July 30, 2016

My Etherealmind

Unregenerate – 20160730

Looking backward at last week or forward into next week. Stream of thinking.  unregenerate – adj. not reformed, unreconstructed, obstinate, stubborn BGPv4 is Not a Standard BGPv4 RFC4271 is only a draft standard. It is not an Internet standard. It’s still not finished, has several errata and over 50 extensions are currently underway in the […]

The post Unregenerate – 20160730 appeared first on EtherealMind.

by Greg Ferro at July 30, 2016 01:49 PM

July 29, 2016

ipSpace.net Blog (Ivan Pepelnjak)

And this is how you build an IPv6-only data center

Tore Anderson has been talking about IPv6-only data centers (and running a production one) for years. We know Facebook decided to go down that same path… but how hard would it be to start from scratch?

Not too hard if you want to do it, know what you're doing, and are willing to do more than buy boxes from established vendors. Donatas Abraitis documented one such approach, and he's not working for a startup but a 12-year-old company. So, don't claim it's impossible ;)

by Ivan Pepelnjak (noreply@blogger.com) at July 29, 2016 05:47 AM

PacketLife.net Blog

Taking the CCIE Lab in RTP

Cisco's campus in Research Triangle Park, North Carolina, is one of only two places in the United States where candidates can complete a CCIE lab exam (the other being in San Jose, California). People fly in from all over the eastern US and beyond to spend a day taking the exam. Lots of folks who've taken the exam have written up their experiences, but I haven't seen many talk at length about their time in RTP outside of Cisco's building 3.

I've lived just a few minutes away from the testing site for the past few years, and it occurred to me recently that visitors might benefit from some local knowledge.

Getting Here

Most people fly in via Raleigh-Durham International Airport (RDU). RDU is a medium-sized airport with two terminals. Most flights operate out of Terminal 2, except for Southwest Airlines, which is based in the newly-renovated Terminal 1.

rdu.jpg

As airports go, I'm a big fan of RDU. It's a very modern, clean, and well-organized facility. The interior of Terminal 2 is beautifully designed to resemble an early airplane wing and is flooded with natural light during the day. (It's also one of very few places where you can find a Five Guys that serves breakfast.) The TSA folks here tend to be very professional and polite. Wait times in security are rarely long. And this isn't just the biased opinion of a local: in 2014, RDU was ranked among the top ten airports in the US.

Continue reading · No comments

by Jeremy Stretch at July 29, 2016 02:13 AM

XKCD Comics

July 28, 2016

Honest Networker
ipSpace.net Blog (Ivan Pepelnjak)

Networking in 1980s

Summer is a great time to do odd jobs that you always wanted to do but never found time for. One of mine: document the crazy stuff I’ve been doing decades ago. Starting point: how I got into networking in 1980s.

by Ivan Pepelnjak (noreply@blogger.com) at July 28, 2016 05:43 AM

July 27, 2016

My Etherealmind

Unregenerate – 20160727

Looking backward at last week or forward into next week. Ir Whatever. unregenerate – adj. not reformed, unreconstructed, obstinate, stubborn   A Better Sound System I’ve been “pining” for a better audio solution for my office and around the house for quite some time. I’ve been eyeing off Sonos product for quite some time but […]

The post Unregenerate – 20160727 appeared first on EtherealMind.

by Greg Ferro at July 27, 2016 04:00 PM

The Networking Nerd

Ten Years of Cisco Live – Community Matters Most of All

CLUS2016SignPic

Hey! I made the sign pic this year!

I’ve had a week to get over my Cisco Live hangover this year. I’ve been going to Cisco Live for ten years and been involved in the social community for five of them. And I couldn’t be prouder of what I’ve seen. As the picture above shows, the community is growing by leaps and bounds.

People Are What Matter

TomsCornerSelfie

I was asked many, many times about Tom’s Corner. What was it? Why was it important? Did you really start it? The real answer is that I’m a bit curious. I want to meet people. I want to talk to them and learn their stories. I want to understand what drives people to learn about networking or wireless or fax machines. Talking to a person is one of the best parts of my job, whether it be my Bruce Wayne day job or my Batman night job.

Social media helps us all stay in touch when we aren’t face-to-face, but meeting people in real life is as important too. You know who likes to hug. You find out who tells good stories. Little things matter like finding out how tall someone is in real life. You don’t get that unless you find a way to meet them in person.

FishHug

Hugging Denise Fishburne

Technology changes every day. We change from hardware to software and back again. Routers give way to switches. Fabrics rise. Analytics tell all. But all this technology still has people behind it. Those people make the difference. People learn and grow and change. They figure out how to make SDN work today after learning ISDN and Frame Relay yesterday. They have the power to expand beyond their station and be truly amazing.

Conferences Are Still King

Cisco Live is huge. Almost 30,000 attendees this year. The Mandalay Bay Convention Center was packed to the gills. The World of Solutions took up two entire halls this year. The number of folks coming to the event keeps going up every year. The networking world has turned this show into the biggest thing going on. Just like VMworld, it’s become synonymous with the industry.

