The Power of Correlated Visualization

I am sure our work environment is not all that different from many others. There are large whiteboards everywhere and you cannot find a meeting room that does not have circles, lines and squares drawn on them. Some of our favorite bloggers have written blogs about network drawing tools and aids. Probably not restricted to just networking folks, but we certainly love to visualize the things we do. Out of all the customers I have visited, the amount of them where one of us did not end up on a whiteboard can probably be counted on one hand.

It is not surprising that we are drawn to diagrams of the networks we have created. We build our network one device at a time, then use network links to connect the next and on we go until our network is complete. Which of course it never is. To track how we have connected all our devices we need diagrams. They tell us what devices we have, how they are attached to each other, how they are addressed and what protocols we have used to govern their connectivity. They are multi layered and the layers are semi independent.

I have previously said Continue reading

Overlay-to-Underlay Network Interactions: Document Your Hidden Assumptions

If you listen to the marketing departments of overlay virtual networking vendors, it looks like the world is a simple place: you deploy their solution on top of any IP fabric, and it all works.

You’ll hear a totally different story from the physical hardware vendors: they’ll happily serve you a healthy portion of FUD, hoping you swallow it whole, and describe in gory details all the mishaps you might encounter on your virtualization quest.

The funny thing is they’re all right (not to mention the really fun part when FUDders change sides ;).

Read more ...

Case Study: Tradesy and Ansible

tradesy-logo

We've just completed another new Ansible case study; Tradesy. Tradesy is an online consignment store where people can offer their fashion and accessories for resale. 

Tradesy had been doing everything by hand until making a move to use Ansible Tower in an effort to automate as many things as they could.

Continue reading

Junosphere Bugbears

I’ve always thought Junosphere was great, and it certainly makes setting up test scenarios really really easy.  However there are a few things that really niggle when using it.  They don’t seem to be getting much better, which makes me wonder if there’s much development work going on with the platform.  Messages to the “junosphere-contactme” email address given get no reply.

Anyway, here’s the list of niggles:

1. Sometimes MXes start up with their management IP address in the wrong place – see this post.

2. If you have a saved set of configs for Junosphere which you import from your hard disk, it doesn’t create a network diagram.

3. Topmost annoyance: every time you start up your topology the routers get different IP addresses.  Argh.

4. To edit a predefined config for a device, you have to stop the whole topology.   This makes setting up topologies for training courses quite a laborious process because the routers take such a long time to start up and shut down while you try to get the base config right.

5. It would be really nice to have the IP addresses and console addresses as hyperlinks you could Continue reading

MXes in Junosphere

MXes in Junosphere are unsupported, but I tend to use them because I want something a bit closer to the real thing somehow.  The VJX is ok, but I like the way the MX doesn’t come with any security-related stuff, and the interfaces start at ge-0/0/0 rather than ge-0/0/1!

The only downside with the virtual MX is that it is a non-supported image, unlike the VJX.

Sometimes when usign an VMX, you find that the topology starts up but you can’t SSH to one or two of the nodes.   So you console onto it and discover that (for some reason) the management IP address has been put onto em0 rather than being where it should be in the member0 group applied to fxp0:

root@S1> show configuration groups member0
system {
    host-name S1;
    backup-router 10.233.255.254;
}
interfaces {
    fxp0 {
        unit 0 {
            family inet;    <=== IP address missing!
        }
    }
}

root@S1> show configuration interfaces em0
unit 0 {
    family inet {
        address 10.233.248.46/20;  <== Here it is.
    }
}

The solution to this is to console onto the device and move Continue reading

Simple bridging on MX

I’m doing some studying using Junosphere at the moment, but unfortunately Junosphere can’t emulate a LAN at the moment.  Basically the same problem that GNS3 has and (as far as I know) Cisco’s VIRL/CML has as well.  So you’ve got to bodge it with Integrated Routing and Bridging (IRB).   What I needed topology-wise was this:

LAN segment between S1, R1 and R2

LAN segment between S1, R1 and R2

I find Junos a bit counter-intuitive when creating bridge domains.  Here I need something quite simple – two ports in a bridge group (no VLANs or anything), but I need to give a VLAN tag value to identify the bridge domain.

