Wipebook – A Portable Whiteboard

It is a stereotype, but engineers really do like whiteboards. Problem is, you can’t carry one around with you. Plus there’s still a few unenlightened employers who don’t provide whiteboards. Enter the Wipebook, a spiral-bound notebook made of whiteboard-like pages:

I normally carry a notebook for scratching out notes while talking to customers, sketching diagrams, working through problems, etc. I don’t archive these notes – most are just short-term things, and I shred them. Important stuff gets turned into OmniFocus tasks/emails/etc.

So the Wipebook looks perfect for me. My wife bought one for me recently, and I’ve started using it at work. So far, it’s working as expected. I can quickly scribble notes, sketch a diagram, make corrections, etc. When I’m done with it, I wipe the page down.

It’s not perfect – the pages don’t always wipe down perfectly, and obviously it gets bumped around in my bag. So it won’t last forever. But it’s a nice touch that I can open & close the bindings, so I can easily get rid of any pages that are too beaten up.

The pens have a small eraser on the end, but it’s only suitable for very minor corrections. I have a Continue reading

The Proof Is in The Facebook Data Center Pudding

In case you missed it, Wired just exposed the elephant in the room with last week’s article on the next generation Facebook data center.

For years, anyone who’s had to build out or run a network has handed over large sums of money to the networking hardware titans, without the freedom to choose what to run on that hardware. But I’m sure if you’re someone who placed one of those orders, the thought crossed your mind if this was always going to be the norm.

Every time before you clicked or signed on that dotted line, you wondered whether it’s worth buying from the incumbents and playing in their locked-in world. Maybe deep down you had some burning desire to break away, but were afraid to stray from the blue chip way of life.

I feel your pain and it’s okay because we all want to maximize the value of our dollar. That’s why we all shop for the best choice and at the best price point; otherwise, we will just wait and buy another day.

I mean, you have the freedom to buy the servers you want, so why not have the freedom to buy the network gear that Continue reading

Just Published: PCI DSS Videos

The edited videos of the fantastic PCI DSS webinar Michele Chubirka presented in early July have finally been published (yes, there’s a huge backlog that’s getting cleaned up). Enjoy!

Net Neutrality: It’s regulation for the public good, not government takeover

IT’s march towards mass customization

[Unbeknownst to me, Matt Oswalt (@mierden on Twitter) posted a thematically similar post a few days before me. While I did not see that post, it seems disingenuous not to reference it, so please read his thoughts here: http://keepingitclassless.net/2014/11/mass-customization/]

IT is constantly evolving, from mainframes to disaggregated components to an integrated set of infrastructure elements working in support of applications. But that description is more about how individual infrastructure is packaged and less about the role that these solutions play. There is a more subtle but perhaps more profound change in IT that is simultaneously taking place: a shift in how IT architectures are actually being designed.

So what is at the heart of this change?

Single purpose infrastructure

IT was born with the mainframe. Mainframes were basically entire IT ecosystems in a box. They included compute, storage, networking and applications. But what is most notable about these solutions is that the entire system was aimed at providing a single outcome. That is to say that the mainframe itself was a composed system that was designed with a single purpose in mind: deliver some application.

In the early days of IT, there was no need for systems to run different Continue reading

Coping with Byzantine Routing Failures

One of my readers sent me an interesting challenge:

We have two MPLS providers sending us default routes and it seems like whenever we have problem with SP1 our failover is not happening properly and actually we have to go in manually and influence our traffic to forward via another path.

Welcome to the wondrous world of byzantine routing failures ;)

CCIE Data Center Lab Preparation :: Notable Documentation CD Locations

It never fails … every class I teach I am asked the question “Where do I find topic X in the documentation?”  Usually at the top of the lists are the topics that generally have longer configurations surrounding them that are sometimes hard to remember. Topics like FHRP isolation when using OTV, iSCSI gateway configuration on the MDS, Fibre channel zoning, and so on.  So I wanted to compile a quick list of the top 3 that I am always being asked about.