People have a desire to learn. They want to know things. They want high quality introductions to content and deep dives into things they want to know inside and out. So long as those sessions are offered at conferences like Cisco Live and Interop people will continue to flock to them. For the shows that assemble content from the community this is an easy proposition. People are going to want to talk where others are willing to listen. For single sourced talks like Cisco Live, it’s very important to identify great speakers like Denise Fishburne (@DeniseFishburne) and Peter Jones (@PeterGJones) and find ways to get them involved. It’s also crucial to listen to feedback from attendees about what did work and what they want to see more of in the coming years.

Keeping The Community Growing

CLUS2016Tweetup

One thing that I’m most proud of is seeing the community grow and grow. I love seeing new faces come in and join the group. This year had people from many different social circles taking part in the Cisco Live community. Reddit’s /r/networking group was there. Kilted Monday happened. Engineering Deathmatches happened. Everywhere you looked, communities were doing great things.

As great as it was to see so many people coming together, it’s just as important to understand that we have to keep the momentum going. Networking doesn’t keep rolling along without new ideas and new people expressing them. Four years ago I could never have guessed the impact that Matt Oswalt (@Mierdin) and Jason Edelman (@JEdelman8) could have had on the networking community. They didn’t start out on top of the world. They fought their way up with new ideas and perspectives. The community adopted what they had to say and ran with it.

We need to keep that going. Not just at Cisco Live either. We need to identify the people doing great things and shining a spotlight on them. Thankfully, my day job affords me an opportunity to do just that. But the whole community needs to be doing it as well. If you can just find one person to tell the world about it’s a win for all of us. Convince a friend to write a blog post. Make a co-worker join Twitter. In the end every new voice is a chance for us all to learn something.


Tom’s Take

As Dennis Leary said in Demolition Man,

I’m no leader. I do what I have to do. Sometimes people come with me.

That’s what Cisco Live is to me. It’s not about a corner or a table or a suite at an event. It’s about people coming together to do things. People talking about work and having a good time. The last five years of Cisco Live have been some of the happiest of my life. More than any other event, I look forward to seeing the community and catching up with old friends. I am thankful to have a job that allows me to go to the event. I’m grateful for a community full of wonderful people that are some of the best and brightest at what they do. For me, Cisco Live is about each of you. The learning and access to Cisco is a huge benefit. But I would go for the people time and time and time again. Thanks for making the fifth year of this community something special to me.


by networkingnerd at July 27, 2016 04:41 AM

Potaroo blog

IETF 96

The IETF meetings are relatively packed events lasting over a week, and it’s just not possible to attend every session. From the various sessions I attended here are a few personal impressions that I took away from the meeting that I would like to share with you.

July 27, 2016 02:00 AM

XKCD Comics

July 26, 2016

Networker's Online

What is 6PE?

6PE is one of the efficient solutions for interconnecting IPv6 islands over an IPv4-only MPLS cloud without needing to drastically change the core network design by having all your Core routers dual-stacked 6PE does not use manual standard tunnels, it provides an alternative where all tunnels are established dynamically eliminating the need to configure and …

The post What is 6PE? appeared first on Networkers-online.com.

by Amr Mostafa at July 26, 2016 08:43 PM

ipSpace.net Blog (Ivan Pepelnjak)

Stretched ACI Fabric Is Sometimes the Least Horrible Solution

One of my readers sent me a lengthy email asking my opinion about his ideas for new data center design (yep, I pointed out there’s a service for that while replying to his email ;). He started with:

I have to design a DR solution for a large enterprise. They have two data centers connected via Fabric Path.

There’s a red flag right there…

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 26, 2016 11:50 AM

Network Design and Architecture
Potaroo blog

One Second Warning

The Earth Orientation Centre is the bureau that looks after Universal Coordinated Time, and each six months they release a bulletin about their intentions for the next Universal Time correction window. This month they announced a leap second to be scheduled for midnight UTC 31 December 2016.

July 26, 2016 12:00 AM

Hosts vs Networks

There are a number of ways to view the relationship between hosts and the network in the Internet. One view is that this is an example of two sets of cooperating entities that share a common goal: hosts and the network both want content to be delivered. Another view is that hosts and networks have conflicting objectives. This was apparent in a couple of sessions at the recent IETF 96 Meeting.

July 26, 2016 12:00 AM

July 25, 2016

My Etherealmind
Network Design and Architecture

Evolved Packet Core – Welcome to Long Term Evolution!

As an end user, I am always welcoming the “4G” Signal indicator on my mobile because basically for me this maps to a better Download Speed, good quality VoIP calls (skype, Hangout, Whatsapp, etc) , better Streaming, and HD Videos. This article is all about the “4G” indicator. I am discussing the Evolved Packet Core together with […]

The post Evolved Packet Core – Welcome to Long Term Evolution! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Karim Rabie at July 25, 2016 09:16 AM

IS-IS level 1, IS-IS Routing Protocol Levels

What is IS-IS Level 1 ? Why IS-IS level 1 is used ? What are the IS-IS levels ? What is the corresponding Area type in OSPF ? IS-IS Level 1 is also called as IS-IS Level 1 sub domain. IS-IS is a link state routing protocol, similar to OSPF. You can read detail comparison […]

The post IS-IS level 1, IS-IS Routing Protocol Levels appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at July 25, 2016 09:05 AM

XKCD Comics

July 24, 2016

Network Design and Architecture

What is MPLS tunnel label and why it is used ?

