Double CCIE Now!
It was way back in 2008 when I passed My Voice LAB In 2011 , I passed my CCIE Security. More on voiceIE.com and SecurityIE.com ! Cheers, Push
Zone-Based Firewall-Part 1 of 2-Basic Configuration
Great 60 minute video on zone-based firewalls by Solarwinds. Instructor Anthony Sequeira walks us through a couple of constructs and demonstrates the configuration.
SDN for Internet Providers Use Case
In the bag of magic tricks that SDN has the potential to add as our networks get decomposed over the next few years is self provisioned provider edge nodes. Forget OpenFlow in this, as that is a wire protocol that is vital, but a small and important component of the bigger picture. OF is extremely […]...
What is a Fabric Extender
In this post I would like to cover the base of what is needed to know about the Cisco Fabric Extender that ships today as the Nexus 2000 series hardware. The Modular Switch The concept is easy to understand referencing existing knowledge. Everybody is familiar with the distributed switch architecture commonly called a modular switch: […]
OpenStack Essex and Quantum Installation using OpenvSwitch from Scratch
Here is a walkthrough for the Quantum Network Manager Plugin for OpenStack. It is still in dev so expect weird things and stability issues. For a guy with a networking bread and butter this is the extremely exciting piece of OpenStack for me. I will do a followup and try and breakdown the OpenvSwitch components […]...
The Next Nightmare is Coming
BitTorrent was NEVER the Performance Nightmare
BitTorrent is a lightning rod on two fronts: it is used to download large files, which 
the MPAA sees as a nightmare to their business model, and BitTorrent has been a performance nightmare to ISP’s and some users. Bram Cohen has taken infinite grief for BitTorrent over the years, when the end user performance problems are not his fault.
Nor is TCP the performance problem, as Bram Cohen recently flamed about TCP on his blog.
I blogged about this before but several key points seem to have been missed by most: BitTorrent was never the root cause of most of the network speed problems BitTorrent triggered when BitTorrent deployed. The broadband edge of the Internet was already broken when BitTorrent deployed, with vastly too much uncontrolled buffering, which we now call bufferbloat. As my demonstration video shows, even a single simple TCP file copy can cause horrifying speed loss in an overbuffered network. Speed != bandwidth, despite what the ISP’s marketing departments tell you.
But almost anything can induce bufferbloat suffering (filling bloated buffers) too: I can just as easily fill the buffers with UDP or other protocols as with TCP. So long as uncontrolled, single queue Continue reading
Troubleshooting Common OpenStack Errors
##############General Tips############## /*Check all services $nova-manage service list (check for XXX or smiley face) Binary Host Zone Status State Updated_At nova-scheduler openstack1 nova enabled :-) 2012-05-12 22:42:14 nova-compute openstack1 nova enabled :-) 2012-05-12 22:42:12 nova-network openstack1 nova enabled :-) 2012-05-12 22:42:14 $ ps -ea | grep nova 11448 ? 00:02:54 nova-cert 12072 ? 00:02:57 nova-network […]...
Cisco UCS B440 Blade Replacement
Cisco announced recently a replacement program for their B440 blades (M1 and M2) http://www.cisco.com/en/US/ts/fn/634/fn63430.html Something I noticed on the front of each blade, where the model is shown, the new generation blades (replacements) have the black background with the silver text, shown as the top blade on the picture below: However, the old blades still have the black text with no background. An interesting way to identify the newer generation of hardware.Cisco UCS B440 Blade Replacement
Cisco announced recently a replacement program for their B440 blades (M1 and M2) http://www.cisco.com/en/US/ts/fn/634/fn63430.html Something I noticed on the front of each blade, where the model is shown, the new generation blades (replacements) have the black background with the silver text, shown as the top blade on the picture below: However, the old blades still have the black text with no background. An interesting way to identify the newer generation of hardware.N5K Stuck in Boot Mode
Another trivial post. The upcoming posts following this one will take a more in-depth look at the Nexus technologies. So you do an non-ISSU NX-OS upgrade on a Nexus 5000 switch and something goes wrong. After reload you get the following prompt: The switch did not successfully boot from the images it was suppose to. […]
OpenBSD 5.1 SNMP MIBs
It's May and that means a new version of OpenBSD is out. My SNMP MIBs have been updated for 5.1 and are available for download on the OpenBSD SNMP MIBs page. THIS WILL BE ONE OF THE LAST RELEASES OF THE MIBS FOR NET-SNMP During the OpenBSD 5.1 development cycle, I committed the CARP MIB to the base OpenBSD snmpd. The kernel sensor MIB has been in the base snmpd for a few releases now.Management VLAN Best Practices in ESXi and Cisco UCS
If you’ve set up an ESXi host, you’ve likely seen this screen: This allows you to configure which VLAN is used for management. But what does this really do? Time after time I run into very smart engineers that primarily work on virtualization and not as much on the physical networking side - and they miss a few of the networking fundamentals that those of us that were brought up in ROUTE/SWITCH know and love.Management VLAN Best Practices in ESXi and Cisco UCS
If you’ve set up an ESXi host, you’ve likely seen this screen: This allows you to configure which VLAN is used for management. But what does this really do? Time after time I run into very smart engineers that primarily work on virtualization and not as much on the physical networking side - and they miss a few of the networking fundamentals that those of us that were brought up in ROUTE/SWITCH know and love.Who? What? When? Wired? Wireless? With Cisco ISE
Cisco's Identity Services Engine (ISE) is a powerful rule-based engine for enabling policy-based network access to users and devices. ISE allows policy enforcement around the Who?, What?, and When? of network access.
