Today was a great week, in our opinion! As Andy is putting up the final touches on his CCIE Collaboration product portfolio, and has a few classes under his belt, we’re beginning to see students pass their Collaboration lab. And of course, Jeff is still cranking out Wireless success stories!
Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!
Rashmi Patel, CCIE #44921 Wrote:
“I’d like to thank Andy and iPexpert for their CCIE Collaboration study materials and bootcamp! I used iPexpert’s Ultimate Self-Study Bundle (for the CCIE Collaboration lab). I also attended iPexpert’s 5-Day Bootcamp in Chicago. Andy is a great instructor, he helped me understand the key technical areas within the lab blueprint.”
Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!
Like many of us Khalid Raza wasted countless hours sitting in meetings discussing hybrid WAN connectivity designs using a random combination of DMVPN, IPsec, PfR, and one or more routing protocols… and decided to try to create a better solution to the problem.
Viptela Secure Extensible Network (SEN) doesn’t try to solve every networking problem ever encountered, which is why it’s simpler to use in the use case it is designed to solve: multi-provider WAN connectivity.
Read more ...Recently I’ve been idly speculating about how campus networking could be shaken up, with different cost and management models. A few recent podcasts have inspired some thoughts on how Cumulus Networks might fit into this.
In response to a PacketPushers podcast on HP Network Management, featuring yours truly, Kanat asks:
For me the benchmark of network management so far is Meraki Dashboard – stupid simple and feature rich…
Yes – it’s a niche product that only focuses on Campus scenarios, Yes – it only supports proprietary HW. But it offers pretty much everything network operator needs – detailed visibility, traffic policy engine with L7 capability, MDM and you can hit it and go full speed right away.How long will it take HP to achieve that level of simplicity/usability?
He’s right about the Meraki dashboard. It’s fantastic. Fast to get set up, easy to use, it’s what others should aspire to. But there’s a catch: It only works with Meraki hardware. Keep paying your monthly bills, and all is well. But what if you’ve got non-Meraki hardware? Or what if you decide you don’t want to pay Meraki any more? What if Meraki goes out of business (unlikely, but still Continue reading
Even with people who work in networking, as soon as you say the word “firewall” a lot of people tend to stare at that far away place that only exists in their minds. I think some of this comes from the fact that “it’s not a router”. Another reason is that people just haven’t taken the time to get familiar with firewalls. The ASA is Ciscos firewall or VPN device. Though the ASA can do a lot of things, in this post I will cover the basics such as how you set it up and connect the device to the Internet.
Continue reading
Weird looking poodle, right? *coughs* With the recent SSLv3 Poodle vulnerability being disclosed, there has been a rush to disable SSLv3. But if you manage quite a few web sites, how can you quickly check whether or not you are vulnerable? Better still, if you know you have vulnerable sites, wouldn’t it be nice to be able to check before and after your mitigation attempts in order to confirm that SSLv3 has indeed been disabled?
The consequences of disabling SSLv3 is another discussion entirely; let’s assume that I’ve decided it’s worth disabling.
So that was my problem, so here’s what I did about it.
Poodle Poop
What I did was to write a script. In Python.
Regular readers will recall that my “go to” language is Perl, so the fact that I chose to write the tool in Python says, well I don’t know exactly what, but I’m sure it says something. I am not by any means a Python programmer, but I believe I have the tool working, and it’s pleasantly fast. I suspect that the code it won’t look right to a Python programmer, and will look comfortingly uncomfortable to perl programmers. It’s pretty much my first “proper” program Continue reading
Weird looking poodle, right? *coughs* With the recent SSLv3 Poodle vulnerability being disclosed, there has been a rush to disable SSLv3. But if you manage quite a few web sites, how can you quickly check whether or not you are … Continue reading
If you liked this post, please do click through to the source at Scary Poodle: Quickly Checking Websites for SSLv3 and give me a share/like. Thank you!
Last week I ran the second part of the updated (4-hour) VXLAN webinar. The raw videos are already online and cover these topics:
The requirements for next generation applications in the Third Platform era have a profound impact on the network. No longer can we treat the network as a piece of infrastructure that just needs to be present. It has to drastically change to become a fundamental component of the next generation application. Mike went through some of the network implications of the new era application properties in his post yesterday:
The change towards Third Platform IT infrastructures is more than evolutionary. The compute, storage and application frameworks and infrastructures started their transformation a while ago. These types of shifts take time, but networking has not run at the same pace of change to keep up. Up to recently, networking’s great contribution to the changing IT world was a move from a multi tier network into a two tier network with a new name. Hardly transformational to say the least.