In networking we use many times different terms to define the same thing. MPLS tunnel label or transport label are just two of those. Not only transport and tunnel labels but also other terms are used to define the same thing which these labels provide. Let me explain first why and where MPLS tunnel label is […]

The post What is MPLS tunnel label and why it is used ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at July 24, 2016 09:48 AM

July 22, 2016

XKCD Comics

July 21, 2016

Honest Networker
ipSpace.net Blog (Ivan Pepelnjak)

TCP Congestion Avoidance on Satellite Links

While some people spread misinformation others work hard to figure out how to make TCP work on exotic links with low bandwidth and one second RTT.

Ulrich Speidel published a highly interesting article on APNIC blog describing the challenges of satellite Internet access and the approach (network coded TCP) they took to avoid them.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 21, 2016 11:22 AM

July 20, 2016

The Networking Nerd

The CCIE Routing And Switching Written Exam Needs To Be Fixed

CCIELogo

The former logo listed in this post was removed by request of Cisco

I’m having a great time at Cisco Live this year talking to networking professionals about the state of things. Most are optimistic about where their jobs are going to fit in with networking and software and the new way of doing things. But there is an undercurrent of dissatisfaction with one of the most fundamental pieces of network training in the world. The discontent is palpable. From what I’ve heard around Las Vegas this week, it’s time to fix the CCIE Written Exam.

Whadda Ya Know?!?

The CCIE written is the bellwether of network training. It’s a chance for network engineers that use Cisco gear to prove they have what it takes to complete a difficult regimen of training to connect networks of impressive size. It’s also a rite of passage to show others that you know how to study, prep, and complete a difficult practical examination without losing your cool. But all that hard work starts with a written test.

The CCIE written has always been a tough test. It’s the only barrier to entry to the CCIE lab. Because the CCIE has never had prerequisites and likely never will due to long standing tradition, the only thing standing in the way of you ability to sit the grueling lab test is a 100 question multiple choice exam that gauges your ability to understand networking at a deep technical level.

But within the last year or so, the latest version of the CCIE written exam has begun to get very bad reviews from all takers of the test. There are quite a few people that have talked about how bad the test is for candidates. Unlike a lot of “sour grapes” cases of people railing against a test they failed, the feedback for the CCIE written is entirely different. It tends to fall into a couple of categories:

The Test Is Poorly Written

The most resounding critique of the exam is that it is a poorly constructed and executed test. The question quality is subpar. There are spelling mistakes throughout and test questions that have poor answer selections. Having spent a large amount of time helping construct the CCNA exam years ago, I can tell you that you will spend the bulk of your time creating wrong answers as distractors to the right ones. Guidelines say that a candidate should have no better than a 25% chance to guess the correct answer from all the choices. If you’ve ever taken a math test that has four multiple choice answers with three being correct for various mistakes in working the problem, you know just how insidious proper distractors can be (and math teachers too).

The CCIE written is riddled with bad distractors according to reports. It also has questions that don’t have a true proper answer or a set of answers that are all technically correct with no way to select them all. That frustrates test takers and makes it very difficult to study for the exam. The editing and test mechanics errors must be rectified quickly in order to restore confidence to the people taking the test.

The Test Doesn’t Cover The Material

Once people stop telling me how bad the test is constructed, they start telling me that the questions are bad on a conceptual level as well. No NDAs are violated during these discussions to protect everyone involved, but the general opinion is that the test has skewed in the wrong direction. Cisco seems to be creating a test that focuses more on the Cisco and less on the Internetworking part of the CCIE.

The test has never been confused for being a vendor-neutral exam. Any look at the blueprint will tell you that there a plenty of proprietary protocols and implementation methods there. But the older versions of the exam did do a good job of teaching you how to build a network that could behave itself with other non-Cisco sections. Redistributing EIGRP and OSPF is a prime example. But the focus of the new exam seems to be skewed toward very specific Cisco proprietary protocols and the minutia around how they operate. I’ve always thought that knowing the hello and dead timers of OSPF NBMA areas is a huge time sink and really only justified for test takers, but I also see why knowing that would be important in multi-vendor operations. But knowing the same thing for an EIGRP DMVPN seems a bit pointless.

The other problem is that, by the admission of most test takers, the current CCIE Written Exam study guide doesn’t cover the areas of the blueprint that are potentially on the test. I feel very sorry for my friend Narbik Kocharians here. He worked very hard to create a study guide that would help test takers pass the exam with the knowledge necessary to do well on the lab. And having a test over a completely different area than his guide makes him look bad in the eyes of testers without good cause. It’s like a college class when the professor tells you to study the book but gives you a test over his or her lectures. It’s not fair because you studied what you were told and failed because they tested something else.