- Who is this user? A guest? An internal user? A member of the Finance department?
- What device is the user bringing onto the network? A corporate PC? A Mac? A mobile device?
- When are they connecting? Are they connecting to the secure network during regular business hours or at 02:00 in the morning?
These questions can all be answered easily within ISE and are all standard policy conditions that are relatively easy to implement. In the post below I'm going to focus on the How? — How is the user or device connecting to the network? Asked another way, the question is Wired? or Wireless?
Review: Remote Desktop Connection Manager
It’s been a while since I’ve done a review of anything on the site and since I’d rather continue to make use of the category than delete it, I decided to share a piece of software I recently discovered that’s helping make my life easier. Remote Desktop Connection Manager is essentially just that - it manages remote desktop connections. However, it does it in a way that I find appealing and EASIER to use than the native client or other organizational methods out there.Review: Remote Desktop Connection Manager
It’s been a while since I’ve done a review of anything on the site and since I’d rather continue to make use of the category than delete it, I decided to share a piece of software I recently discovered that’s helping make my life easier. Remote Desktop Connection Manager is essentially just that - it manages remote desktop connections. However, it does it in a way that I find appealing and EASIER to use than the native client or other organizational methods out there.Load-Sharing across ASICs
Port-channels have become an acceptable solution in data centers to both mitigate STP footprints and extend physical interface limits. One of the biggest drawbacks with port-channels is the single point of failure. Scenario 1- Failure of an ASIC on one switch, which could potentially bring the port-channel down, if all member interfaces were connected on […]
My Cisco Live 2012 program
My Cisco Live 2012 program is below. I was able to select most of the sessions although there were some overlap with one session (something ARC overlapping with another ARC). You might note that the closing keynote is by the guys who play Mythbusters on TV - that'll most likely be a fun filled event! I'll blog about my pre-event feelings if I have the time and interest ;-)Cisco Live 2012
Personal Schedule
Printed below is your personal schedule.
| Sunday | |||
|---|---|---|---|
8:00 AM
5:00 PM
| TECCOM-2001 | Cisco Unified Computing System Technical Day | |
| Monday | |||
8:00 AM
9:30 AM
| BRKNMS-2658 | Securely Managing Your Networks with SNMPv3 | |
10:00 AM
12:00 PM
| BRKSEC-3021 | Maximizing Firewall Performance | |
1:00 PM
3:00 PM
| BRKRST-2335 | IS-IS Network Design and Deployment | |
| Tuesday | |||
8:00 AM
9:30 AM
| BRKRST-2310 | Deploying OSPF in a Large-Scale Network | |
10:00 AM
11:30 AM
| GENKEY-4346 | Keynote and Welcome Address | |
12:30 PM
2:30 PM
| BRKARC-3470 | Cisco Nexus 7000 Switch Architecture | |
4:00 PM
6:00 PM
| BRKSEC-4054 | DMVPN Deployment Models | |
| Wednesday | |||
8:00 AM
9:30 AM
| BRKSEC-3013 | Advanced IPSec with FlexVPN and IKEv2 | |
10:00 AM
11:30 AM
| GENKEY-4347 | Cisco Technology Keynote | |
12:30 PM
2:30 PM
| BRKSPG-2402 | Best Practices to Deploy High-Availability in Service Provider Edge and Aggregation Architectures | |