Show 172 – Palo Alto Networks Next-Generation Security In The Data Center – Sponsored

It’s an exciting time to be a networking geek, with the introduction of new technologies like network virtualization and established vendors like Cisco jumping into the SDN market. But, what about network security? What happens when you move from traditional data center architectures to virtualization, cloud and SDN environments? Palo Alto Networks builds a next-generation […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 172 – Palo Alto Networks Next-Generation Security In The Data Center – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

F5 drops LAB VE price to $95

During a recent F5 purchase I wanted to get some more F5 lab virtual edition appliances. At my company we have had two and it has been invaluable for testing new configs and training junior engineers in a safe environment that could be trashed and restored at will. At the time we ordered the lab […]

Author information

Eric Flores

Eric is a senior network engineer for a major real estate company. He has seven years in the field and has a passion for anything related to technology. Find him on Twitter @nerdoftech.

TwitterLinkedIn

The post F5 drops LAB VE price to $95 appeared first on Packet Pushers Podcast and was written by Eric Flores.

Default CoS Value in Netapp Cluster Mode

Default CoS Value in Netapp Cluster Mode

Superman, Immortal, Janitor

MITM and Routing Security

The Impact of Software Defined X on a Networking organization

Introduction We’re in one of the most exciting times in data networking.  While I’m sure we’re all sick of vendors co-opting technologies in their infancy, there is a lot of good work going on to change the fundamentals of moving data (I shudder to call this a paradigm shift; I’ll save that term for life […]

Author information

Andrew Gallo

Senior Information Systems Engineer

Andrew Gallo is a Washington, DC based Senior Information Systems Engineer
and Network Architect, responsible for design and implementation of the
enterprise network for a large university.

Areas of specialization include the University's wide area connections,
including a 150 kilometer DWDM ring, designing a multicampus routing
policy, and business continuity planning for two online datacenters.

Andrew started during the internet upswing of the mid to late 90s
installing and terminating fiber. As his career progressed, he has had
experience with technologies from FDDI to ATM, and all speeds of Ethernet,
including a recent deployment of several metro area 100Gbps circuits.

Focusing not only on data networks, Andrew has experience in traditional
TDM voice, VoIP, and real-time, unified collaboration technologies.

Areas of interest include optical transport, network virtualization and
software defined networking, and network science and graph Continue reading

On Link in IPv6

As an avid reader of RFCs and RFC drafts, I’m always running across little bits of knowledge I either already knew and forgot (I forget a lot of things), or things I didn’t know and wouldn’t have expected. RFC5942, published way back in 2010 (a long time in network engineering terms), discusses a topic I […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

How Does QoS Work?

This sponsored blog post was written by Clark Zoeller, CCIE #13760, Sales Engineer with ActionPacked Networks. Quality of Service (QoS) is a suite of technologies used to manage bandwidth usage as data crosses computer networks. Its most common use is for protection of real-time and high priority data applications. QoS technologies, or tools, each have […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post How Does QoS Work? appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

Configuring SNMPv3 On NX-OS

We’re currently trying to allow a client to perform an operation using SNMP set commands on a Cisco NX-OS switch (namely a 5548).

It’s possible using SNMPv2c and community strings, but this does not generate a log message, making it completely unaccountable. SNMPv3 seems to have the answer. According to the documentation, it provides:

• Integrity
• Encryption
• Authentication

I’ve tested using a set operation to change a MIB using the following command:

snmpset -v 3 -u test -l authpriv -a MD5 -A Testpass01 -x DES -X Testpass01 hostname system.sysLocation.0 s TESTLOCATION

Which works fine.

However, the problem arises when trying to back off the authentication of the SNMP operation to TACACS/RADIUS. My interpretation of the documentation suggests this is possible. My Cisco SE has not denied it either. However, I reckon some changes need to be made to the authentication server. According to what I’ve read:

You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Nexus 5000 Series switch using this format:

shell:roles="roleA roleB ..."

If you do not specify the role option in the cisco-av-pair attribute, the default user role is network-operator.