CCIEs Feel There Are Better Recert Options

This is the most damaging problem in my mind. About half the test takers for the CCIE written are candidates looking to qualify for the lab. That requires them to take the written exam for their specific track. But the other half of the test takers are CCIEs that have passed the lab and are looking to recertify. For these professionals, any CCIE written exam is valid for recertification.

Many CCIE candidates look to broaden their horizons by moving to different track to keep their CCIE current while they study for service provider, data center, or even collaboration as a topic area of study. For them, the CCIE is a stepping stone to keep the learning process going. But many CCIEs I’ve spoken to in the past few months are starting to take other exams not because they want to learn new things, but because the CCIE Routing and Switch written exam is such a terrible test.

Quite a few CCIEs are using the CCDE written to recertify. They feel it is a better overall test even though it doesn’t test the material to the level that the CCIE R&S written exam does. They would even be willing to take the chance of getting a question on an area of technology that they know nothing about to avoid having to deal with poor questions in their areas of study. Still more CCIEs are choosing to become Emeritus and “retire” so as to avoid the pain of the written exam. While this has implications for partner status and a host of other challenges for practicing engineers, you have to wonder how bad things must be to make retirement of your CCIE number look like a better option.


Tom’s Take

I took the CCIE R&S written last year at Cisco Live. I was so disgusted with the exam that I immediately switched to the CCDE written and recertified my number while simultaneously vowing never to take the R&S written again. From what I’ve heard this year, the test quality is still slipping with no relief in sight. It’s a sad state of affairs when you realize that the flagship test for Cisco engineers is so horribly broken that those same engineers believe it can’t be fixed. They feel that all the comments and feedback in the world are ignored and their expertise in taking exams is pushed aside for higher cut scores and a more exclusive number of candidates. The dark side of it all is the hope that there isn’t an agenda to push official training materials or other kinds of shortcuts that would help candidates while charging them more and/or locking out third party training providers that work hard to help people study for the lab.

Cisco needs to fix this problem now. They need to listen to feedback and get their written problems under control. If they don’t, they may soon find the only people taking the R&S written test are the same kinds of dumpers and cheaters they think they are trying to keep out with a poorly constructed test.

NOTE: I have published an update to this post here: Fixing The CCIE Written – A Follow Up


by networkingnerd at July 20, 2016 08:19 PM

Fixing The CCIE Written – A Follow Up

955951_28854808

I stirred up quite the hornet’s nest last week, didn’t I? I posted about how I thought the CCIE Routing and Switching Written Exam needed to be fixed. I got 75 favorites on Twitter and 40 retweets of my post, not to mention the countless people that shared it on a variety of forums and other sites. Since I was at Cisco Live, I had a lot of people coming up to me saying that they agreed with my views. I also had quite a few people that weren’t thrilled with my perspective. Thankfully, I had the chance to sit down with Yusuf Bhaiji, head of the CCIE program, and chat about things. I wanted to share some thoughts here.

Clarity Of Purpose

One of the biggest complaints that I’ve heard is that I was being “malicious” in my post with regards to the CCIE. I was also told that it was a case of “sour grapes” and even that the exam was as hard as it was on purpose because the CCIE is supposed to be hard. Mostly, I felt upset that people were under the impression that my post was designed to destroy, harm, or otherwise defame the CCIE in the eyes of the community. Let me state for the record what my position is:

I still believe the CCIE is the premier certification in networking. I’m happy to be a CCIE and love the program.

Why did I write the post? Not because I couldn’t pass the written. Not because I wanted people to tell me that I was wrong and being mean to them. I wrote the post because I saw a problem and wanted to address it. I felt that the comments being made by so many people that had recently taken the test needed to be collected and discussed. Sure, making light of these kinds of issues in a public forum won’t make people happy. But, as I said to the CCIE team, would you rather know about it or let it fester quietly?

Yusuf assured me that the CCIE program holds itself to the highest standards. All questions are evaluated by three subject matter experts (SMEs) for relevance and correctness before being included in the exam. If those three experts don’t sign off, the question doesn’t go in. There are also quite a few metrics built into the testing software that give the CCIE team feedback on questions and answer choices. Those programs can index all manner of statistics to figure out if questions are creating problems for candidates. Any given test can produce pages worth of valuable information for the people creating the test and trying to keep it relevant.

Another point that was brought up was the comment section on the exam. If you have any problem with a question, you need to fill out the comment form. Yes, I know that taking time out of the test to provide feedback can cause issues. It also interrupts your flow of answering questions. But if you even think for an instant that the question is unfair or misleading or incorrect, you have to leave a detailed comment to make sure the question is flagged properly for review. Which of the following comments means more to you?

  • Trivia question

or

  • This question tests on an obscure command and isn’t valid for a CCIE-level test.

I can promise I know which one is going to be evaluated more closely. And yes, every comment that has purpose is reviewed. The exam creators can print off every comment ever left on a question. The more detailed the comment, the more likely to trigger a review. So please make sure to leave a comment if you think there is a problem with the question.

