March 31, 2015

The Networking Nerd

Budgeting For Wireless With E-Rate


After having a nice conversation with Josh Williams (@JSW_EdTech) and helping Eddie Forero (@HeyEddie) with some E-Rate issues, I’ve decided that I’m glad I don’t have to deal with it any longer. But my conversation with Josh revealed something that I wasn’t aware of with regards to the new mandate from the president that E-Rate needs to address wireless in schools.

Building On A Budget

The first exciting thing in the new rules for E-Rate modernization is that there has been an additional $1 billion injected into the Category 2 (Priority 2) items. The idea is that this additional funding can be used for purchasing wireless equipment as outlined in the above initiative. I’ve said before that E-Rate needed an overhaul to fix some of the issues with reduced funding in competition for the available funding pool. That this additional funding came through things like sunsetting VoIP funding is a bit irritating, but sometimes these things can’t be helped.

The second item that caught my attention is the new budgeting rules for Category 2 in E-Rate going forward. Now, schools are allocated $150 per student for a rolling five year period. That means the old “2 of 5″ rule for internal connections is gone. It also means you are going to have to be very careful with your planning from now on. But when it comes to wireless, that’s what has been advised by the professionals for quite a while. The maxim of “one AP per classroom” won’t fit with these new funding rules.

Let’s take an example. If your school has 1,000 students you are allocated $150,000 for Category 2 for a five year period. If you want to use this entire amount for wireless, you could use it as follows:

  1. Spend $150,000 this year on new wireless gear. You will have no extra money available in the next four years.
  2. Spend $100,000 on new wireless gear this year. You can then use the remaining $50,000 for more gear or maintenance on the existing gear in the next four years. Adding a warranty or maintenace contract to the initial cost will give you coverage on the gear over the five-year period.
  3. Spend $30,000 each year on new APs or on a managed service. This means you have less each year to spend, but you can continually add pieces.

If you student numbers increase in the five years, you gain access to additional funding. However, that’s not a guarantee. And thankfully, if you lose students you don’t have to pay back the difference.

The “D” Word“”

With the amount of money allocated to Priority 2 limited over a time period, design becomes more and more important, especially if you are building a wireless design. You can’t just throw an access point in every classroom or at every hallway intersection and call it a day. You’re going to need to invest real time and effort into making your design work.

Sometimes, that will mean paying for the work up front. Without funding. Those words strike fear into the hearts of school technology workers. I’ve seen cases where schools refused to pay for anything that wasn’t covered under E-Rate. In the case of a wireless design, that may be even harder to swallow, since the deliverable is a document that sits on a shelf, not a device that accomplishes something. If tech professionals are having a hard time buying it, you can better believe the superintendant and school boards will be even more averse.

A proper wireless design will save you money in the long term. By having someone use math and design principles to place APs instead of “best guesses”, you can reduce the number of APs in many cases while improving coverage where it’s needed instead of providing coverage for a strip of grass outside a classroom instead of the library. Better coverage means less complaints. Less hardware means less acquistion cost for your E-Rate discount percentage. Less cost means more money left in your budget for other E-Rate technology needs. Everyone wins.

Tom’s Take

I couldn’t figure out how the FCC was going to pay for all of this new wireless gear. Money doesn’t appear from nowhere. They found some of it by taking their budgeted amounts and reducing the unneeded items to make room for the things that were required. That learning process made them finally do something they should have done years ago: give the schools a real budget instead of crazy rules like “2 of 5″.

Yes, the per student budget is going to hurt smaller schools. Schools without higher headcounts are going to get much less in the coming years. But many of those smaller schools have disproportionately benefitted from E-Rate in the past 15 years. Tying the funding amounts to the actual number of users in the environment will mean the schools that need the funding will get it to improve their technology situation. And that’s something we can all agree is welcome and needed.


by networkingnerd at March 31, 2015 07:45 PM

My Etherealmind

Analysis: 3 Emerging Categories in Networking Markets for 2015

The most significant underlying technology trend in networking is that startups have taken analytics and big data software and applied it to network devices. Three emerging product categories are Security Threat Systems, Software Defined WAN and Network Analytics & Control.

The post Analysis: 3 Emerging Categories in Networking Markets for 2015 appeared first on EtherealMind.

by Greg Ferro at March 31, 2015 02:47 PM

Peter's CCIE Musings and Rants

Deciphering Cisco Prime License Manager: What is using what licenses, how can I tell which users are being counted as CUWL Std? How do I know which users are Enhanced?

Hi Guys

Remember that funny joke Cisco told us a few years ago? How they where going to make licensing for CUCM way easier? How everything would be so much better with Prime License Manager? Ha Ha they are so funny!