The most popular topic is first-hop redundancy protocol isolation when using OTV.  This can be a tricky one, as it contains MAC ACLs referencing the VMAC (virtual MACs) for the protocol you are trying to filter, access-list identifying the FHRPs multicast hello address, route-maps, route-redistribution filters, and VACLs.  I will have to admit, it is one that I definitely had trouble remembering!  The easiest way to find it is by locating the white paper outlining its use! Follow me!

Our famous starting point will always be here, we will call it “root”:

http://www.cisco.com/cisco/web/psa/default.html?mode=prod

From here we want to drill down:

Switches >> Data Center Switches >> Nexus 7000 Series Switches Continue reading

My Federal Communication Conniption

The Political Problem 

The President of the United States called for the FCC to reclassify ISPs under Title II of the Communications Act as “common carriers.” 

Your telephone company is a common carrier. It is illegal for, say, Telephone Company A to degrade service quality for calls to your grandmother, who uses Telephone Company B, or charge you more to connect to Telephone Company B. 

What’s problematic is that FCC chairman, Tom Wheeler, is avoiding Title II regulation. And as Wheeler was a former lobbyist for the telecommunications industry, President Obama knew that Wheeler would probably not be for reclassifying ISPs as common carriers when he appointed him chair of the FCC back in November of 2013. 

In fact, Wheeler is opposing Obama’s proposals. Naturally. Instead of putting the ISPs under Title II of the Communications Act of 1934, he wants to classify them under the Section 706 of the Telecommunications Act of 1996.  However, courts have ruled that the FCC doesn’t have regulatory oversight of Section 706. 

So, the President publically says one should classify ISPs as common carriers, but took the Continue reading

Show 213 – What’s Next for Avaya Enterprise Wireless – Sponsored

Unlike Gen Z’ers, who have never known a world without Wi-Fi (or Minecraft), some of us get to see technology come full circle. Join Alan Hase, VP of Avaya Networking, and the Packet Pushers as they outline (and relish and pontificate) how this phenomenon is playing out in WLAN and Mobility today. Alan highlights how […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 213 – What’s Next for Avaya Enterprise Wireless – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

iRules/Tcl – Watch the Comments

It’s pretty common practice to ‘comment out’ lines in scripts. The code stays in place, but doesn’t get executed. Perfect for testing, when you might need more debug output, or you want to run a slightly different set of actions. But you have to be careful when commenting out lines – it might catch you out, and the F5 iRules editor won’t save you.

Normally it’s pretty simple to comment out a line. Here’s a quick Bash example:

#!/bin/bash

FILECOUNT=`ls /tmp|wc -l`

if [ $FILECOUNT -lt 7 ]
 then
        echo "There are fewer than 7 files in /tmp"
        run_command
fi
...

When I’m testing the script, I might not want to actually run that command. So I’ll quickly comment it out like this:

#!/bin/bash

FILECOUNT=`ls /tmp|wc -l`

if [ $FILECOUNT -lt 7 ]
 then
        echo "There are fewer than 7 files in /tmp"
        #run_command
fi
...

The ‘#’ tells the shell to ignore anything else on that line. All pretty straightforward.

Today I was debugging an F5 synchronisation issue, where I got this message on synchronisation:

BIGpipe parsing error (/config/bigip.conf Line 333):
   012e0054:3: The braced list of attributes is not closed for 'rule'.

The offending section looked like this:

when  Continue reading

Wires Are The Exception

Last week I went to go talk to a group of vocational students about networking.  While I was there, I needed to send a couple of emails.  I prefer to write emails from my laptop, so I pulled it out of my bag between talks and did the first thing that came to mind: I asked for the wireless SSID and password.  Afterwards, I started thinking about how far we’ve come with connectivity.