Clarity Of Vision

Some of the conversations that I had during Cisco Live revolved around the relevance of the questions on the test to a CCIE candidate. Most of the people that I talked to were CCIEs already and using the test for recertification. A few came to me to talk about the relevance of the test questions to candidates that are qualifying for the lab.

While I’m not able to discuss any of the specific plans for the future of the program, I will say that there are ideas in place that could make this distinction matter less. Yusuf told me that the team will be releasing more details as soon as they are confirmed.

The most important point is that the issues that I have with the CCIE Written exam are fixable. I also believe that criticism without a suggestion solution is little more than whining. So I decided to put my money where my mouth is with regard to the CCIE written exam.

I volunteered to fix it.

I stepped up and offered my time as an SME to review the questions on the written exam for relevance, correctness, and grammar. That’s not a light undertaking. There are a ton of questions in the pool that need to be examined. So for every person that agreed with my post or told me that they thought the exam needed to be fixed, I’m putting you all on the spot as well.

It’s time for us as a community of CCIEs to do our part for the exam. Yusuf told me the easiest way to take part in the program is to visit the following URL:

http://www.cisco.com/go/certsme

Sign up for the SME program. Tell them that you want to help fix the CCIE. Maybe you only have to look at 5-10 questions. If the hundred or so people that agreed with me volunteered today, the entire test question pool could be analyzed in a matter of weeks. We could do our part to ensure that people taking the exam have the best possible test in front of them.

But I also challenge you to do more. Don’t just correct grammar or tell them they spelled “electricity” wrong in the question. Challenge them. Ask yourself if this is a question a CCIE candidate should know the answer to. There’s a chance that you could make a difference there. But you can’t do that unless you step up the plate.


Tom’s Take

I had at least ten people tell me that they would do whatever it took to fix the CCIE test last week after I talked to the CCIE cert team. They were excited and hopeful that the issues they saw with the test could be sorted out. I’ll admit that I stepped out on a pretty big limb here by doing this in public as opposed to over email or through official channels. And I do admit that I didn’t clarify my intent to build the program up as opposed to casting the whole exam team and process in a bad light.

Mea culpa.

But, my motivation succeed in getting people to talk about the CCIE written. There are many of you that are ready to do your part to help. Please, go sign up at the link above to join the SME program. Maybe you’ll never look at a single question, Maybe you’ll look at fifty. The point is that you step up and tell Cisco that you’re willing. If even fifteen people come forward and agree to help then that message will sound loud and clear that each and every one of us is proud of being a CCIE and want the program to continue long past the time when we’re retired and telling our grandchildren about the good old days of hard but fair tests.

If you have any questions about participating in the program or you want to reach out to me with your thoughts, don’t hesitate to contact me. Let’s put the power of community behind this!


by networkingnerd at July 20, 2016 02:57 PM

XKCD Comics

July 19, 2016

Networker's Online

CCIE SPv4.1 Blueprint Resources

The CCIE SP SME team has put a comprehensive list of study resources for the new CCIE SP4.1 blueprint. The complied list is in a spreadsheet designed to help you quickly find what you are looking for by organizing the content according to the exam topics. This is a very good resource for finding good …

The post CCIE SPv4.1 Blueprint Resources appeared first on Networkers-online.com.

by Networkers at July 19, 2016 12:47 PM

My Etherealmind

Response: Cryptech – A Open Source HSM

Because commercial HSMs are hard to trust an open source version is a good choice.

The post Response: Cryptech – A Open Source HSM appeared first on EtherealMind.

by Greg Ferro at July 19, 2016 11:57 AM

ipSpace.net Blog (Ivan Pepelnjak)

Ethernet-over-VPN: What Could Possibly Go Wrong?

One of my readers sent me a link to SoftEther, a VPN solution that

[…] penetrates your network admin's troublesome firewall for overprotection. […] Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage.

What could possibly go wrong with such a great solution?

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 19, 2016 11:18 AM

Networking Now (Juniper Blog)

WEB APPLICATIONS RISKS AND SECURITY GUIDELINES BY OWASP TOP 10 PROJECT

Web application vulnerabilities face exploitation by malicious attackers, who are looking for benefits from the activity. Secure network architectures need to constantly evolve to keep up with the latest advanced persistent threats.

 

OWASP represents most critical application vulnerabilities and provides excellent reference point for assessing the application security risks.

by shirish at July 19, 2016 11:01 AM

Network Design and Architecture

PS Core Network Concepts

Most of the educational documents related to PS Core Network start with Call Flows. Attach Call Flow, PDP Context, Paging, etc. Basically that was my problem when I started working in PS Core because the Call Flows include a lot of messages which in turn include a lot of parameters and Information Elements so starting with […]

The post PS Core Network Concepts appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Karim Rabie at July 19, 2016 10:15 AM

July 18, 2016

Network Design and Architecture

PS Core Network Concepts

Most of the educational documents related to PS Core Network start with Call Flows. Attach Call Flow, PDP Context, Paging, etc. So, Basically that was my problem when I started working in PS Core because the Call Flows include a lot of messages that in turn include a lot of parameters and Information Elements so […]

The post PS Core Network Concepts appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Karim Rabie at July 18, 2016 04:08 PM

XKCD Comics

July 15, 2016

Internetwork Expert Blog

INE’s CCIE DCv2 Topology & Content Updates

Now that Cisco Live US 2016 is winding down, we’re going full steam ahead with our CCIE Data Center version 2.0 Blueprint updates.  For those of you that haven’t seen it, my live blog of the CCIE DCv2 Techtorial @ Cisco Live US 2016 can help to answer some additional questions about the exam content and format changes.