But seriously, short of having a certificate program for their licensing, Cisco Licensing for collaboration platforms remains incredibly difficult and confusing, especially when it comes to maintenance.

To help make a bit more sense of it all, this post will be continously updated as I find out new licensing issues and how to resolve them.

One of the first issues I ever encountered was working out exactly why some users where being classified as enhanced, some as enhanced plus, some as CUWL STd, etc. etc. It has always been very confusing to me to work out WHY

Thankfully, in CUCM 10.5 to Cisco's full credit there is a tool that can help you determine this:

Go to System -> Licensing -> License Usage report and you should see a helpful screen like this one:

As you can see, on the right hand side you can actually click the report to get a list of the users who are consuming particular types of licenses, this really helps narrow it down. You may find that after you make changes to these users to try and avoid the license count issues you will have to click update usage details, as well as sync the product instance in your prime license manager.

by peter_revill ( at March 31, 2015 03:11 PM

Network Design and Architecture

VRF-Lite+GRE/dot1q or MPLS L3 VPN

I am going to create a new category on the blog which we will discuss together the different technologies,protocols, designs and architecture. You can suggest a discussion topics and you all please welcome to join the discussions in the comment box of each topic. I want to throw a first topic for the discussions !… Read More »

The post VRF-Lite+GRE/dot1q or MPLS L3 VPN appeared first on Network Design and Architecture.

by orhanergun at March 31, 2015 12:55 PM

My Etherealmind

Thought for The Day: NetBIOS over IPX

I found a capture file from 2002. I must have been troubleshooting name resolution of NetBIOS over IPX for print servers because I am only capturing broadcasts on the Ethernet segment. And Wireshark can still open a data format from 15 years ago and render the data.   I surely do not miss these days. […]

The post Thought for The Day: NetBIOS over IPX appeared first on EtherealMind.

by Greg Ferro at March 31, 2015 09:51 AM

March 30, 2015


Is Juniper The Next Cisco?

Juniper flexed its muscles at the Innovation Showcase held in March 2015. What did they talk about? What does it mean for their customers going forward? I perform an introductory analysis.

by Ethan Banks at March 30, 2015 09:06 PM

Network Design and Architecture

Network Complexity

Network complexity plays a very important role during network design. Every network designer tries to find the simplest design. Although there is no standard definition for the network complexity yet, there are many subjective definitions. In today network designs decisions are taken based on an estimation of network complexity rather than absolute, solid answer. If… Read More »

The post Network Complexity appeared first on Network Design and Architecture.

by orhanergun at March 30, 2015 12:37 PM

XKCD Comics

March 29, 2015

Network Design and Architecture

2016 CCDE Practical Exam Dates

Cisco announced 2016 CCDE Practical exam dates. CCDE practical exam is organised only in every 3 months. Prerequisite for the exam is CCDE Written Qualification exam. You can attend the exam 4 times a year in  a Professional Pearson Centers. I am planning to start my CCDE trainings  2 months before an announced exam date… Read More »

The post 2016 CCDE Practical Exam Dates appeared first on Network Design and Architecture.

by orhanergun at March 29, 2015 10:16 AM

March 27, 2015

My Etherealmind

Musing: HP Networking Futures after deals with Aruba & H3C

HP Networking will acquire Aruba and now it is selling 51% stake in H3C to a Chinese venture capital firm.  What could this mean for HP Networking customers ?  The sale of a controlling interest in H3C means that HP Networking has government support (blessing?) to sell products in China. The Chinese government has been […]

The post Musing: HP Networking Futures after deals with Aruba & H3C appeared first on EtherealMind.

by Greg Ferro at March 27, 2015 01:12 PM

Loopback Mountain

Quick Example: Elasticsearch Bulk Index API with Python

A quick example that shows how to use Elasticsearch bulk indexing from the Python client. This is dramatically faster than indexing documents one at a time in a loop with the index() method.

by (Jay Swan) at March 27, 2015 02:17 AM

XKCD Comics

March 26, 2015

My Etherealmind

The End of WHOIS ?

The convergence trend on HTTPS protocol continues to gather momentum. This time it is the venerable WHOIS protocol that is poised to be replaced with RDAP over HTTP.

The post The End of WHOIS ? appeared first on EtherealMind.

by Greg Ferro at March 26, 2015 04:00 PM

Networking Now (Juniper Blog)


There is a lot of focus these days in the US Congress and in the Administration on the topic of cyber information sharing. While it is important to elevate the dialogue about cybersecurity preparedness, protection, and resilience to a sustained national level, we must also not fall into the trap of thinking that the work is done by simply improving the exchange of cyber threat and vulnerability information.

by Bob Dix at March 26, 2015 12:00 PM

March 25, 2015

Peter's CCIE Musings and Rants
XKCD Comics

March 24, 2015

Networking Now (Juniper Blog)

Say goodbye to the network performance/security dilemma

Tired of security solutions that can’t keep up with the speed of your network—much less the speed of your business? Then you’ll love what Express Path has to offer.

by rajoon at March 24, 2015 09:45 PM

My Etherealmind

Commodity Manufacture is the Majority of Switch Products

How much of an Ethernet switch product is custom made by the vendor and how much is commodity components selected and assembled into a closed vendor solution ?

