Cisco ACI – Nexus 9000 Initial Configuration

I was fortunate enough to be given access to a pair of Nexus 9Ks in our lab, and I want to give a brief overview of the initial configuration process, and a brief introduction to some of the features initially presented to us on the switch platform. Here are a few summarized thoughts: Calling it a switch is actually kind of funny to me. All ports are routed and shutdown by default, and though you can obviously “no shut” them, and you can convert to a switchport, the switch is clearly built for all-L3 operations.

Programmatically Configuring Interface Descriptions from Phone Descriptions

I wrote some Python code that allows you to do the following:
  1. Query a Catalyst switch CDP neighbor table from its HTTPS interface,
  2. Extract the device names of the attached IP phones,
  3. Query Communications Manager for the IP phone device description, 
  4. Apply the device description as the switch interface description.
Obviously, this makes it much easier to see whose phone is attached to a switch port.

I hope that this example saves someone the head-banging that I incurred while trying to figure out the AXL XML/SOAP API for Communications Manager.

I haven't tested this extensively; all my testing has been on Catalyst 3560 and 3750 switches and CUCM version 8.6. Using the --auto switch to automatically configure the switch is quite slow; this is a limitation of the HTTPS interface rather than the script code. It may be faster to leave that option off and manually copy/paste the printed configuration if you're in a hurry.

Note that your switch must be configured to allow configuration via the HTTPS interface; you may need to modify your TACACS/etc. configurations accordingly.

All the relevant info is in the Github repo.

Programmatically Configuring Interface Descriptions from Phone Descriptions

I wrote some Python code that allows you to do the following:
  1. Query a Catalyst switch CDP neighbor table from its HTTPS interface,
  2. Extract the device names of the attached IP phones,
  3. Query Communications Manager for the IP phone device description, 
  4. Apply the device description as the switch interface description.
Obviously, this makes it much easier to see whose phone is attached to a switch port.

I hope that this example saves someone the head-banging that I incurred while trying to figure out the AXL XML/SOAP API for Communications Manager.

I haven't tested this extensively; all my testing has been on Catalyst 3560 and 3750 switches and CUCM version 8.6. Using the --auto switch to automatically configure the switch is quite slow; this is a limitation of the HTTPS interface rather than the script code. It may be faster to leave that option off and manually copy/paste the printed configuration if you're in a hurry.

Note that your switch must be configured to allow configuration via the HTTPS interface; you may need to modify your TACACS/etc. configurations accordingly.

All the relevant info is in the Github repo.

ESXi Server Build

With the release of the IOS XRv router, along with CSR (Cloud Services Router), its time that I go ahead and build myself a virtualization solution.

To that effect, I have just ordered the components for a home build server, which was the cheapest, not to mention most silent option available.

The components are:
Intel Xeon 3.2 Ghz processor (E3-1230).
32 Gig of memory.
Intel Micro ATX server motherboard (S1200V3RPL).
A 120 Gig Kingston SSD.
A supposedly silent PSU.
And to house it all, a Lian-Li Micro-ATX cabinet (PC-V300B).

Hopefully, everything will be here next week. Looking forward to it :)

Kicking tires on Cumulus Linux

So, I ended my last blog post with a wish – “hopefully someday I can get a real switch running Cumulus to play with ;-)”  Well, as it turns out, that post was somewhat popular, and caught the attention of some folks at Cumulus Networks (who kindly RT’d my tweet publicizing the post – thanks!) […]

Author information

Will Dennis

Will Dennis

Will Dennis has been a systems and network administrator since 1989, and is currently the Network Administrator for NEC Laboratories America, located in Princeton NJ. He enjoys the constant learning it takes to keep up with the field of network and systems administration, and is currently pursuing the Cisco CCNP-R/S certification. He can be found on the Twitters as @willarddennis, and on Google Plus.

The post Kicking tires on Cumulus Linux appeared first on Packet Pushers Podcast and was written by Will Dennis.

Show 179 – Avaya Efficient Data Center Design at Fujitsu & the Sochi 2014 Winter Games

In this episode, Avaya comes on board to talk about new and efficient ways to design data centers. They bring a couple of customers along to discuss their implementations: Fujitsu Technology Solutions and the Sochi 2014 Olympic Winter Games. Speaking with host Greg Ferro are Paul Unbehagen, Chief Architect for Avaya Networking; Albert Knoll, Network […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 179 – Avaya Efficient Data Center Design at Fujitsu & the Sochi 2014 Winter Games appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Common Programmable Abstraction Layer