Anyway, the process for doing this is as follows:

1. Give the physical interfaces the right encapsulation type – ethernet-bridge

2. Create a bridge domain which has a VLAN-ID and references these two interfaces

3. Create an IRB interface (irb.10) with family inet and an IP address on it

4. In the bridge domain, use “routing-interface irb.10″ to tie the bridge domain and the IP interfaces together.

The result is this:

IRB solution for LAN

IRB solution for LAN

The configuration I used was this:

root@S1# show interfaces
ge-0/0/0 {
    description "to R1 0/0/1";
 Continue reading

Blessay: Over-Capitalized and Under-Invested in Human Infrastructure


LEDE: One of the hardest parts of DevOps movement is explaining the unique value to IT Leadership in conventional organisations that rely on ITIL principles. I'm having success by framing the debate in terms of over-capitalised on assets and under-invested in human infrastructure.

The post Blessay: Over-Capitalized and Under-Invested in Human Infrastructure appeared first on EtherealMind.

Bad Ideas and Abominations

This post SHOULD have been published on April 1st, but I need to define the terminology for another upcoming post, so here it is ;)

RFC 2119 defines polite words to use when something really shouldn’t be done. Some network designs I see deserve more colorful terminology.

2014-11-02: Updated with reference to RFC 6919 (/HT to @LapTop006)

Read more ...

Small Business Gets Big Wi-Fi, Finally!

In a wireless world that’s so dependent on reliable connectivity, there’s something small business owners will tell you: Wi-Fi for small businesses really stinks. The small business sector is one of today’s most underserved and overlooked markets, and the opportunity...

No evidence feds hacked Attkisson

Former CBS journalist Sharyl Attkisson is coming out with a book claiming the government hacked her computer in order to suppress reporting on Benghazi. None of her "evidence" is credible. Instead, it's bizarre technobabble. Maybe her book is better, but those with advance copies quoting excerpts  make it sound like the worst "ninjas are after me" conspiracy theory.

Your electronics are not possessed by demons

Technology doesn't work by magic. Each symptom has a specific cause.

Attkisson says "My television is misbehaving. It spontaneously jitters, mutes, and freeze-frames". This is not a symptom of hackers. Instead, it's a common consumer complaint caused by the fact that cables leading to homes (and inside the home) are often bad. My TV behaves like this on certain channels.

She says "I call home from my mobile phone and it rings on my end, but not at the house", implying that her phone call is being redirected elsewhere. This is a common problem with VoIP technologies. Old analog phones echoed back the ring signal, so the other side had to actually ring for you to hear it. New VoIP technologies can't do that. The ringing is therefore simulated and has nothing to do with whether it's ringing Continue reading

The deal with the FTDI driver scandal

The FTDI driver scandal is in the news, so I thought I'd write up some background, and show what a big deal this is.

Devices are connected to your computer using a serial port. Such devices include keyboards, mice, flash drives, printers, your iPhone, and so on. The original serial port standard called RS232 was created in 1962. It got faster over the years (75-bps to 115-kbps), but ultimately, the technology became obsolete.

In 1998, the RS232 standards was replaced by the new USB standard. Not only is USB faster (a million times so), it's more complex and smarter. The initials stand for "Universal Serial Bus", and it truly is universal. Not only does your laptop have USB ports on the outside for connecting to things like flash drives, it interconnects much of the things on the inside of your computer, such as your keyboard, Bluetooth, SD card reader, and camera.

What FTDI sells is a chip that converts between the old RS232 and the new USB. It allows old devices to be connected to modern computers. Even new devices come with RS232 instead of USB simply because it's simple and reliable.

