have seen, Cisco is “rebooting” their certifications to better align with what is expected of the future work force. As I’ve been busy with Cisco Live, I’m only now starting to write these posts. I’m expecting to write a couple of them rather than writing one LONG one.
As a member of the CCIE Advisory Council, I’ve been in the loop for a while and I truly believe these changes are for the better. We’ve tried to do what is best for people that are certified or looking to get certified. There will certainly be corner cases or questions that need answers, but we have done our best to leave noone behind.
This first post will look at what is changing at a high level and then we can dive deeper into the different certifications in the coming posts.
DevNet certifications – There has been some training on automation and even some exams, but no real certifications. This is all changing now. There will be corresponding DevNet certifications for CCNA, CCNP and in the future, CCIE. This offers more career paths within the Cisco world. I will cover the DevNet certifications in a future post.
Lessons Learned in Cloud Networking – AWS vs Azure
I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:
Cloud networking is easy! – Not necessarily so. I’ll explain more.
We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.
This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.
System Routes
Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading
Interview with Joe Onisick
With this blog, I try to inspire and mentor. One person I have a lot of respect for is Joe Onisick. I had the pleasure of interviewing Joe. Joe has really transformed himself and everything about him lately and I thought it would be nice to give you readers some more insight to his journey. Here is Joe’s story:
Q: Hi Joe, welcome to the blog! Please give the readers a short introduction of yourself.
A: I’m a technology executive who’s been in the field for 23 years, with the exception of a five-year break to serve as a US Marine. I started in network/email administration and have spent most of my career in the data center space on all aspects of delivering data center resources, up to IaaS and private-cloud.
Q: Many people probably know you best from your time at Cisco, working for the Insieme BU, responsible for coming up with ACI. What was your time at Cisco like? How were you as a person at that time?
A: I joined a startup called Insieme Networks that was in the early stages of developing what became Cisco ACI and Nexus 9000. When the product was ready to launch, Continue reading
SDN Ate My Hamster
I posted a Tweet the other day which gained a lot of attention in the networking community:
As SDN gains more traction, people start fearing for their jobs. Some jobs will decrease in demand and some will disappear entirely. However, we can’t stop progress just to keep those jobs hanging around. In the Twitter thread I made what could be seen as an elitist comment:
If you are replaceable by a script or controller, you were never a Network Engineer to begin with.
This was not meant to insult anyone, but rather be a wake-up call. If the only value you provide to the business is that you deploy templates someone else created, configure VLANs on a trunk, or can trace a flapping MAC in the network, you need to reskill and find ways of providing more value. This is not about Junior vs Senior. It’s Continue reading
Vendor Lock-in – Is It Really That Bad?!
In today’s IT infrastructure, open source software is a common component. Many organizations and network engineers stay away from certain architectures and products citing vendor lock-in as their only argument but often lack the understanding to why they think vendor lock-in is a problem. Let me explain.
There are lock-ins of different forms. For example if you are buying MPLS VPN service from a SP, you are somewhat locked in to their offering and pricing. I see at least three types of different lock-in:
Vendor lock-in – This is the one that everyone is familiar in. It means that the vendor has a solution that is proprietary, perhaps using proprietary management or routing protocols so that it can’t interact with solutions from other vendors.
Tools lock-in – This may or may not be as much of a lock-in as vendor lock-in, but when an organization has invested enough time, money and manpower into a specific toolset, it’s difficult to move to other tooling.
People lock-in – An often oversighted form of lock-in. Depending on architecture, toolset and so on, your organization may need a certain type of engineers to work on the network. These may be difficult to find which Continue reading
SD-WAN – Glorified DMVPN?
I had an interesting discussion with Jon Cooper in the Network Collective Slack. The discussion was around SD-WAN. We were discussing if SD-WAN is just a “glorified DMVPN” or if it’s something more than that. Note that this was a bit tongue in cheek comment from Jon but it’s interesting for the sake of discussion.
To compare the two, let’s look at some of the design and operational challenges of running a DMVPN.
Physical design – How many Hub routers do you need? In a DMVPN, the Hub router is a special type of device that is responsible for mapping the underlay IP address to the overlay IP address. If a Hub needs to be added, this Next Hop Server (NHS) needs to be added to the spokes. With Cisco SD-WAN, this is handled by the vBond which is a virtual machine running in a public cloud. Adding a device is simple as the WAN edge routers use a hostname (DNS) to ask for the IP of the vBond. This means that the physical design is less rigid.