Some important upcoming dates in the short term are:

For those of you that have already spent time working on the DCv1 blueprint and are transitioning to DCv2, I would highly recommend to check out the online class the week of August 1st.  I’ll mainly be focusing on the technologies that changed in the blueprint, such as Nexus 9k, ACI, BGP EVPN signaled VxLAN, etc.

Additionally, our new class and rack rental topology has been finalized.  Some of the key topology changes are as follows:

  • Nexus 9K 9336PQ ACI Spines
  • Nexus 9K 9372PX-E ACI Leafs
  • APIC-M2 ACI Controllers
  • Nexus 7K supervisors ugraded to SUP 2E’s
  • Nexus 7K linecards upgraded to F348XP-25′s
  • Nexus 5K’s upgraded to 5672UP’s
  • Nexus 2K’s upgraded to 2348UPQ’s

Visual topology diagrams for these changes can be seen below. Click the images for high-res versions.

Rack rentals are currently in beta until further notice. The scheduler shows all sessions booked, but I am taking beta testing requests directly if you email me at bmcgahan@ine.com

by Brian McGahan, CCIE #8593, CCDE #2013::13 at July 15, 2016 01:37 AM

XKCD Comics

July 14, 2016

ipSpace.net Blog (Ivan Pepelnjak)

OpenFlow and Firewalls Don’t Mix Well

In one of my ExpertExpress engagements the customer expressed the desire to manage their firewall with OpenFlow (using OpenDaylight) and I said, “That doesn’t make much sense”. Here’s why:

Obviously if you can't imagine your life without OpenDaylight, or if your yearly objectives include "deploying OpenDaylight-based SDN solution", you can use it as a REST-to-NETCONF translator assuming your firewall supports NETCONF.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 14, 2016 10:15 AM

July 13, 2016

Network Design and Architecture

Core Network Architecture in 3G Mobile Networks

Core Network Architecture in 3G Mobile Networks – Most of the Mobile Broadband Networks worldwide are currently delivering Data Services based on 3G & 4G Technologies. Although 4G/LTE is widely deployed globally but still there are countries and operators running 2G/3G with relatively convenient Data rates to the market demands. In this article, I am […]

The post Core Network Architecture in 3G Mobile Networks appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Karim Rabie at July 13, 2016 12:58 PM

XKCD Comics

July 12, 2016

ipSpace.net Blog (Ivan Pepelnjak)

Automate the Exceptions

Every time I have a network automation presentation (be it a 2-day workshop or a 45 minute keynote) I get the same question afterwards: “How do we deal with exceptions?

The correct answer is obvious: “there should be no exceptions, because one-offs usually cost you more than you earn with them,” but as always the reality tends to intervene.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 12, 2016 10:08 AM

July 11, 2016

My Etherealmind

Musing:Integrity in Network Telemetry

What if network devices reported falsified information ?

The post Musing:Integrity in Network Telemetry appeared first on EtherealMind.

by Greg Ferro at July 11, 2016 11:38 AM

Networking Now (Juniper Blog)

Visibility into network security threats and risks using Junos Space Security Director

The World Wide Web is a source of threats in the form of malware and viruses. There are hackers trying to get in to corporates network and steal information. This makes it important for businesses to have a complete visibility of the usage patterns of the applications over the Internet accessed by their users. This visibility can help organization detect and block malicious or unauthorized network traffic.

by ahzam at July 11, 2016 11:33 AM

XKCD Comics

July 10, 2016

Internetwork Expert Blog

CCIE DCv2 Techtorial @ Cisco Live US 2016

This morning I’m in Las Vegas for Cisco Live 2016, and am attending TECCCIE-3644 – CCIE DC Techtorial which focuses on the new CCIE Data Center v2 updates.

I’m live blogging the session so please feel free to submit your questions for the CCIE team as a comment here and I’ll try to get an answer for you.

Slides from the session are available here.


Final Update - UCS M4308 is no longer part of the topology (device is End of Sale). The official blueprint has been updated to include the following software packages and versions:

  • UCS Software Release 3.x Fabric Interconnect
  • Cisco Data Center Manager Software v7.x
  • Application Policy Infrastructure Controller 1.x
  • UCS Central 1.x
  • Cisco Integrated Management Controller 2.x
  • UCS Director 5.x
  • ASAv 9.x

Update 8 – 14:08PDT - Access to ESXi, VCenter, and CIMC will be allowed in v2 lab exam for troubleshooting tasks such as Nexus 1000v.


Update 7 – 14:03PDT - UCS Central will be tested on in the lab.


