WCCPv2 and Squid-cache v3.1, a nice couple.

WCCP protocol can be much more interesting than the two commands needed for the CCIE exam. In this lab we will deploy a basic end-to-end solution using IOS 15.2S and the well known open-source solution Squid v3.1 as the content engine. WCCP version2 is deployed in the lab. 1-Topology WCCP enables the router to transparently intercept client […]

ESXi vSwitch Load Balancing Woes

There are a million articles out there on ESXi vSwitch Load Balancing, many of which correctly point out that the option for routing traffic based on IP Hash is probably the best option, if your upstream switch is running 802.3ad link aggregation to the ESXi hosts. It offers minimal complexity, while also providing the best load-balancing capabilities for network devices utilizing a vSwitch (Virtual Machine OR vmkernel). So…this article will be catered towards a very specific problem.

ESXi vSwitch Load Balancing Woes

There are a million articles out there on ESXi vSwitch Load Balancing, many of which correctly point out that the option for routing traffic based on IP Hash is probably the best option, if your upstream switch is running 802.3ad link aggregation to the ESXi hosts. It offers minimal complexity, while also providing the best load-balancing capabilities for network devices utilizing a vSwitch (Virtual Machine OR vmkernel). So…this article will be catered towards a very specific problem.

Programming 101 for Network Engineers – Basic Language Elements & Concepts 1

Welcome to the third part of the Programming 101 for Network Engineers series. This is likely to be the most ‘straight up’ piece so far; all fact and almost no fun (but learning is right?). Sorry, but for now the comment and opinion need to be put aside as we get into some nitty-gritty. The following […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post Programming 101 for Network Engineers – Basic Language Elements & Concepts 1 appeared first on Packet Pushers Podcast and was written Continue reading

Two Hours, Two Days…

It’s either two hours, two days, two weeks… or too long. Two things these last two weeks have brought this old saying to mind in full force. First, there is this interesting article about the woes of the Medicaid Management System in Tennessee. Here we have a program that has overrun it’s budget for multiple […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.
TwitterGoogle+LinkedIn

The post Two Hours, Two Days… appeared first on Packet Pushers Podcast and was written by Russ White.

SDN: A Tale of Two Frogs

I have recently come across an article that references comments from a Cisco survey as claiming you are more apt to see Big Foot than software-defined networking (SDN) deployments. Cisco’s statement is not surprising and the results of the survey are probably skewed by Cisco’s ability to deliver solutions that enable more agile and programmable networks, such as those that can be built with available SDN products.

Cisco has done a lot for the networking industry, but these most recent comments it has made related to SDN should be a concern for enterprise and service provider customers looking to the incumbent for innovation. Equating SDN with a Big Foot sighting, or creating a consortium to deliver SDN solutions that won’t be available for years (if ever), won’t solve the real problems customers face today – the lack of network agility, lengthy provisioning times, the need for over-provisioning to meet variable demand, etc.

With all due respect, I understand the plight of the incumbent. I've been on the other side of the fence myself. Answering and educating shareholders on new revenue models, never mind training and compensating sales people to drive consumption-based versus one-time, monolithic, “big box” selling methods is a Continue reading

Passed CCIE Data Center!

After a number of months studying and final 2 weeks full 100% dedicated preparation I passed the CCIE Data Center Lab exam last week on April 25th in Brussels at first attempt!!!

This is my fourth CCIE title and I can honestly say that this is the title means a lot to me! Currently there are so few individuals who passed the CCIE Data Center lab and many have failed it already.

Verification

Preparation

What did I use for preparation?

IPexpert CCIE Data Center Workbook

Of course I used the CCIE Data Center Workbook from IPexpert for my preparation, because I wrote the book. After writing the labs for the past couple months I really had to re-do them all to get a feeling about the entire picture again. This has been an invaluable resource with labs that are a lot harder than the actual lab tasks!

Real life experience

In my work for a Cisco Gold Partner (Telindus) I did a lot of projects with Nexus 7000, Nexus 5000, Nexus 2000, MDS switches and a ton of UCS systems. This is where I found that I learned most of the knowledge that was required for the test.

Focus Focus Focus!

Continue reading

The Important Question for a Technology Fresher

After spending a considerable amount of time on forums like the Cisco Learning Network, it is apparent that there are many challenges for those entering the field of technology. Freshers, as they are known in the industry, have many challenges. Some of these challenges stem from the gap between the education process and the real […]

Author information

Paul Stewart

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With nearly 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems. Paul also writes technical content at PacketU.