Logical design – In a DMVPN, you need to decide on the number of DMVPN clouds. Do you do a single cloud Continue reading
Cisco IT Blog Awards Finalist
I’m proud to announce that I’ve been selected as a finalist in the Cisco IT Blog Awards in the “most inspirational” category.
I’m happy to be in this category as I hope that my posts here have inspired others to learn about design, architecture and to have an open mindset towards technology.
If you want to vote for me, you can do that here. Thanks for your support!
The post Cisco IT Blog Awards Finalist appeared first on Daniels Networking Blog.
Do I Need a WAN?
In the latest Network Break, Network Break 213 from Packet Pushers, they discussed some of the latest news in networking, such as Amazon Outpost. With the rise of SaaS applications, the questions was also raised, do I even need a WAN?
Let’s assume you are running Office365. Your e-mail and office application is in the cloud. You are using Salesforce for your CRM. You ERP is also cloud-hosted. You’ve moved pretty much all of your previously internal apps to the cloud. Do you still need a WAN? I would argue yes. Considering all the applications mentioned previously have been moved, what do we still have left?
All though we’ve been talking about paperless societies for ages, have you ever seen an office environment without a printer? Neither have I. Your printers likely need to reach a print server. Do you have Active Directory? Would you be comfortable putting it entirely in the cloud? How do you provision PC images? Do you use something like SCCM? Do you have lighting, doors, larms etc that are connected to the network? Are all of your stored files in the cloud? Probably not depending on how sensitive they are. Do your offices Continue reading
Passed AWS Solutions Architect Associate
Hi,
Yesterday I took the AWS Solutions Architect Associate and passed it which means I’m now certified. I started studying for this exam around the August time frame. I had wanted to get some exposure to public cloud to broaden my skill set and AWS was the natural one to go after first considering their dominant position on the market. My goal is to do the networking specialty in order to know all of the networking products inside of AWS. I also have a project I’m working on now in AWS which helps with both motivation, knowledge and hands-on experience.
So, what was the exam like?
I don’t know if it was pure shock at first but I felt very uneasy in the beginning of the exam. The questions I got felt very different to the material and questions I had based my studies on. After a while I felt a bit better but it was still a tough exam for me. I had to really think through all of my answers and only a couple of questions, mostly the ones on networking, I felt confident answering immediately. The exam did feel balanced though covering a broad range of topics Continue reading
The Road to Success – Not Always Straight
A lot of people look to me for mentoring and advice. When you see someone in the industry having success, it’s easy to think that they know it all and never have any setbacks, that their career was a straight path to success from day one. When I look at someone like Ivan Pepelnjak, a person I have a tremendous respect for, I imagine him knowing it all from day one. Of course, in reality, he had to learn it the hard way like the rest of us.
A couple of days ago I thought about writing a little about my background. To show people that it’s normal to have some bumps in your career and that success is not achieved overnight.
When I think back of my career so far, there’s two or three things that really bother me and where I had to learn some hard lessons.
When I was done with upper secondary school, I was SO tired of school. I had no motivation. My grades were mediocre. I didn’t know what I wanted to do with my life. All I knew was that I had an interest in IT and that I was going to go Continue reading
Introducing Network4dev
Intro
Some of you may have heard it through the grapevine but it’s time to make my plans known. I have founded a new website called Network4dev which has been setup by my friend Cristian Sirbu.
What is it?
Network4dev is a web site about networking mainly for people that are developers, systems administrators or that spend most of their time working on applications. The goal is to provide short, concise and to the point articles on different networking topics. The articles will stay at a technical level suitable for someone that is not mainly into networking.
Why?
In todays IT infrastructures it’s important to break down silos. We in networking must understand a bit about compute, storage, virtualization, applications and automation. It is equally important for someone working with applications to understand a bit about networking.
For people in networking learning about apps and automation, there are many initiatives such as Devnet, but there isn’t much available for a people working with apps to learn about networking. Most of the networking content out there is aimed for people in networking (naturally). I don’t expect a person not in networking to go after for example the CCNA or to read Continue reading