In late January, there were some big names on stage at the latest Open Compute Summit.  I’d like to focus on one keynote panel that was called, “Opening Up Network Hardware.”  The panelists for this session included Martin Casado (VMware), Matthew Liste (Goldman Sachs), Dave Maltz (Microsoft), and JR Rivers (Cumulus) and was led by Najam Ahmad (Facebook).  If you haven’t watched the session already, it’s definitely worth it.  You can check it out here.
It’s always interesting when there are consumers of the technology on stage with those that sell and build their own technology.  Even in a session like this, it’s hard to put Facebook and Microsoft in the consumer/user group because they are increasingly rolling their own.  But Goldman Sachs (GS) on the other hand is unique --- and more relevant to the Enterprise.  They are a user of Enterprise technology, but what makes them unique, in my opinion, is that they seem to be crossing the chasm or straddling Enterprise technology and rolling their own (DIY) with technology from OCP and what they announced at last year’s ONS, which was soon after they joined the ONF.  And there is probably Continue reading

Coffee Break – Show 2

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have a coffee break.

Coffee Break – Show 2

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have a coffee break.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 2 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

One-liner iptables rule to Filter NTP Reflection on Linux Hypervisor

Anybody annoyed enough with massive NTP monlist floods over the weekend? If you did like I did, I believe what immediately came to your mind was, “this shouldn’t have happened if they just had put a ‘default ignore’ line in their ntp.conf file!” But unfortunately there are some people who’re not like you, including casual […]

Author information

Tamihiro Yuzawa

Tamihiro Yuzawa

Tamihiro Yuzawa is a network engineer at Sakura Internet, one of Japan's major data center service providers. Before he joined Sakura in 2007, he spent five years at a busy CRM service provider. Both companies have allowed him to stay mostly within the intersection of these circles, and he is pretty much determined to remain in a serious relationship with both Dev and Ops.

The post One-liner iptables rule to Filter NTP Reflection on Linux Hypervisor appeared first on Packet Pushers Podcast and was written by Tamihiro Yuzawa.

Python bindings for the HP VAN SDN Controller

For the last 9 months, I've been silently working on a little pet project. It's finally ready to be released in to the wild and to be used by one and all for creating Python-based SDN Applications for the HP VAN SDN Controller.

Introducing the hp-sdn-client

When I started working with the HP VAN SDN Controller (while it still had a cool code name) it became immediately apparent to me that extending the controller with Java applications is not for everyone. There's lots of heavy lifting to be done with things like Maven, OSGi and Remote Debugging. Not only that, but I am not a "Java guy" (or was not until recently to be more exact) and being able to rapidly prototype applications in Python appealed to me.

The HP VAN SDN Controller's REST API exposes a large amount of the functionality available to the Java API with the exception of handling OpenFlow Packet-In, Packet-Out events. For a large number of applications this is absolutely fine, and this is where I hope this library will be useful.

The library is licensed under the Apache 2.0 license so it's free for all to use. The source is hosted on GitHub Continue reading

Migrating from WordPress to Pelican on PaaS – Part 2

Part 2 of a this 3 part series examines how I created my Pelican blog and migrated my Wordpress content with me.

Part 2: The Wordpress to Pelican Migration

The Plan

If you haven't read Part 1 already, it will give you some background as to what I'm doing and why I'm doing it.

Starting the Pelican Project

Assuming you already have a working Python, starting a new blog is as easy as installing a few dependencies and using the pelican-quickstart

pip install pelican Markdown
mkdir blog
cd blog
pelican-quickstart
Welcome to pelican-quickstart v3.3.0.

This script will help you create a new Pelican-based website.

Please answer the following questions so this script can generate the files
needed by Pelican.


> Where do you want to create your new web site? [.]
> What will be the title of this web site? Dave's Blog
> Who will be the author of this web site? Dave Tucker
> What will be the default language of this web site? [en]
> Do you want to specify a URL prefix? e.g., http://example.com   (Y/n) Y
> What is your URL prefix? (see  Continue reading

The Target data breach

According to news reports, credit card information from Target’s point of sales systems was stolen after hackers gained access to the systems of an HVAC contractor that had remote access to Target’s network.

Network virtualization is an important tool that can be used to prevent (or at the very least place barriers) to similar attacks in the future. Increasingly retail stores deploy multiple applications that must be accessible remotely. HVAC systems are an example, but retail locations also often support signage applications (advertisement panels), wifi guest networks, etc.

Most of these applications will contain a mix of physical systems on the branch, applications running in the data-center, as well a remote access to contractors.

From a network segmentation perspective, it is important to be able to create virtual networks that can span the WAN and the data-center. The obvious technology choice for network virtualization in the branch is to be use MPLS L3VPN. It is a technology that is supported in CE devices and that can be deployed over a enterprise or carrier managed private network.

The branch office CE will need to be configured with multiple VLANs, per virtual-network, where physical systems reside. In order to have a Continue reading