I can still remember working with a wireless card back in 2001 trying to get the drivers to play nice with Windows 2000.  Now, wireless cards are the rule and wired ports are the exception.  My primary laptop needs a dongle to have a wired port.  My new Mac Mini is happily churning along halfway across the room connected to my network as a server over wireless.  It would appear that the user edge quietly became wireless and no tears were shed for the wire.

It’s also funny that a lot of the big security features like 802.1x and port security became less and less of an issue once open ports started disappearing in common areas.  802.1x for wired connections is barely even talked about Continue reading

Using New Relic Server Monitoring With Cumulus Linux

One of the most visible trends on the Web today is the “SaaS-ification” of the enterprise. Major productivity functions like email and calendaring, customer relationship management (CRM), and IT systems management are gaining greater value by being deployed as cloud-based services. IT and systems monitoring companies like New Relic are thriving in the cloud as well.

Another major trend, one that Cumulus Networks is at the forefront of, is the transformation of the “switch as a server.” If you aren’t familiar, check out Cumulus Networks engineer Leslie Carr’s excellent PuppetConf 2014 presentation. Since Cumulus Linux supports Debian-based packages out of the box, we decided to take New Relic’s Server Monitoring product for a spin. We wanted to see how Cumulus Linux extends Server Monitoring’s functionality to monitoring switches.

Once logged into Cumulus Linux, installing the server agent takes just a few minutes, as expected. Leveraging the documentation and installation guide allowed us to get up and running in minutes.

Since it’s SaaS, there is obviously no server deployment required, so all you have to do is to log in to your New Relic account and start looking at the performance data that is automagically pushed to your dashboard. Here’s Continue reading

Python: Building a Simple NETCONF RPC Tool

Python: Building a simple NETCONF RPC Tool

For a while now I’ve been playing with NETCONF primarily with Cisco Nexus devices. It’s struck me how difficult it is to get good information on doing trivial things like building a simple NETCONF RPC wrapper

How would this be generated for instance? This is wrapper that can be submitted to the ‘xmlagent’ or ‘netconf’ subsystem on a Cisco Nexus device. Note the use of namespaces (nf:rpc, nxos:cmd) where nxos is a namespace? XML is easy for the most part. Namespaces on a personal level meant learning something new and how to deal with that knowledge programmatically.

<?xml version='1.0' encoding='ISO-8859-1'?>
<nf:rpc xmlns:nxos="http://www.cisco.com/nxos:1.0" xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42">
  <nxos:exec-command>
    <nxos:cmd>interface ethernet 2/1; shutdown</nxos:cmd>
  </nxos:exec-command>
</nf:rpc>
]]>]]>

Other than generating it via a text string and formatting placeholders with “%s”, there has to be a better way! Indeed there is!

NETCONF 101

The IPEngineer definition: NETCONF is an IETF standardizsed RFC (6241) defined mechanism to configure network devices over some kind of channel using XML encoded data over a secure layer such as SSH. When the channel is opened, a NETCONF ‘Hello’ exchange takes place between the client and Continue reading

See Schprokits Dance! Demo of Unreleased Code

My second “Secret Sunday” post back in August introduced Schprokits, a company founded by Jeremy Schulman, previously the Director of Network Automation at Juniper.

I was truly flattered when Jeremy invited me to be part of a small team testing early Schprokits code (and trust me, I am way outclassed by the rest of the testers!), and having had a chance to try out what is probably only a small proportion of the code, I thought I would take the opportunity to share some early impressions of the software.

TLDR: I’m having fun!

What Is Schprokits?