A move towards a new platform does not happen overnight. It takes time and more importantly, it takes several technology iterations to get there. A migration from the current platform requires migration technologies: pieces and parts of what we will ultimately Continue reading
Currently I’m doing a lot of testing at home on Network Virtualization solutions, like VMware NSX, Juniper Contrail, etc. Therefore I was stressing my current single home server quite a lot. Which is a custom build Xeon E3-1230 quad core with 32GB of RAM and 128GB SSD. I built this server according to the specifications found at: http://packetpushers.net/vmware-vcdx-lab-the-hardware/ . This has been a great investment as I’m running nested virtualization for both KVM and ESXi hypervisors and run the testing in there. Due to the fact that for a decent Network Virtualization (NV) set-up you need quite some memory, especially if you look at the memory utilisation of the NV Controller VMs, I had to expand my lab. I chose to extend it with an additional server so I would be physically redundant as well, making it easier to run upgrades on the physical machines.
My requirements aren’t difficult as I mainly perform feature testing in my lab I don’t need a lot of CPU performance. There are no “Production” VMs running, everything is there to play around, so downtime is not a problem if necessary.
Other requirements:
[This post was written by OVS core contributors Justin Pettit, Ben Pfaff, and Ethan Jackson.]
The overhead associated with vSwitches has been a hotly debated topic in the networking community. In this blog post, we show how recent changes to OVS have elevated its performance to be on par with the native Linux bridge. Furthermore, CPU utilization of OVS in realistic scenarios can be up to 8x below that of the Linux bridge. This is the first of a two-part series. In the next post, we take a peek at the design and performance of the forthcoming port to DPDK, which bypasses the kernel entirely to gain impressive performance.
Open vSwitch is the most popular network back-end for OpenStack deployments and widely accepted as the de facto standard OpenFlow implementation. Open vSwitch development initially had a narrow focus — supporting novel features necessary for advanced applications such as network virtualization. However, as we gained experience with production deployments, it became clear these initial goals were not sufficient. For Open vSwitch to be successful, it not only must be highly programmable and general, it must also be blazingly fast. For the past several years, our development efforts have focused on Continue reading
Recently I’ve been thinking about Root Cause Analysis (RCA), and how it’s not perfect, but there may be hope for the future.
The challenge is that Automated RCA needs an accurate, complete picture of how everything connects together to work well. You need to know all the dependencies between networks, storage, servers, applications, etc. If you have a full dependency mapping, you can start to figure out what the underlying cause of a fault is, or you can start doing ‘What If?’ scenario planning.
But once your network gets past a moderate size, it’s hard to maintain this sort of dependency mapping. Manual methods break down, and we look for automated means instead – but they have gaps and limitations.
Tools such as HP’s CMS suite attempt to discover all objects and dependencies using a combination of network scanning and agents. They’ll use things like ping, SNMP, WMI, nmap to identify systems and running services. Agents can then report more data about installed applications, configurations, etc.
Network sniffing can also be used to identify traffic flows. Most tools will also connect to common orchestration points, such as vCenter, or the AWS console, to Continue reading
We have an Ansible Tower webinar scheduled for next week.
This webinar will provide an example of how Ansible Tower allows you to centralize your Ansible infrastructure from a modern UI, featuring role-based access control, job scheduling, and graphical inventory management. Tower's REST API and CLI make it easy to embed Tower into existing tools and processes.
Tower now includes real-time output of playbook runs, an all-new dashboard and expanded out-of-the-box cloud support.
Sign-up today
Dave Reed just published concerning network neutrality. Everyone interested in the topic should carefully read and understand Does the Internet need “Governance”?
One additional example of “light touch” help for the Internet where government may play a role is transparency: the recent MLAB’s report and the fact that Cogent’s actions caused retail ISP’s to look very badly is a case in point. You can follow up on that topic on the MLabs’s mailing list, if you are so inclined. If a carrier can arbitrarily delay/deprioritize traffic in secret, then the market (as there are usually alternatives in transit providers) cannot function well. And if that provider is an effective monopoly for many paths, that becomes a huge problem.
First off, apologies for the serialization error. We know, the last show was #212 in the title but #211 on the filename, when it should have been #211 through and through. We get it, and we’re very sorry, especially to you OCD folks who are twitching uncontrollably right now. Don’t fire us. Why didn’t we […]
The post Show 211 – Should IT Engineers Get Fired For Production-Impacting Mistakes? appeared first on Packet Pushers Podcast and was written by Ethan Banks.