The post Commodity Manufacture is the Majority of Switch Products appeared first on EtherealMind.

by Greg Ferro at March 24, 2015 06:00 PM

Four Different Types of Ethernet & Whitebox Products

I drew up this diagram to explain how I see four different categories of Ethernet switches emerging in to the market.

The post Four Different Types of Ethernet & Whitebox Products appeared first on EtherealMind.

by Greg Ferro at March 24, 2015 04:00 PM

The Networking Nerd

Does EMC Need A Network?


Network acquisitions are in the news once again. This time, the buyer is EMC. In a blog article from last week, EMC is reportedly mulling the purchase of either Brocade or Arista to add a networking component to its offerings. While Arista would be a good pickup for EMC to add a complete data center networking practice, one must ask themselves “Does EMC Really Need A Network?”

Hardware? For What?

The “smart money” says that EMC needs a network offering to help complete their vBlock offering now that the EMC/Cisco divorce is in the final stages. EMC has accelerated those plans from the server side by offering EVO:RAIL as an option for VSPEX now. Yes, VSPEX isn’t a vBlock. But it’s a flexible architecture that will eventually supplant vBlock when the latter is finally put out to pasture once the relationship between Cisco and EMC is done.

EMC being the majority partner in VCE has incentive to continue offering the package to customers to make truckloads of cash. But long term, it makes more sense for EMC to start offering alternatives to a Cisco-only network. There have been many, many assurances that vBlock will not be going away any time soon (almost to the level of “the lady doth protest too much, methinks“). But to me, that just means that the successor to vBlock will be called something different, like nBlock or eBlock.

Regardless of what the next solution is called, it will still need networking components installed in order to facilitate communication between the components in the system. EMC has been looking at networking companies in the past, especially Juniper (again with much protesting to the contrary). It’s obvious they want to have a hardware solution to offer alongside Cisco for future converged systems. But do they really need to?

How About A BriteBlock?

EMC needs a network component. NSX is a great control system that EMC already owns (and is already considering for vBlocks), but as Joe Onisick (@JOnisick) is fond of pointing out, NSX doesn’t actually forward packets. So we still need something to fling bits back and forth. But why does it have to be something EMC owns?

Whitebox switching is making huge strides toward being a data center solution. Cumulus, Pluribus, and Big Switch have created stable platforms that offer several advantages over more traditional offerings, not the least of which is cost. The ability to customize the OS to a degree is also attractive to people that want to integrate with other systems.

Could you imagine running a Cumulus switch in a vBlock and having the network forwarding totally integrated with the management platform? Or how about running Big Switch’s Big Fabric as the backplane for vBlock? These solutions would work with minimal effort on the part of EMC and very little tuning required by the end user. Add in the lowered acquistion cost of the network hardware and you end up with a slightly healthier profit margin for EMC.

Is The Answer A FaceBlock?

The other solution is to use OpenCompute Project switches in a vBlock offering. OCP is gaining momentum, with Cumulus and Big Switch both making big contributions recently at the 2015 OCP Summit. Add in the buzz around the Wedge switch and new Six Pack chassis and you have the potential to have significant network performance for a relative pittance.

Wedge and Six Pack are not without their challenges. Even running Cumulus Linux or Open Network Linux from Big Switch, it’s going to take some time to integrate the network OS with the vBlock architecture. NSX can alleviate some of these challenges, but it’s more a matter of time than technology. EMC is actually very good at taking nascent technology from startups and integrating with their product lines. Doing the same with OCP networking would not be much different from their current R&D style.

Another advantage of using OCP networking comes from the effect that EMC would have to the project. By having a major vendor embrace OCP as the spine of their architecture, Facebook gains the advantages of reduced component costs and increased development. Even if EMC doesn’t release their developments back into the community, they will attract more developers to the project and magnify the work being done. This benefits EMC as well, as every OCP addition flows back into their offerings as well.

Tom’s Take

We’re running out of big companies to buy other companies. Through consolidation and positioning, the mid-tier has grown to the point where they can’t easily be bought by anyone other than Cisco. Thanks to Aruba, HP is going to be busy with that integration until well after the company split. EMC is the last company out there that has the resources to buy someone as big as Arista or Brocade.

