Cisco ASA Virtualization with Mixed-Mode Security Contexts
The Cisco ASA firewall has supported multiple security contexts since version 7 was released in 2005. This feature allows you to configure multiple independent logical firewalls in the same ASA hardware. When version 8.5(1) released in July 2011, support was added for mixed mode firewalls in which both routed and transparent contexts can reside on […]
Author information
The post Cisco ASA Virtualization with Mixed-Mode Security Contexts appeared first on Packet Pushers Podcast and was written by Eyvonne Sharp.
The Smartest Guy in the Room
There is one thing that anybody who has been in a room with me longer than 5 minutes can tell you – I am not a smart guy! I have lots of smart friends. I am not one of them. Sometimes I feel like I’ve done more stupid things, more often than I would like to admit, and its only that I have been stupid enough often enough that I have eventually learned “dont do that!“.
A couple of things have happened over the past few weeks that made me think about “The Smartest Guy in the Room”, and I thought I would share a few incomplete thoughts on the matter.
As a Consultant
Back on June 18, Matthew Norwood (who I would nominate for the award of “Nicest man in Network Blogging and Puppeteering”) wrote this blog post about consulting. In this post he talks about how as a consultant sometimes you have to accept that you are not the smartest guy in the room. At first this may seem odd, especially because usually our customers are paying us lots of money because we are experts. Funnily enough, on consulting engagements my job is more “I Continue reading
Show 152 – Nexus Announcements from Cisco Live 2013 with Ron Fuller – Sponsored
Ethan Banks and Greg Ferro are joined by Brent Salisbury for a discussion with Cisco’s Nexus-geek-at-large Ron Fuller about a whole lot of things happening in the Cisco data center product line in this sponsored edition of the Packet Pushers Podcast. First up, we review the announcement from the previous Cisco Live (London 2013) about […]
Author information
The post Show 152 – Nexus Announcements from Cisco Live 2013 with Ron Fuller – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
How to Prepare for CCDE Practical Exam
I was a bit harsh when I wrote: you have to be CCIE to pass CCDE. Couple of friends of mine, who are not CCIEs, came to me after reading that post and said I had demolished their hope to pass the exam.I won't lie. It's easier to become CCDE if you have already had a CCIE. But fear not, there is still chance for non-CCIE to pass CCDE exam as well. And several guys who are not CCIE but able to put their name in this Hall of Fame is the proof.
The next CCDE practical exam date is on August 27. So there is still time for both groups of CCIE and non-CCIE to pass it, and here is another version of "how to prepare for CCDE exam" that may help to do so:
1. You still need a good reason to do it
You need a good reason as your main motivation to keep continue pursuing this certification, after you fail the exam. Or after you fail the exam several times.
So find your reason.
2. You still need the experience
You can't skip experience. I'm not kidding.
From CCDE Techtorial it says "CCDE Practical is Continue reading
Healthy Paranoia Show 14: Digital Forensics and Incident Response with Andrew Case
Get ready for another nerdilicious episode of Healthy Paranoia featuring Andrew Case, digital forensics researcher and a core developer for the Volatility Framework. Liam Randall joins Mrs. Y. as they discuss topics such as: The difference between forensics and incident response. Malware analysis vs. reverse engineering. Why you should treat a compromised system like a […]
Author information
The post Healthy Paranoia Show 14: Digital Forensics and Incident Response with Andrew Case appeared first on Packet Pushers Podcast and was written by Mrs. Y.
Control Plan and Data Plan – Answer provided by Keith Barker
I came across this great answer to a question from Keith Barker and felt it needed to be shared. Great analogy Keith.
PQ Show 28 – UCS Director Overview – Sponsored
In this show recorded in a small little room with a great big fan (which we were mostly able to edit out) in the “Meet the Expert” lounge at Cisco Live 2013 in Orlando, Packet Pushers Greg Ferro and Ethan Banks discuss Cisco’s UCS Director product (formerly Cloupia) with folks from the UCS Director team. […]
Author information
The post PQ Show 28 – UCS Director Overview – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Air as a service
Have you ever wondered about air? We all share the same air. We know it's vitally important to us. If we safeguard it we all benefit and if we pollute it we all suffer. But we don't want to have to think about it every time we take a breath. That's the beauty of air. Elegantly simple and always there for you.Imagine air as a service (AaaS), one where you need to specify the volume of air, the quality of the air, etc before you could have some to breathe. As much as some folk might be delighted in the possibility to capitalize on that, it would not be the right consumption model for such a fundamental resource. If we had to spend time and resources worrying about the air we breathe we'd have less time and resources to do other things like make dinner.
Why does air as it is work so well for us? I think it's for these reasons, (1) there is enough of it to go around and (2) reasonable people (the majority) take measures to ensure that the air supply is not jeopardized.