The FTDI chip is a simple Continue reading

GNS3 1.1


I was never a big fan of GUI tools, so I used dynagen and dynamips for my network designs. But since 15.2 was the last version released for 7200, dynamips is no longer useful (especially for IKEv2 and OSPFv3 stuff)

I was hoping that Cisco would release VIRL, and they promised to do so for the past year and a half, but it looks like it will never come. Shelling out 10K$ for CML (the payed version of VIRL) is a bit too much for most of us. But there is a good alternative:

Not long time ago GNS3 version 1.0 was released and soon after version 1.1. was released too. And after long time of being a backer for their funding campaign I have decided to try GNS3 with IOU.

After installing GNS3 on both linux and windows (vmware required), I found that GNS3 is really easy to use, and that IOU is AMAZING. IOU is sooooo fast, and everything just works(tm). I wish I had it years ago!

Goodbye dynamips and dynagen, and thank you so much.

Hello IOU and GNS3. I know it will be a start of a wonderful friendship :)


JNCIE study lab setup.

Boom – you’ve got to love Junosphere.  I just created the Proteus JNCIE study lab in 35 minutes flat.   I made the topology of 13 routers, gave everything a hostname, loopback and interface descriptions and then just fired it up.   When I did my CCIE I was there for >weeks< trying to get the right kit plugged together!

Have a look below:

proteus


Free Seminar – Advancing Security with the Software-Defined Data Center

We’re excited to take to the road for another edition of our VMware Software-Defined Data Center Seminar Series. Only this time, we’ll be joined by some great company.

VMware & Palo Alto Networks invite you along for a complementary, half-day educational event for IT professionals interested in learning about how Palo Alto Networks and VMware are transforming data center security.

Thousands of IT professionals attended our first SDDC seminar series earlier this year in more than 20 cities around the globe. Visit #VirtualizeYourNetwork.com to browse the presentations, videos, and other content we gathered.

This free seminar will highlight:

  • The Software-Defined Data Center approach
  • Lessons learned from real production customers
  • Using VMware NSX to deliver never before possible data center security and micro-segmentation

Who should attend?

People who will benefit from attending this session include:

  • IT, Infrastructure and Data Center Managers
  • Network professionals, including CCIEs
  • Security & Compliance professionals
  • IT Architects
  • Networking Managers and Administrators
  • Security Managers and Administrators

Agenda

  • 8:30 a.m. Registration & Breakfast
  • 9:00 a.m. VMware: Better Security with Micro-segmentation
  • 10:00 a.m. Palo Alto Networks: Next Generation Security Services for the SDDC
  • 11:00 a.m. NSX & Palo Alto Networks Integrated Solution Demo
  • 11:45 a. Continue reading

New CCIE Service Provider Version 4.0 Blueprint Announced

Cisco has announced their plans to transition the CCIE Service Provider certification blueprint from Version 3.0 to Version 4.0 starting May 22nd, 2015.  The official announcement for the Written and Lab Exam Content Updates can be found here.

There are four key points to this announcement, which are:

  • Lab Exam format changes
  • Hardware & software version changes
  • New technical topics added
  • Old technical topics removed

CCIE SPv4 Lab Exam Format Changes

The Lab Exam format of SPv4 has been updated to follow the same format as the new CCIE Routing & Switching Version 5.0.  This means the exam now consists of three sections: Troubleshooting, Diagnostic, and Configuration.

CCIE SPv4 Hardware & Software Version Changes

Following along with the current CCIE RSv5, CCIE SPv4 now uses all virtual hardware as well.  Specifically the new hardware and software variants are as follows:

  • ASR 9000 running Cisco IOS XR 5.2
  • ASR 1000 running Cisco IOS XE 3.13S.15.4(3)S
  • Cisco 7600 running Cisco IOS 15.5(3)S
  • Cisco ME 3600 running Cisco IOS 15.5(3)S

Both the IOS XR and IOS XE variants are already available as virtual machines that you can download from cisco.com Continue reading

1 3,689 3,690 3,691 3,692 3,693 3,845