It’s ironic to end the 30 day challenge by not posting for a short while, but what can I say? I’ve been very busy! Today I’m traveling to Barcelona to attend the HP Discover 2014 Barcelona event as a guest of HP’s Independent Blogger Programme. It looks like HP will be keeping us busy while we’re there, so I would predict quite a few posts coming out of this trip in the near future and I’m looking forwarding to hearing more about what HP is up to.
In early October I posted about HP’s SDN Mojo and OpenFlow deployment at Interop after they presented to us as part of Tech Field Day Extra. In that post I was impressed that HP had moved from talk to action as regards OpenFlow. I wonder what else HP has up its sleeves?
Do take a moment to check out HP Discover Barcelona 2014 and look at the Content Catalog. If nothing else, check out the SDN sessions in the content catalog. Hopefully that link will take you directly to the right results; there are some interesting sessions on that topic alone.
Like other events, HP will also be streaming some content live for Continue reading
My second “Secret Sunday” post back in August introduced Schprokits, a company founded by Jeremy Schulman, previously the Director of Network Automation at Juniper.
I was truly flattered when Jeremy invited me to be part of a small team testing early Schprokits code (and trust me, I am way outclassed by the rest of the testers!), and having had a chance to try out what is probably only a small proportion of the code, I thought I would take the opportunity to share some early impressions of the software.
TLDR: I’m having fun!
The Schprokits website says that it is “Inspired By DevOps. Built For NetOps.” Jeremy is trying to take the principals behind DevOps and apply them to something that’s usable by people who don’t program every day but want to automate their networks nonetheless. And so it does. Schprokits “coding” is based around Workbooks and those workbooks contain a number of Actions. Workbooks are written in YAML which is probably one of the easier formats to learn as it’s very human-readable. In case you haven’t seen YAML before, what do you think is going on in the code below?
actions:
- info: Continue reading
Just over a month ago I accepted Etherealmind’s “30 Blogs in 30 Days Challenge”, and this Friday I ‘m pleased to say that I completed the challenge without missing a day. It seems appropriate then that I should use today’s Secret Sunday to give a shout out to the man behind the mission, Greg Ferro (aka Etherealmind).
In some ways it feels like cheating to include Greg because he’s unlikely to be a new discovery for anybody reading my blog, but credit is due where it’s due; you can’t argue that Greg does not give back to the networking community. His Etherealmind website has a huge following and a wealth of content written over a number of years. He’s a co-host of the PacketPushers podcasts, generating hundreds of podcasts dedicated to the networking industry. He has written three books that he has published on LeanPub and has a fourth on the way, co-authored with the venerable Brent Salisbury.
Greg is never short of an opinion, and I suspect that one of the reasons for his large following is that he isn’t afraid to go out there and let you know what he thinks, even if “you” are a vendor, and what Continue reading
Ok, it’s another f5 post and if you’re not using f5 you might think this is irrelevant to you. However, I beg you to read on because the issue I’m describing today has a relationship to SDN and network automation, and why they are such a pain to do in so many cases.
The day began simply enough: news had broken about the “Poodle” SSLv3 vulnerability, and like the majority of network and server nerds we needed to disable or block SSLv3 as quickly as possible in order to remove that particular attack vector. My job was to look at the f5 load balancers, and to do so I realized that I needed to understand what SSL we had out there, and I’d also need to determine the exact change I would be making.
I wrote a couple of scripts to analyze our f5 configurations, and soon enough I had a spreadsheet showing all the SSL client profiles that were in use on each load balancer. It’s important, at this point, to understand how the f5 configures SSL profiles. Fundamentally, a custom profile inherits all of its settings from a “parent” profile, unless you specifically choose to Continue reading
Last month I visited Interop NYC 2014 as a guest of Tech Field Day Extra! where our group was given a presentation about the new Cisco ISR routers by Matt Bolick, a Technical Marketing Engineer for Cisco.
The Integrated Service Routers (ISRs) themselves seem pretty feature packed, covering four key areas:
Rather than reinvent the wheel, Matt explained that the idea was to use existing protocols in a useful new way; in this case in particular to offer secure hybrid transport across MPLS and Internet for private cloud and DC access, probably ultimately moving to just Internet connectivity base on the shift Cisco has seen in how corporations see their branch offices (and specifically how much they want to reduce costs!).
So far so cool, but I figure you can look up all the specifications and features for yourselves so I won’t bore you with much more of that here. There was something else that tickled me though.
The new routers have some interesting performance claims:
Weird looking poodle, right? *coughs* With the recent SSLv3 Poodle vulnerability being disclosed, there has been a rush to disable SSLv3. But if you manage quite a few web sites, how can you quickly check whether or not you are vulnerable? Better still, if you know you have vulnerable sites, wouldn’t it be nice to be able to check before and after your mitigation attempts in order to confirm that SSLv3 has indeed been disabled?
The consequences of disabling SSLv3 is another discussion entirely; let’s assume that I’ve decided it’s worth disabling.
So that was my problem, so here’s what I did about it.
Poodle Poop
What I did was to write a script. In Python.
Regular readers will recall that my “go to” language is Perl, so the fact that I chose to write the tool in Python says, well I don’t know exactly what, but I’m sure it says something. I am not by any means a Python programmer, but I believe I have the tool working, and it’s pleasantly fast. I suspect that the code it won’t look right to a Python programmer, and will look comfortingly uncomfortable to perl programmers. It’s pretty much my first “proper” program Continue reading
Microsoft Lync, perhaps the most well known business communication and collaboration tools, is getting a new name in 2015. The next version of Microsoft Lync, according to the Lync Team on Microsoft’s Office Blog will be called “Skype for Business.”
In other news, the next version of iTunes will be called “Napster for People With Credit Cards” and we’ll also hear from Cisco about the now-defunct plans they made five years ago to rebrand themselves as “Linksys Plus for Data Center.”
First, and most importantly, Microsoft’s Marketing Department is ahead of the game and producing videos that explain all you need to know about this new product.
So here it is; all you need to know:
I feel all warm and fuzzy about this new electronic communication paradigm optimizing and synergizing all the information flows in my business! Let’s check out those key changesimprovements:
“We’re really excited about how Skype for Business takes advantage of the strengths of both Skype and Lync. For example, as you can see in the screenshots, we’re adopting the familiar Skype icons for calling, adding video and ending a call.”
Icons. Icons are one of Skype’s Continue reading
Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches.
Is there any mileage in this idea?
The idea of the big players selling their software for use on generic hardware has been floating around pretty much since SDN hit the news and the first bare metal switches came out, with Cisco for example looking like they were pretending that SDN wasn’t a thing, and their position was secure if they continued to do what they already did. To be honest, I think Cisco is still paying the price for initially lacking a strategy, then embracing SDN in such a confusing way. Nonetheless, the idea isn’t new, but has the market moved to a position where Cisco and Arista really need to do this? And what of Juniper; are they immune to being sucked into the bare metal market?
In addition to being a good addition to awesome music of G. Love, for companies like Cisco Arista and Juniper, their “special sauce” these days Continue reading