Configuring devices from the command line is time-honoured tradition for network engineers. But for everyday operational tasks, the CLI is no longer fit for purpose.
The post The Network Command Line is Dying appeared first on EtherealMind.
It's not about SD-WAN. Console is more about automating some very old processes.
Parallel Wireless approaches the RAN from a different perspective.
With ASA version 9.4 Cisco has added support for Elliptic curve cryptography (ECC), which is one of the most powerful types of encryption in use today. While ECC has been in use since 2004, only it’s recently use has skyrocketed. Part of this reason is power consumption… In my limited understanding, experts have concluded that a shorter ECC keys are just as strong as a much larger RSA key. This increases performance significantly, which reduces the power required for each calculation. If you want to learn more about ECC, check out this fantastic article from arstechnica.
That brings me to the issue. Last night I failed over some 5585x’s running > 9.4 that happened to be doing Anyconnect SSL VPN. This morning, my client was seeing issues. Luckily the solution was simple and a college pointed me to the solution fairly quickly. From the Cisco support community page I found later on….
For version 9.4.(x) we have the following information:
Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve Continue reading
For the time being, we are discontinuing Reader.PacketPushers.net. We didn't advertise it heavily in the past. Reader saw some traffic, but not a lot. And...we were never entirely happy with the result we got out of it. Our plan is to reboot Reader at some point in the future with new software. We still think it's a good idea, but we want to get a more polished look and feel out of it first.
The post Rebuilding Reader appeared first on Packet Pushers.
Another VMworld has come and gone. 23,000 people at this year’s VMWorld at the Moscone Center seemed to push the limits with standing room only at sessions and coffee in high demand, but the show was well run and the solution exchange was hopping.
I was glad to see less marketing rhetoric around private vs. public cloud, software vs. hardware, virtualized networks vs. physical networks and more focus on delivering solutions that help accelerate the deployment of workloads in ways that help customers.
Here’s a look at my 5 things that made an impression on me at this year’s show.
1. It’s a Hybrid World
A major focus (maybe the focus) of VMworld this year was what VMware calls the “Unified Hybrid Cloud.” It was good to see a strong shift from previous years where much focus was placed on defending private cloud versus public cloud. VMware is certainly taking an “inside out” strategy by focusing on their strength inside the data center and leveraging their vCloud Air public cloud services. Their ability to provide sophisticated tools for private data centers and extend that to a public resource-on-demand consumption model is certainly a strong value proposition for customers.
Last week at VMworld, Pat Gelsinger made a statement that got folks buzzing. During his 
keynote, he said that integrating security into the virtualization layer would result in organizations being twice as secure at half the cost. As a long-time security guy, statements like that can seem a little bold, but VMware has data, and some proven capability here in customer environments.
We contend that the virtualization layer is increasingly ubiquitous. It touches compute, network, and storage – connects apps to infrastructure – and spans data center to device. More importantly, virtualization enables alignment between the things we care about (people, apps, data) and the controls that can protect them (not just the underlying infrastructure).
Let me speak to the statement from the data center network side with some real data. VMware has a number of VMware NSX customers in production that have deployed micro-segmentation in their data centers. Here’s what we found:
One of the comments I got on my Lego Bricks & BFT blog post was “well, how small should those modular Lego bricks be?”
The only correct answer is “It should be Lego bricks all the way down” or (more formally) “Modularity is a concept that should be applied at every level of the architecture.”
Today let’s focus on how much easier the life would be if we could take apart the network operating systems instead of just watching them as glued-together Death Stars.
Read more ...If you are frequent reader of this blog, it’s no surprise I’m focused on automation these days. It’s been primarily centered around using Python and Ansible with a little Puppet and Chef sprinkled in. I had the opportunity recently to change things up a bit using the Cisco ACI PowerTool and thought I’d share a few things about it.
First off, the ACI PowerTool is a PowerShell module that helps automate all aspects of a Cisco ACI fabric.
Second, it’s no a secret that the same rocket scientist created both the Cisco UCS and ACI object models. That said, the UCS PowerTool has been around for years and offers PowerShell modules that can be used to manage, operate, and automate Cisco UCS environments. As you may have guessed the Cisco ACI PowerTool is the same thing, but used to manage and automate Cisco ACI fabrics using PowerShell.
And as luck would have it, I’m still a Windows user, so I was able to get this up and running extremely fast. In full transparency, I haven’t spent much time with PowerShell at all before this, and it was super easy to get going, so no matter what your background, it’s worth Continue reading
The latest developments from the ONF.