Update 6 – 13:55PDT - UCS will be running 3.x, not 2.x as currently listed on the blueprint.


Update 5 – 11:30PDT - Starting Storage Networking now. Interested to see what the scope is going to be now with the MDSes removed and the N9K’s added.


Update 4 – 09:15PDT - One major format change for the CCIE DCv2 Lab Exam is the introduction of the Diagnostics section, similar to other tracks such as RSv5. Here are some highlights and demo questions illustrating the format of the Diag section.

  • Diag section consists of one or more independent Tasks.
  • Each Task can have one or more Questions.
  • Questions are typically 1 point apiece, but could be 2 or 3 points.
  • Each Question within a task is graded individually. It is possible to get Task 1 Question 1 wrong but still get Task 1 Question 2 correct.
  • The goal is to reach the minimum cut score, but the cut score is not published and changes between specific exam deliveries.
  • Questions have deterministic answers. There is typically only one correct answer, but it’s possible that two answers are correct (e.g. multiple choice multiple answer). You must sort through all the information and find what is relevant and what is irrelevant.
  • You CAN go back and forth between tasks and questions in diagnostics section, and you CAN change your answers.
  • All information is needed is provided at once for each task. This is not the same as the CCDE engine where you get additional information as you go on

The exam starts with a intro screen with basic instructions. Once you click Begin Lab the 60 minute timer starts counting down. If you finish early, you cannot currently add extra time to the Configuration section.

An example Task for vPC, with an example Question. “Identify which command on which device provides the most important information about the root cause of this issue?”

An example answer, “Device SW13 Command line show feature | i vpc”. This demonstrates that the question and answer are deterministic, as only one possible answer is allowed for this task. Similar for Question 2 of this task, which uses a radio button for a multiple choice single answer.

An example “Hot Spot” type question. Task 2 asks “Considering all information provided point and click on the location in the topology that is responsible for causing the reported symptoms”. Answering this question assumes that you have sorted through the relevant problem description and relevant CLI outputs from the various devices.


Update 3 – 08:57PDT - Timing of the Diagnostics and Configuration/Troubleshooting section are different from the R&S exam. Diagnostics is fixed at 60 minutes, and Config/TS is fixed at 7 hours. If you finish Diag early, you cannot add this additional time to Config/TS.


Update 2 – 08:30PDT - Grading is done manually by the proctors. Automated tools are used to gather information, but ultimately the pass/fail decision is up to the proctor. Tasks can have multiple solutions, and grading does check for this. Just because your solution works doesn’t mean it’s right. You have to meet the requirements of the question!


Update 1 – 08:29PDT - Don’t change the device passwords otherwise they can’t grade the exam.  Hopefully this is self explanatory :)


Me with CCIE DC #1 – Robert Burns

I actually came straight from our Data Center in Reno NV installing our new CCIE DCv2 equipment.

by Brian McGahan, CCIE #8593, CCDE #2013::13 at July 10, 2016 03:41 PM

July 08, 2016

Ethan Banks on Technology

I’ll See You At Cisco Live 2016 Las Vegas

I will be at Cisco Live 2016 in Las Vegas. So far, my calendar has me scheduled to attend some Tech Field Day presentations, visit with vendors, hang out in the Social Media Hub, and host a CloudGenix SD-WAN mixer event (free food and drink for all, plus fellow nerds to network with, just register). I hope to see you at CLUS. Come up and say "hi."

by Ethan Banks at July 08, 2016 04:35 PM

ipSpace.net Blog (Ivan Pepelnjak)

Optimize Your Data Center: Use Distributed File System

Let’s continue our journey toward two-switch data center. What can we do after virtualizing the workload, getting rid of legacy technologies, and reducing the number of server uplinks to two?

How about replacing dedicated storage boxes with distributed file system?

In late September, Howard Marks will talk about software-defined storage in my Building Next Generation Data Center course. The course is sold out, but if you register for the spring 2017 session, you’ll get access to recording of Howard’s talk.

by Ivan Pepelnjak (noreply@blogger.com) at July 08, 2016 01:06 PM

XKCD Comics

July 07, 2016

PacketLife.net Blog

NetBox v1.1.0 Released

One year ago today, I made the first commit to a repository named "netbox" hosted internally at DigitalOcean. It was the first iteration of a tiny little app I scratched together using the Django Python framework to track IP prefix utilization. A year later, NetBox has grown into an extensive tool that we use to track IPs, racks, devices, connections, circuits, and even encrypted credentials. And I'm happy to say that it's now open source!

Continue reading · 15 comments

by Jeremy Stretch at July 07, 2016 06:45 PM

ipSpace.net Blog (Ivan Pepelnjak)

New Open-Source IPAM + DCIM Tool

My friend Jeremy Stretch wrote an IPAM+DCIM tool for Digital Ocean and open-sourced it. As the tool was designed by networking engineers to manage data center networks (more in Jeremy’s blog post), it might be a better fit than other tools out there. In any case, check it out and let me know how it works.

by Ivan Pepelnjak (noreply@blogger.com) at July 07, 2016 01:22 PM

The Networking Nerd

The Complexity Conundrum

NailPuzzle

Complexity is the enemy of understanding. Think about how much time you spend in your day trying to simplify things. Complexity is the reason why things like Reddit’s Explain Like I’m Five exist. We strive in our daily lives to find ways to simplify the way things are done. Well, except in networking.