The Schprokits website says that it is “Inspired By DevOps. Built For NetOps.” Jeremy is trying to take the principals behind DevOps and apply them to something that’s usable by people who don’t program every day but want to automate their networks nonetheless. And so it does. Schprokits “coding” is based around Workbooks and those workbooks contain a number of Actions. Workbooks are written in YAML which is probably one of the easier formats to learn as it’s very human-readable. In case you haven’t seen YAML before, what do you think is going on in the code below?

  actions:
    - info:  Continue reading

See Schprokits Dance! Demo of Unreleased Code

My second “Secret Sunday” post back in August introduced Schprokits, a company founded by Jeremy Schulman, previously the Director of Network Automation at Juniper. I was truly flattered when Jeremy invited me to be part of a small team testing … Continue reading →

If you liked this post, please do click through to the source at See Schprokits Dance! Demo of Unreleased Code and give me a share/like. Thank you!

Introduction to Using Cisco NX-API

Dealing with vs. Celebrating failure

There’s a meme that has been making the rounds through leadership circles for some time around celebrating failure. If you aren’t failing, you aren’t pushing the boundaries. The original premise of this line of thinking is that failure is not something to be feared. But there is a difference between using failure to learn well-earned lessons and declaring success after blowing up on the launchpad.

The failure cliches

It’s worth starting with some of the most common cliches around failure:

• I have not failed. I’ve just found 10,000 ways that won’t work. — Thomas Edison
• Success is not final, failure is not fatal: it is the courage to continue that counts. — Winston Churchill
• There is only one thing that makes a dream impossible to achieve: the fear of failure. — Paulo Coelho
• Only those who dare to fail greatly can ever achieve greatly. — Robert F Kennedy

Doing a simple web search for failure quotes yields hundreds more. The basic gist of the resulting tome of sayings? Anything worth doing is difficult, and achieving anything great is unlikely to happen on the first try.

The side note no one mentions

It is absolutely true that forging a new path Continue reading

Do We Have Too Many Knobs?

The last day of Interop New York found me sitting in the Speaker Center with a few friends pondering the hype and reality of SDN and brokenness of traditional network products. One of the remarks during that conversation was very familiar: “we have too many knobs to configure”, and I replied “and how many knobs do you think there are in Windows registry?" (or Linux kernel and configuration files).

SDN Deployments/Worries Rise Among Service Providers

SDN Deployments/Worries Rise Among Service Providers

For the second consecutive year, Packet Design surveyed attendees of the SDN/MPLS International Conference in Washington, D.C. about SDN adoption, business drivers, and concerns. The answers – mostly from service providers – were very interesting compared to the 2013 survey. Overall, use of SDN in production networks is up, but so are concerns about everything from industry standards to management skills to tools. Here’s a rundown of the results (also summarized in our announcement). 

Production SDNs Increase 

More than half of this year’s survey respondents (53 percent) said they have some production SDN deployed, compared to only 19 percent of survey respondents in 2013. Of those, about 42 percent have up to 25 percent of their networks SDN-enabled. Only 11 percent indicated having between 26 and 75 percent of their networks as production SDN. 

Business Agility, New Services Up as Top Business Drivers 

The number of survey respondents who consider “agility to respond faster to business demands” as their number one driver jumped by 150 percent (65 percent in 2014 vs. only 26 percent in 2013). Nearly Continue reading

MAC Address Aggregation and Translation as an Alternative to L2 Overlays

Not so long ago, if you wanted to build a data center network, it was perfectly feasible to place your layer three edge on the top-of-rack switches and address each rack as its own subnet. You could leverage ECMP for simple load-sharing across uplinks to the aggregation layer. This made for an extremely efficient, easily managed data center network.

Then, server virtualization took off. Which was great, except now we had this requirement that a virtual machine might need to move from one rack to another. With our L3 edge resting at the top of the rack, this meant we'd need to re-address each VM as it was moved (which is apparently a big problem on the application side). So, now we have two options: We can either retract the L3 edge up a layer and have a giant L2 network spanning dozens of racks, or we could build a layer two overlay on top of our existing layer three infrastructure.

Most people opt for some form of the L2 overlay approach, because no one wants to maintain a flat L2 network with dozens or hundreds of thousands of end hosts, right? But why is that?

Continue reading · 1 Continue reading