You can also specify your SNMPv3 authentication and privacy Continue reading

IPv6 at the OECD – A Public Policy Perspective on IPv6

Converging Skillsets With Technology

Converging Skillsets With Technology

Hardware – Clock and Data Recovery

Clock and data recovery is an essential physical-layer function of modern switch and router hardware. Digging deep into the electronics of a router may not be your thing, but clock recovery is a fundamental building block for other network hardware … Continue reading →

The post Hardware – Clock and Data Recovery appeared first on The Network Sherpa.

IOS and NX-OS Platform Identifiers

I was preparing a presentation the other day about the high level differences between IOS, IOS-XE and NX-OS and one of the things I included in the presentation was the various platform and branch identifiers that’s used in each OS. It’s just a bit of trivia that I thought would be interesting and might come in handy one day. I’m posting the information I collected below so everyone can reference it.

IOS

For IOS, you can see the platform identifier in the filename and the “show version” output. If we take an example version string, 15.1(2)SG2, and break it down, here’s what each digit in the string signifies:

The branch/platform identifier can also be seen in the IOS filename:

cat4500e-entservicesk9-mz.151-2.SG2.bin

Here’s a summary of the branch identifiers in IOS 15:

• M/T – 800 Series ISR, ISRg2 (1900, 2900, 3900), Connected Grid Router 2000
• S – 7600 Series Router, ME 3600X, ME 3800X
• GC – 5900 Series Embedded Router
• SE – Catalyst 2960, 3560, 3750, IE 3000 Switches
• SG – Catalyst 4500E (Sup 6E and earlier)
• Continue reading

Show 171 – Cisco FabricPath Deep Dive Part 2

Cisco FabricPath is a TRILL-based layer 2 forwarding technology that can take the place of spanning-tree. Allowing a fully-meshed layer 2 network to forward traffic across all links, FabricPath helps customers to make the most of their expensive 10GbE and 40GbE interconnects. In this show, Jamie Caesar, Colby Glass, and Ed Diaz discuss real-world FabricPath […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 171 – Cisco FabricPath Deep Dive Part 2 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

IOS and NX-OS Platform Identifiers

I was preparing a presentation the other day about the high level differences between IOS, IOS-XE and NX-OS and one of the things I included in the presentation was the various platform and branch identifiers that's used in each OS. It's just a bit of trivia that I thought would be interesting and might come in handy one day. I'm posting the information I collected below so everyone can reference it.

Installing Pyenv on Mac OSX

When I’m writing code, I’m usually in OSX. When I want to try things out, or check for compatibility between certain versions of Python, it’s handy to have them all accessible… enter Pyenv. Pyenv is based on Rbenv, which for you non-Rubyists is a tools that allows you to set up Ruby environments that are scoped either globally, per-shell or per-folder!

Installing Pyenv on Mac OSX

When I’m writing code, I’m usually in OSX. When I want to try things out, or check for compatibility between certain versions of Python, it’s handy to have them all accessible… enter Pyenv. Pyenv is based on Rbenv, which for you non-Rubyists is a tools that allows you to set up Ruby environments that are scoped either globally, per-shell or per-folder!

If you aren’t using Homebrew already, which I highly recommend you should, then install it.

ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go/install)"

Before you start brewing you should run “brew doctor”. This will check that everything is ok with your installation.

brew doctor

Hopefully you will get a message “Your system is ready to brew”, otherwise doctor brew will oftentimes tell you what to do.

brew install python
brew install pyenv

The above commands will, install homebrew’s Python 2.7 (to replace the system pyhton) and install pyenv. Replacing the system Pyhton fixes issues with needing “sudo” for easy_install and others documented here

Now Pyenv is installed, you should edit your “~/.bash_profile” and add the following:

export PYENV_ROOT=/usr/local/opt/pyenv  
eval "$(pyenv init -)"

This changes the Pyenv root path and makes sure pyenv is initialized.

$SHELL -l

Continue reading

Bypassing the memory check on a VMware ESXi 5

When my new HP ML10 arrived I was ready to install ESXi… until I realised that my 32GB of RAM wouldn’t be on its way for a week! To get around the memory check in ESXi 5.5, I found the awesome instructions here and with a few tweaks was able to get this working. Here are the 20 steps that I followed…