Vital Gadgets for a Datacenter Network Engineer
I would like to share some tips regarding gadgets that I believe every Datacenter Network Engineer should have with them. There are several, but I want to bring up my top two.ß Travel Router I am often in situations where it is either difficult or impossible to manage Nexus switches and/or UCS remotely. Pick your reasons - sometimes the management network doesn’t exist (yet) or there are heavy security measures in place that restrict wired management, whatever.Vital Gadgets for a Datacenter Network Engineer
I would like to share some tips regarding gadgets that I believe every Datacenter Network Engineer should have with them. There are several, but I want to bring up my top two.ß Travel Router I am often in situations where it is either difficult or impossible to manage Nexus switches and/or UCS remotely. Pick your reasons - sometimes the management network doesn’t exist (yet) or there are heavy security measures in place that restrict wired management, whatever.Fabric Stats
Small tips for analyse the fabric stats. I mean packets stats (IN/OUT/Drops) between each PFE and the Fabric. Usually fabric stats can be observe by using the following cli command. Remember, that there are only 2 streams at fabric level: High and Low...Fabric Stats
Small tips for analyse the fabric stats. I mean packets stats (IN/OUT/Drops) between each PFE and the Fabric. Usually fabric stats can be observe by using the following cli command. Remember, that there are only 2 streams at fabric level: High and Low...Android vs iOS: Opinions From a Long-Time Android User
I don't really keep up to speed on consumer technology. For me, the enterprise IT space holds more challenge and interest. There is one piece of consumer tech though that has become fully ingrained in my life: the tablet. For that reason, I'm going to summarize my experience in using both Android and Apple based tablets.
We don’t understand hashes
At least I don't, nor do I understand math. It only this week dawned to me, that we consistently choose wrong hash for password hashing.
When I started using Linux DES was the standard way to hash your passwd, then it was MD5, now at least Ubuntu is using SHA. And I can bet that in 2 years time SHA-3 (will be selected this year) will be used widely for protecting passwords.
But what were design goals for MD5 and SHA? Design goals are obviously avoidance of collisions and more importantly algorithmic cheapness in terms of computational requirements and ability to implement it cheaply and easily in hardware requiring no branching. So MD5 and SHA are _by design_ simple to brute-force in hardware, even the new SHA-3. You don't want your 'git commit' or 'sha3sum /dev/cdrom' to take days, you want it to be very very fast and very very unlikely to represent any other data.
It should be quite obvious that those requirements are orthogonal to the requirements of password hash. Avoidance of collisions is not critical to password hash and absolutely opposite requirement of computational expensiveness exists for password hash, it needs to be very expensive and it Continue reading
IPv6 Subnetting – General Procedure
First off, because I know most of us are coming from the IPv4 world, I want to state a couple of things from IPv4 subnetting that we must UNLEARN and forget in order to grasp IPv6 subnetting. Why we subnet: … Continue reading
Palo Alto Packet Processing
The flow starts with the initial "Packet Processing" ----> "Security Pre-Policy" ----> "Application" ----> "Security Policy" ----> "Post Policy Processing"
Silver bullet for home QoS
Rationale
I mentioned in one of the posts about how prioritizing small packets upstream is almost the proverbial silver bullet when it comes to QoS at home. I'm sure any ADSL user who uses interactive applications, such as SSH have noticed how laggy the SSH gets when you upload something from home, say your holiday pictures with scp to your web server. Also download is quite slow during upload. VoIP and online gaming will suffer too. Canonical solution is to use DSCP markings at sender end or DSCP mark based on IP address or port.
But I feel that is unnecessarily complex for typical home use scenario, since all of the important/interactive stuff are using small packets and the bandwidth hogging applications are all essentially doing MTU size packets. I've chosen <200B as small packet, which is arbitrary decision I did about decade ago when setting this up first time, I'm sure it could just as well be like 1300B. So without further rambling, I'll give IOS (ISR) and JunOS (SRX) examples how to roll this on your CPE.
IOS example
class-map match-any SMALL-PACKETS match packet length max 200 ! policy-map WAN-OUT class SMALL-PACKETS priority percent 75 class class-default fair-queue random-detect ! interface ATM0.100 point-to-point pvc 0/100 vbr-nrt 2000 2000 tx-ring-limit 3 service-policy output WAN-OUT ! !
JunOS example
[email protected]> show configuration interfaces vlan unit 0 family inet filter input FROM_LAN; [email protected]> show configuration firewall family inet filter FROM_LAN term small_packets { from { packet-length 0-200; } then { Continue reading
How Unix Made Me a Better Network Engineer
I've had two main areas of interest in my IT career. Professionally, I've been a network guy. Designing, building, and supporting IP networks is what pays my bills. On the other side, I'm a Unix geek. Building, tinkering, and hacking code on Unix systems and related open source software has always been fun and challenging for me. Recently I was reflecting on my career and realized that my Unix and open source experience has played a big role in my career as a network engineer. Here's some of the ways I believe network engineers can benefit from Unix experience.
Packets of Interest (2012-03-29) — Bonjour
These are some articles/interviews that I came across this week that got me thinking about Apple's Bonjour in enterprise environments.
Cisco UCS and SR-IOV
I read an excellent blog post by Scott Lowe (@scott_lowe) this week on Single Root I/O Virtualization (SR-IOV) titled “What is SR-IOV?". It's an older post but it did a great job of solidifying my understanding and filling in the knowledge gaps. One thing that stuck out was this bit: SR-IOV requires support in the BIOS as well as in the operating system instance or hypervisor that is running on the hardware.CCIE Data Center
The long rumored, highly expected and very desired has finally been released and it’s a beast!
Since the release of the Nexus platform there has been talk about when these platforms were to be introduced in a CCIE track. With the introduction of UCS in 2009 this became an even higher request especially since UCS really took off in sales. When I started my CCIE Storage studies in 2010 I initially wrote an article for IPexpert about my predictions for the CCIE DC (http://blog.ipexpert.com/2010/01/13/storage-and-datacenter-ccie/). Most of them where very easy guesses, but those also became reality in the track, though with new hardware that is now available (2 years later).
You might have already read most information on other blogs, but I’m trying to consolidate that information. During the coming weeks/months more and more information will become available and during Cisco Live in June there will be a huge amount of information and questions during the 4-hour Techtorial (TECCCIE-9544).
The scope of the exam is pretty much based on the usual suspects, so in summary you should know the:
- UCS B-series blade systems
- UCS C-series rackmount systems connected to UCS Manager via FEX
- Virtual Interface Cards Continue reading
RANCID and the Octothorpe
RANCID (Really Awesome New Cisco confIg Differ) is a tool for automating the collection of hardware and configuration data from network devices. I recently upgraded an installation from version 2.3.1 to 2.3.8. And naturally, because I didn't have a ton of time to devote to this, stuff broke. It stopped pulling data from some switches. Not all switches, mind, that would be too easy to troubleshoot. Only some.
Zero Trust Networks
I find it interesting that someone is finally putting together a concept that I have been leveraging (where technology allowed me) for some time. Click the link below to find out more.Nexus Accounting Log
Perhaps another trivial post, but if you don’t know about it, you might find it extremely useful. Cisco NX-OS has an on-device log file of the exec level configuration commands entered successfully. Obviously similar informational can be obtained from the TACACS logs, but there is a certain benefit in having directly on CLI. The command […]