I’m a big fan of Let’s Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let’s Encrypt doesn’t have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let’s Encrypt software client and the Let’s Encrypt web service.
Since the protocols that Let’s Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:
I can’t remember how, but I discovered a very clean, very simple client called acme-tiny at github.com/diafygi/acme-tiny. This script was obviously written by someone who shares the same concerns as I do and I highly recommend it to others.
I used acme-tiny to request my initial certificates — and it Continue reading
I'm a big fan of Let's Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let's Encrypt doesn't have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let's Encrypt software client and the Let's Encrypt web service.
Since the protocols that Let's Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:
I got an interesting email from Ying Lu who had read my posts on LSM:
I am curious about the Ethernet DA and codepoint used for multicast MPLS. Previously, I understand that:– Ethernet DA is unicast MAC of nexthop of each replication leg.– codepoint is 0x8847However, looking at RFC5332, I am not so sure…Quote:“Ethernet is an example of a multipoint-to-multipoint data link. Ethertype 0x8847 is used whenever a unicast ethernet frame carries an MPLS packet.
Ethertype 0x8847 is also used whenever a multicast ethernet frame carries an MPLS packet, EXCEPT for the case where the top label of the MPLS packet has been upstream-assigned.
Ethertype 0x8848, formerly known as the “MPLS multicast codepoint”, is to be used only when an MPLS packet whose top label is upstream assigned is carried in a multicast ethernet frame.
Interesting question. What is the ethernet destination address (DA) and the value of the ethernet type field (codepoint) when the MPLS packet is being sent on an LSM LSP?
Getting back into the lab, I started a ping from CE1 to a group that CE3 had joined. I then ran a sniff on the segment between P and PE3.
Examining the Continue reading
NSF and GR are two features in Layer 3 network elements (NEs) that allows two adjacent elements to work together when one of them undergoes a control plane switchover or control plane restart.
The benefit is that when a control plane switchover/restart occurs, the impact to network traffic is kept to a minimum and in most cases, to zero.
NSF
GR
NSF and GR are two features in Layer 3 network elements (NEs) that allows two adjacent elements to work together when one of them undergoes a control plane switchover or control plane restart.
The benefit is that when a control plane switchover/restart occurs, the impact to network traffic is kept to a minimum and in most cases, to zero.
Presented by: Russ White, LinkedIn
Networks are complex. How do we measure complexity? How do we measure scale? What’s the unit of measure?
You can’t “solve” complexity.
Alderson D and J Dole “complexity in highly organized systems arises primarily from design strategies intended to create robustness to uncertainty.” There’s a point on the complexity scale where robustness actually drops. “Robust but fragile”.
Dunning Kruger effect?
What is complexity?
“If you haven’t found the trade off, you haven’t looked hard enough” — Russ
The model:
3-way trade off:
“Adding more state to the system should result in an increase in optimization” Continue reading
Presenter: Paul Lysander, Technical Marketing Engineer, Cisco
“How many of you are not using PI 3.x?” –Paul; perhaps 10-20% put up their hands.
Morning after the customer Appreciation Event. Good turnout.
Where does PI fit in the network?
Side note: PI 3.1 maintenance release 1 (MR1) is coming next week. When released, it will be the generally recommended release for customers to run.
Create Sites and Location Groups before adding devices to the inventory. These groups are used throughout PI. Eg: a Site can be used with a Virtual Domain to provide role-based access to devices in the environment (Admin1 can’t see Admin2’s devices; Admin1 only session Campus1 and SuperAdmin sees all). Device membership in a site can be done statically or by policy.
Config Templates:
New feature in 3.1: Plug and Play for Continue reading
Presented by: David Prall, Communications Architect, Cisco
For reference, David is the “father of IWAN”.
This session was not what I was expecting. I was expecting design and architecture, but it was all about features in IOS and IOS-XE (eg, FHRPs, talked about routing protocol timers, PfRv3, BFD). I guess I need to pay more attention to the session code (RST == routing; ARC == architecture).
Original article: BRKRST-2042 – Highly Available Wide Area Network Design
Copyright © 2016 Joel Knight . All Rights Reserved.
Presenter: Paul Lysander, Technical Marketing Engineer, Cisco
Presenter: Fred Niehaus, Technical Marketing Engineer, Cisco Wireless Networking Group
Basic understanding of radio:
Antenna basics:
Presented by Muhammad A Imam, Sr Manager Technical Marketing Engineering
Brand new session!
The goal of the session is to give an understanding of IOS-XE Denali 16.x.
“How many have downloaded 16.x?” — maybe 10% put up their hands
The upcoming 16.3 (target for this month) will support Cat 3850,3650, ISR, and ASR 1000.
The original operating system on the AGS, back in 1986, was simply called “Operating System”. There are still parts of Operating System in IOS today (scary!!).
IOS-XE (code name BinOS) came around in 2007 on the ASR 1000. In 2010, IOS-XE (code name Nova) was released for the Cat4k. These two editions of XE were similar, but different and were written by different engineering teams.
The vision for IOS-XE Denali is a single code base across Cisco enterprise platforms. Benefits include: similar features, consistent version numbers, consistent release schedule, consistent test and validation of releases, consistent commands (eg “show platform …”).
“We are changing the way we write code” –Muhammad; code is being pulled out of the IOSd blob and written as a subsystem within IOS-XE (over time).
Crimson database:
Presenter: Fred Niehaus, Technical Marketing Engineer, Cisco Wireless Networking Group
Presenters:
Quick survey in the room: 60-70% of attendees running PI 3.x; 10-20 PI 2.x; some still on LMS.
“There are 37 different ‘Cisco Prime’ products” — Lewis
“Cisco Prime” isn’t a product; “Cisco Prime Infrastructure” is. Cisco Prime is a family of products.
PI traces its lineage back to 1996: CWSI > Cisco Works LMS > Cisco Prime LMS > WCS > NCS > Prime Infrastructure.
“1232 SysObjIds supported in PI today” — Lewis (aka, 1232 different devices supported by PI)
Two people (only!!) in the room running Network Analysis Module.
UCS Server Assurance module: enables mgmt of UCS servers; will integrate into vCenter and map VMs to physical hosts for you.
Operations Center: manager of managers for PI
Licensing in PI 3.x:
Presenter: Steven Heinsius, Product Manager, Enterprise Networking Group
I’m hoping the title of this session could also be “7 Ways to not be a TOTAL Wireless Noob” since that’s more my level.
The Basics
Taking a 100 employee company….
In 2007-2009, networks were designed for coverage. Those networks are still around and are being asked to support (on average) 3 devices per person.
WiFi is
Distance vs modulation
Presented by Muhammad A Imam, Sr Manager Technical Marketing Engineering
Presenters:
Connected Pipelines Validated Design: coming this week! Cisco.com/go/cvd > Oil & Gas area
For those that aren’t familiar with the oil/gas business, there’s three areas:
Cisco can work and play in all three areas. Eg:
ISA95/99 (aka Perdue Model) – describes an architecture for different security zones within the industrial environment.
Operational principles (compare this with a typical enterprise environment and principles):
With respect to 24×7 Continue reading