Network bandwidth and transport should be more like how we want Continue reading
Optimizing and Protecting Spanning Tree
Optimizing STP
Left to defaults, 802.1d (plain old STP) can take a very long time to converge. For example, when a root switch fails, a switch must wait Maxage (20 seconds) before convergence can even begin. Then, the newly forwarding ports must wait 2 x Forward Delay (15 seconds) to transition through the listening and learning states before they can begin to actually start forwarding. This is a total of 50 seconds - a noticeable network hit.
Enhancements have been added over time to address this, such as PortFast, UplinkFast, and BackboneFast.
PortFast
This Cisco-proprietary feature allows a port to immediately transition to forwarding state once it is physically up (powered on and plugged in). It does this by skipping the listening and learning states. This should only be enabled on access ports. If a switch is connected to a port with PortFast enabled, loops may occur. For this reason, it is a good idea to enable Bridge Protocol Data Unit (BPDU) Guard and Root Guard when using PortFast.UplinkFast
UplinkFast improves convergence by providing alternate root ports (RPs) for immediate transition in case of a failure of the current RP. Continue reading
PQ Show 27 – Cisco XNC Controller – First Look – Sponsored
Cisco eXtensible Network Controller (XNC) can provide greater business agility, through a cost-effective, scalable, Software-Defined Network (SDN)-based approach to traffic monitoring. What is the XNC? What’s it for? Comparing XNC Controller to OpenDaylight. What’s the same? What’s a value-add? What are the northbound capabilities of XNC? Southbound? Let’s give some examples of what we can […]
Author information
The post PQ Show 27 – Cisco XNC Controller – First Look – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Preparing For Technology Trends
I spent most of last week at Cisco Live. This is a large and well-known technology conference. While attending the keynote sessions, I kept wondering how many people take the time to future-proof themselves. I know we all have a lot of work just educating ourselves on the technology of today. However, I have to […]
Author information
The post Preparing For Technology Trends appeared first on Packet Pushers Podcast and was written by Paul Stewart.
An Introduction to the Nexus 7700
We're halfway through 2013 and we have our second new member of the Nexus family of switches for the year: the Nexus 7700. Here are the highlights:
- Modular, chassis-based system
- 18 slot (16 IO modules) and 10 slot (8 IO modules)
- True front-to-back airflow
- New fabric modules
- (6) fabric modules (maximum) per chassis
- 220G per slot per fabric module
- 1.32Tbps per IO module slot
- Supports F2E and newly announced F3 IO modules
Best Practices for Benchmarking CoDel and FQ CoDel (and almost anything else!)
The bufferbloat project has had trouble getting consistent repeatable results from 
other experimenters, due to a variety of factors. This Wiki page at bufferbloat.net attempts to identify the most common omissions and mistakes. There be land mines here. Your data will be garbage if you don’t avoid them!
Note that most of these are traps for people doing network research in general, not just bufferbloat research.
The value of Soft Skills
No, this isn’t SDN-related, I mean the soft skills. The interpersonal skills. The skills that will help you get ahead in your career. This is my opinion on the matter, so take it all with a huge grain of salt. The biggest thing that a lot of people forget is that there’s more […]
Author information
The post The value of Soft Skills appeared first on Packet Pushers Podcast and was written by Ken Matlock.
CCIE SP Lab
At Cisco Live I was able to attend the CCIE Service Provider technical session by Vincent Zhou who is the product manager of CCIE SP. It was a very good informative session (BRKCCIE-9163) that gave a nice insights into the lab test. Below are my notes from the session, hopefully you’ll find them useful.
– CCIE SP blueprint version 3 was first introduced in April 18th 2011. When I asked Vincent about upcoming changes to the blueprint, he assured me that there won’t be any change for another year.
– All devices are preconfigured. The preconfiguration has basic IPv4/IPv6 addressing, VTP, VLANs, basic routing, basic MPLS..etc. anything that is preconfigured can’t be changed unless explicitly states in the task.
– The GUI and questions are all electronic, there are no printer workbooks, similar to the CCIE R&S lab test. All rack equipment is accessed thought remote access. San Jose and RTP don’t have any local equipment. Most of the IOS devices are running IOU, IOS-XR and Catalyst are using physical devices.
– Passing rate for SP is a lot higher than CCIE R&S. With the addition of IOS-XR there was a significant drop of CCIE Continue reading
The Realpolitik of technical pre-sales
I’m the technical guy in the room, but yes, you could call me a salesperson if you were feeling vicious. I work with many vendors and my job in Technical Pre-Sales is to pitch their solutions to the Enterprise network administrator. Some vendors have amazing products, some of them not so much. Walking the line […]
Author information
The post The Realpolitik of technical pre-sales appeared first on Packet Pushers Podcast and was written by Glen Kemp.
7 CCIE Strategy Mistakes – What I will do differently next time!
Download the PDF here Although at the time of writing I have not yet passed the CCIE Lab Exam in Routing & Switching, but I wanted to write down my 7 CCIE Strategy Mistakes that I made on my journey so far. I have come a long way and have learnt a lot. My journey […]
The post 7 CCIE Strategy Mistakes – What I will do differently next time! appeared first on Roger Perkin - Networking Articles.