The post The Important Question for a Technology Fresher appeared first on Packet Pushers Podcast and was written by Paul Stewart.

Cisco IOS Alias

Don't you just love the option of configuring aliases on IOS? Call it being lazy or saving time, but I can't begin a network implementation without some awesome aliases!

Switch#p alias
alias exec s show run
alias exec w write memory
alias exec si show ip int brief
alias exec sr show run interface gigabit
alias exec c config term
alias exec st show int status
alias exec p show run | include
alias exec b show run | begin
alias exec ae alias exec 

Get creative!

On a related note, some MAC OS X aliases


alias flushdns='sudo killall -HUP mDNSResponder'
alias menubar='killall -Kill SystemUIServer'
alias p4='ping 4.2.2.2'

Cisco AnyConnect VPN 3.1 Untrusted VPN Server Certificate Installation


If you've upgraded your Cisco AnyConnect VPN Client to 3.1, you might run into the following warning pop up when you attempt to establish a VPN connectivity.




When this pops up, if you click on 'keep me safe', it will disconnect the VPN and you will not be prompted for a username/password.

Instead, if you click on 'change setting…', it will allow you to uncheck the box which blocks connections to untrusted server. By doing this, you trust the ip address or fqdn which is the VPN server (usually a public IP address or fqdn = vpn.company.com).




After the previous image, the above pop up shows up. 'Connect anyway' will complete the VPN connection.

Why do these security warnings show up in the first place?

Cisco made some changes to their Server Certificate Verification on 3.1. Following is a relevant excerpt from this Cisco document.

"–If a Subject Alternative Name extension is present with relevant attributes, name verification is performed solely against the Subject Alternative Name. Relevant attributes include DNS Name attributes for all certificates, and additionally include IP address attributes if the connection is being performed to an IP address."

How do you make these Continue reading

Shopping at the SDN App Store: What Enterprises Really Want?

I contributed 2 pieces to a Network World “digital spotlight” on software defined networking (SDN). SDN’s all the rage with marketing teams & the industry media. I’ve been contracted to write or contribute to a total of 3 large SDN pieces, including this one, over the next few months. And of course at Interop, you couldn’t walk […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Shopping at the SDN App Store: What Enterprises Really Want? appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cisco OTV Implementation & Troubleshooting (Legacy Multicast mode)

For the details on what Overlay Transport Virtualization (OTV) is and how it works on a high-level, see my previous blog entry about OTV 101. OTV troubleshooting requires a basic understanding of Multicast, as well as ISIS. In-depth troubleshooting on these subjects are not part of the scope of this document. This document will only […]

Author information

Ken Matlock

Ken Matlock

Ken Matlock is a networking veteran of 19 years. He has worked in many fields in the networking industry including Service Provider, Retail, and Healthcare. When he's not fixing the problems of the networking world, he can be found studying for his CCIE, spending time with his family, and trying to chase the ever-elusive sleep.

He can be found on twitter @KenMatlock , email at [email protected] , irc.freenode.net #PacketPushers, or the occasional blog or forum post.

The post Cisco OTV Implementation & Troubleshooting (Legacy Multicast mode) appeared first on Packet Pushers Podcast and was written by Ken Matlock.

Show 147 – Avaya Fabric Connect Makes Multicast Simple (Really) – Sponsored

For many network engineers, IP multicast routing is evil. Difficult to design, complicated to implement, painful to troubleshoot and challenging to scale, multicast routing is rarely implemented on a given network unless it’s absolutely required. Most engineers would just rather not bother until the issue is forced upon them. Blame PIM. Blame RPF checks. Blame […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 147 – Avaya Fabric Connect Makes Multicast Simple (Really) – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cisco OTV 101 (Legacy Multicast Mode): MAC Learning Process Walk

What is OTV? Overlay Transport Virtualization (OTV) is a Cisco-proprietary protocol suite that allows us to extend Layer 2 between datacenters with Layer 3 boundaries in between.  It works by encapsulating the L2 packets into L3 multicast packets and sending them out to all other OTV AED’s (Authoritative Edge Devices, used for loop prevention). The […]

Author information

Ken Matlock

Ken Matlock

Ken Matlock is a networking veteran of 19 years. He has worked in many fields in the networking industry including Service Provider, Retail, and Healthcare. When he's not fixing the problems of the networking world, he can be found studying for his CCIE, spending time with his family, and trying to chase the ever-elusive sleep.