Building On Shifting Sands

Networking hasn’t always been a super complex thing. Back when bridges tied together two sections of Ethernet, networking was fairly simple. We’ve spent years trying to make the network do bigger and better things faster with less input. Routing protocols have become more complicated. Network topologies grow and become harder to understand. Protocols do magical things with very little documentation beyond “Pure Freaking Magic”.

Part of this comes from applications. I’ve made my feelings on application development clear. Ivan Pepelnjak had some great comments on this post as well from Steve Chalmers and Derick Winkworth (@CloudToad). I especially like this one:

<script async="async" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>

Derick is right. The application developers have forced us to make networking do more and more faster with less requirement for humans to do the work to meet crazy continuous improvement and continuous development goalposts. Networking, when built properly, is a static object like the electrical grid or a plumbing system. Application developers want it to move and change and breathe with their needs when they need to spin up 10,000 containers for three minutes to run a test or increase bandwidth 100x to support a rollout of a video streaming app or a sticker-based IM program designed to run during a sports championship.

We’ve risen to meet this challenge with what we’ve had to work with. In part, it’s because we don’t like being the scapegoat for every problem in the data center. We tire of sitting next to the storage admins and complaining about the breakneck pace of IT changes. We have embraced software enhancements and tried to find ways to automate, orchestrate, and accelerate. Which is great in theory. But in reality, we’re just covering over the problem.

Abstract Complexity

The solution to our software networking issues seems simple on the surface. Want to automate? Add a layer to abstract away the complexity. Want to build an orchestration system on top of that? Easy to do with another layer of abstraction to tie automation systems together. Want to make it all go faster? Abstract away!

“All problems in computer science can be solved with another layer of indirection.”

This is a quote from Butler Lampson often attributed to David Wheeler. It’s absolutely true. Developers, engineers, and systems builders keep adding layers of abstraction and indirection on top of complex system and proclaiming that everything is now easier because it looks simple. But what happens why the abstraction breaks down?

Automobiles are perfect example of this. Not too many years ago, automobiles were relatively simple things. Sure, internal combustion engines aren’t toys. But most mechanics could disassemble the engine and fix most issues with a wrench and some knowledge. Today’s cars have computers, diagnostics systems, and require lots of lots of dedicated tools to even diagnose the problem, let alone fix it. We’ve traded simplicity and ease of repairability the appearance of “simple” which conceals a huge amount of complexity under the surface.

To refer back to the Lampson/Wheeler quote, the completion of it is, “Except, of course, for the problem of too many indirections.” Even forty years ago it was understood that too many layers of abstraction would eventually lead to problems. We are quickly reaching this point in networking today. With all the reliance on complex tools providing an overwhelming amount of data about every point of the network, we find ourselves forced to use dashboards and data lakes to keep up with the rapid pace of changes dictated to the network by systems integrations being driven by developer desires and not sound network systems thinking.

Networking professionals can’t keep up. Just as other systems now must be maintained by algorithms to keep pace, so too does the network find itself being run by software instead of augmented by it. Even if people wanted to make a change they would be unable to do so because validating those changes manually would cause issues or interactions that could create havoc later on.

Simple Solutions

So how do we fix the issues? Can we just scrap it all and start over? Sadly, the answer here is a resounding “no”. We have to keep moving the network forward to match pace with the rest of IT. But we can do our part to cut down on the amount of complexity and abstraction being created in the process. Documentation is as critical as ever. Engineers and architects need to make sure to write down all the changes they make as well as their proposed designs for adding services and creating new features. Developers writing for the network need to document their APIs and their programs liberally so that troubleshooting and extension are easily accomplished instead of just guessing about what something is or isn’t supposed to be doing.

When the time comes to build something new, instead of trying to plaster over it with an abstraction, we need to break things down into their basic components and understand what we’re trying to accomplish. We need to augment existing systems instead of building new ones on top of the old to make things look easy. When we can extend existing ideas or augment them in such as way as to coexist then we can worry less about hiding problems and more about solving them.


Tom’s Take

Abstraction has a place, just like NAT. It’s when things spiral out of control and hide the very problems we’re trying to fix that it becomes an abomination. Rather than piling things on the top of the issue and trying to hide it away until the inevitable day when everything comes crashing down, we should instead do the opposite. Don’t hide it, expose it instead. Understand the complexity and solve the problem with simplicity. Yes, the solution itself may require some hard thinking and some pretty elegant programming. But in the end that means that you will really understand things and solve the complexity conundrum.


by networkingnerd at July 07, 2016 04:56 AM

July 06, 2016

Ethan Banks on Technology

Complexity – My Friend, My Enemy

Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer features mean fewer things that can potentially go wrong. The less that goes wrong, the higher the network uptime.

by Ethan Banks at July 06, 2016 08:50 PM