Whatever Happened to “Do No Harm”?
A long time ago in a podcast far, far away one of the hosts saddled his pony unicorn and started explaining how stateful firewalls work:
Stateful firewall is a way to imply trust… because it’s possible to hijack somebody’s flows […] and if the application changes its port numbers… my source port changes when I’m communicating with my web server - even though I’m connected to port 80, my source port might change from X to Y. Once I let the first one through, I need to track those port changes […]
WAIT, WHAT? Was that guy really trying to say “someone can change a source port number of an established TCP session”?
Read more ...What is open networking?
Saying ‘open networking’ is a little like saying ‘SDN’. Without context, it can mean almost anything. Some argue it’s more around options on platforms while others believe it’s more to do with software. When I think about open networking, I think about these main points…
Generic Platforms – White box switches are all the rage these days and for good reason. A white box switch gives you the option to run a variety of different software platforms on generic hardware. This means you don’t need to buy a piece of proprietary hardware to run your proprietary software on. The net result here is that vendor lock in goes away. It also means that you don’t need to wait years and years to buy new hardware to get new software.
Linux – Linux is used EVERYWHERE. As it turns out, it’s already used quite extensively in networking platforms, but not how you might imagine. Most networking vendors use a highly customized version of Linux and the Linux kernel. The reason for this is simple – Linux wasn’t built for networking. Long story short, traditional network vendors had to modify the Continue reading
Learning to Love Codenames
One of the things I struggled with when starting at a vendor was dealing with project codenames. There is no secret decoder ring – you have to learn the names the hard way. I couldn’t understand why descriptive names weren’t used. It took a while, but I’ve come to understand the reasoning behind the obscure names now. It’s still a stretch to say I ‘love’ them, but I can at least understand them now.
Naming Standards & Bikeshedding
When I started my professional career, it was common to name servers using things like Greek & Roman Gods, or Star Wars characters. Billing might run on Apollo, while Medusa was used for third-party connections.
This is fine for 5-10 servers, but clearly doesn’t scale. I’ve wasted many long and pointless hours in server naming “bikeshedding” discussions. Grumpy old sysadmins would argue that it was far easier to remember names like Bert & Ernie than web01/web02. The Young Turks saw that as a way of hoarding knowledge. It seemed to deliberately make it more difficult for newcomers/outsiders. They preferred descriptive names that gave some indication of what the system was doing, where it was located, etc.
Arguments went back and forth, then virtualisation came Continue reading
SDN and Network Automation: Splitting Hairs?
At the recent Network Field Day 11, there were several discussions at the Cisco offices after the Cisco folks left the room. One of these discussions, led by Terry Slattery, was centered around SDN, and I think it’s worth a listen/watch (only about 20 minutes):
In this video, I made the argument that SDN should be limited to a very specific definition, which eliminates the management plane from the conversation entirely (around 5:40).
I am in full agreement that the term SDN, or “software-defined __ “ is at this point totally meaningless. It means so many things to so many different people, and predictably, this conversation ended with just as much confusion about SDN as when we started. So, to try to “define” SDN seems pointless, and smells of hair-splitting, but I do this for a very specific reason.
Splitting Hairs
To me, SDN and network automation are two totally different things, yet they almost always get lumped together in conversations. Normally I wouldn’t try to remedy this, but since one of these things is a practical thing to do for many organizations, I want to offer up a different way of thinking about this.
First off, you Continue reading
BGP Design Case Study
Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies. If you are in the network design field or want to learn about it,don’t miss the book. Scenario : Network A is a customer […]
The post BGP Design Case Study appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
BGP Design Case Study
Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies. If you are in the network design field or want to learn about it,don’t miss the book. Scenario : Network A is a customer […]
The post BGP Design Case Study appeared first on Orhanergun.
Response: Anomaly Detection For Monitoring
We manage a distributed system of autonomous elements where the operation, performance and stability is determined by external factors that are out of our operational control.
The post Response: Anomaly Detection For Monitoring appeared first on EtherealMind.
Fragmentation
One of the more difficult design exercises in packet switched network architectures is that of the design of packet fragmentation. In this article I’d like to examine IP packet fragmentation in detail and look at the design choices made by IP version 4, and then compare that with the design choices made by IP version 6.Preview launch of my book “Mastering CoreOS”
Last 6 months, I have been blogging very little since I was busy writing a book on CoreOS. The book is available for pre-ordering now from the publisher website as well as in Amazon. The tentative publishing date is late Feb/early March. Why I wrote the book other than the fact that I can make some … Continue reading Preview launch of my book “Mastering CoreOS”
Gopaddle Meetup Bangalore – CI, CD Presentation
Following link captures the slides on CI, CD with Docker, Jenkins and Tutum that I presented at GoPaddle meetup, Bangalore on January 23, 2015. You can find more details on the meetup here. In this presentation, I cover the following: Overview of Continuous Integration(CI), Continuous deployment(CD) Tutum Overview Jenkins with Docker Integration CI, CD Use cases … Continue reading Gopaddle Meetup Bangalore – CI, CD Presentation
CI, CD with Docker, Jenkins and Tutum
In this blog, I will give an overview of Continuous Integration (CI) and Continuous Deployment (CD) and cover few CI, CD Use cases with Docker, Jenkins and Tutum. Docker provides Container runtime and tools around Containers to create a Container platform. Jenkins is a CI/CD application to build, test and deploy applications. Tutum is a SaaS … Continue reading CI, CD with Docker, Jenkins and Tutum
Tutum Introduction
Tutum is a SaaS Container platform that can be used to build, deploy and manage Docker Containers. Docker acquired Tutum in October 2015. I have been playing with Tutum for the past few weeks and I will share some basics of Tutum and my experiences with Tutum in this blog. Advantages Very easy to get … Continue reading Tutum Introduction
Syncing IOS Clock from Cellular Provider
I recently had a request to enable time synchronization from a Cellular provider to a 3G model of the Cisco 819. Looking through several documentation sources, I found an example of EEM policy utilizing GPS data in this manner.
LTE GPS Antenna Guide Cisco Integrated Services Router (ISR G2) and Connected Grid Router
After looking at the TCL script outlined in the above document, I thought it would be an easy modification to achieve this result with the cellular network data. After fighting with the script and EEM policy for a couple of hours, I stepped back and looked at the options for creating an EEM Applet. My goal was to achieve similar results but utilizing the time provided by the cellular carrier. This article outlines my process and the final configuration.
The source of the data that I wanted to use was derived from the show cell 0 network command.
CiscoRTR#show cell 0 network Current Service = 1xEV-DO (Rev A) and 1xRTT Current Roaming Status(1xRTT) = HOME, (HDR) = HOME Current Idle Digital Mode = HDR Current System Identifier (SID) = DDDD Current Network Identifier (NID) = DDD Current Call Setup Mode = Mobile IP only Serving Base Station Longitude = Continue reading
Defining Software Defined Networking
Can you define what is a Software Defined Network ? Here is my take.
The post Defining Software Defined Networking appeared first on EtherealMind.
Pop Up Tech Talks: Denise Fishburne
Earlier today I saw a tweet that @PopUpTechTalks had uploaded their interview of me up to their YouTube Channel. I was super stoked! 
Just had to share it with y’all!
SolidFire’s Amy Lewis speaks with Cisco’s Denise Fishburne aka Fish about embracing your inner network detective at Cisco Live 2015. Filmed June, 2015 in San Diego.
Click on the pic below to see watch the interview.