He can be found on twitter @KenMatlock , email at [email protected] , irc.freenode.net #PacketPushers, or the occasional blog or forum post.

The post Cisco OTV 101 (Legacy Multicast Mode): MAC Learning Process Walk appeared first on Packet Pushers Podcast and was written by Ken Matlock.

Interop: Firewalls, Booth Babes and Unicorn Poop

Now that I’ve returned from the whirlwind that was Interop Las Vegas, I thought I’d share some thoughts about my experience as a speaker and attendee. First the good: The UBM staff was awesome and I appreciated the chance to pontificate on one of my favorite subjects, firewalls. Thanks to some quick thinking by the […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
TwitterLinkedIn

The post Interop: Firewalls, Booth Babes and Unicorn Poop appeared first on Packet Pushers Podcast and was written by Mrs. Y.

When Tech Meets Business

"I have had the pleasure of having Himawan as part of my team for a total  of 3 years, first two years in the Carrier Ethernet practice as an NCE,  and later on as part of my Advanced Services Africa team where Himawan worked as a Solutions Architect.

Himawan is unique in the way that he not only contributes with extremely  good technical knowledge (for which his triple CCIE is a proof), but he also provides the combination of very good consultancy and business skills, which makes him extremely valuable not only in meetings with customer engineers, but also in meetings with customer senior management.

What I value most with Himawan is his never give up attitude, it doesn't matter how complicated problem, how challenging business environment, or how short timelines, he always jumps into the challenge and finds a way to resolve the issue.

I can strongly recommend Himawan for any position where the combination of technical and business skills is required, and if I had a position open requiring these skills I would see Himawan as the perfect hire."

- Ulf Vinneras
Director Services Strategy and Business Development at Cisco Systems

Tack så mycket, Ulf!

Cisco AnyConnect VPN with LDAP integration


I spent some time recently building anyconnect VPN on an ASA 5525-X and integrating it with LDAP. It could be fairly quick and simple if you have the necessary information to build out an aaa-server for LDAP and match the attribute maps for LDAP service.

Integrating VPN with LDAP involves two phases:
1. Build an aaa-server for LDAP (multiple aaa-servers for load-balancing/redundancy) and then associate the LDAP server to the VPN tunnel-group.
2. Build LDAP attribute maps for determining what AD user gets associated to what VPN Group-Policy.

Phase 1 : aaa-server

Before building your aaa-server, you need to grab some information from your AD server. This includes the following:

1. AD server IP address
2. AD server type (microsoft etc)
3. LDAP (389) or Secure LDAPS (636) port

Create aaa-server 'LDAP' that uses protocol ldap.

aaa-server LDAP protocol ldap

Assign an IP address / Server (dns resolved) name to that LDAP server.

aaa-server LDAP (inside) host dc01

Note: Here the ASA realizes the dc01 server has an IP address which is internal to the ASA, hence it puts it in the 'inside' interface.

Since we use LDAPS and require LDAP over SSL, and the AD server is a Microsoft Continue reading

The Last Question

Please find my complete interview with IT Certification Master: Why Network, Skill, Experience Matters Most. Thank you to Mirek Burnejko for the opportunity.

And below is the last question from the interview:

MB: You are also a co-founder of several organizations: GEM Foundation, Jawdat Teknologi Indonesia and CCIE93. Can you describe us these new ventures?

HN: This is my problem: there are 250 million people in Indonesia, and there are only less than 200 CCIEs. I’m planning to solve that problem. And it doesn’t mean I will make everyone from my country as CCIE. Nor I will teach CCIE class. I want to do more. I want to help Indonesian students and young professionals to become globally competitive professionals. So they can compete in global market like me, or stay in Indonesia to work on challenging project currently being done by professionals from outside the country (expats). And the solution must be scalable. That’s why I founded a not-for-profit organization GEM Foundation (GEMFo) early last year with several other Indonesian professionals who work outside the country. I spent my personal time to visit schools and universities to share global view from my own experience working abroad for more than 10 Continue reading
1 3,738 3,739 3,740 3,741 3,742 3,783