The question that the people at EMC need to ask themselves is: Do we really need hardware? Or can we make everything work without pulling out the checkbook? Cisco will always been an option for vBlock, just not necessarily the cheapest solution. EMC can find solutions to increase their margins, but it’s going to take some elbow grease and a few thinking caps to integrate whitebox or OCP-style offerings.

EMC does need a network. It just may not need to be one they own.


by networkingnerd at March 24, 2015 03:24 PM

Network Design and Architecture

Introduction to Network Design, Pre-CCDE Training

I am going to start an ONLINE Pre-CCDE  preparation course in Mid of April I realized that many people is not ready to start study CCDE study and they don’t know what they study before attend a CCDE Training or Bootcamps. Course will cover network design principles,theory of the; IGP, BGP, MPLS, VPNs, Qos, Multicast and… Read More »

The post Introduction to Network Design, Pre-CCDE Training appeared first on Network Design and Architecture.

by orhanergun at March 24, 2015 11:42 AM

Networking Quiz -2

In this networking quiz you have 5 questions. It is not a basic, also not too hard.It should take less than 10 minutes for an experienced engineers. If you want to learn the basics of NETWORK DESIGN, check my latest PRE-CCDE Training. You can enjoy with more quizzes by clicking here.   How was it ?… Read More »

The post Networking Quiz -2 appeared first on Network Design and Architecture.

by orhanergun at March 24, 2015 11:42 AM

March 23, 2015

Bridging the gap between CCIE RS and SP

Packet Loss Recovery


Modern TCP stacks have become more efficient at dealing with latency by adding TCP Window Scaling and Selective Acknowledgements. However TCP is still vulnerable to packet loss and this has a drastic impact on network performance. To avoid the negative effects of packet loss and retransmissions, Packet Loss Recovery can be configured.

Why is Packet Loss important?

  • Loss has a severe impact on TCP performance: For example TCP throughput over a 100 Mbps link is limited to 1 Mbps at 80 ms and 2% loss.
  • More businesses are connecting their offices via low cost VPN links. These typically have 1% loss rate, which is 10 times higher than MPLS links.
  • SLA’s provide a false sense of security. A 3+% loss for an hour a day means providers can still meet a very low monthly average loss rate SLA.
  • Packet Loss is higher in emerging and developing countries. On average 2% or more.


Packet Loss Recovery

To counter the negative effects of loss on TCP throughput, Wanos can be configured to provide packet loss recovery to assist in TCP Acceleration. Below are CIFS copy speed stats over various loss and delay profiles. The first control test indicates the standard TCP throughput under these conditions. The second test is with Wanos Packet Loss Recovery enabled and compression and deduplication disabled.

Packet Loss Recovery Performance

Packet Loss Recovery Performance


Packet Loss Recovery Demo

In the illustration below compression and deduplication has been disabled. The link has a 50ms latency and 5% packet loss rate. TCP throughput on this link is below 1 Mbps. When Packet Loss Recovery is enabled, TCP Acceleration improves throughput up to 10x.

The post Packet Loss Recovery appeared first on Free WAN Optimization Software.

by Wanop at March 23, 2015 09:31 PM

Peter's CCIE Musings and Rants

Great Explanation of the SIP Diversion header

Hi Guys!

Found this blog post on the SIP diversion header and had to share it, really good explanation of exactly when it's used, his reading of the RFC is most enlightening:
  • A change to the ultimate destination endpoint of a request. A change in the Request-URI of a request that was not caused by a routing decision. This is also sometimes called a deflection or redirection.
  • A diversion can occur when the “user” portion of the Request-URI is changed for a reason other than expansion or translation.
  • A diversion can occur when only the “host” portion of the Request-URI has changed if the change was due to a non-routing decision.

In other words, some sort of forward set on the users phone.

by peter_revill ( at March 23, 2015 05:51 PM

Cisco Mediasense (Cheap and cheerful Call recording)

Hi Guys!

I recently had to install Cisco MediaSense to configure another feature, Cisco Mediasense from everything I can tell is essentially a fairly rudimentary call recording solution. Cisco talk a lot about it's open API, network-based etc. etc. but for me it's really just a great way to get cheap recording.

To deploy it, first all you need to do is obtain the ISO and install it as a virtual machine just like any other Voice application.

It is licensed per concurrent recording, from what I could say the price per user hovers between $20 to $40 bucks, so for an organization with a T1 and a small call center it's pretty cost effective, around $400 to $500 bucks (maybe a little more once maintenance is added) to record up to 24 sessions at a time.

There is another part number available for it:  MCP-10X-AUD-10PACK which includes 10 concurrent ports.

The configuration of media sense itself is extremely straightforward, when you first login to the mediasense server it will prompt you to configure a username/password for connectivity to AXL on CUCM.

Note: this SHOULD NOT and infact CANNOT be your usual admin user, resist the temptation to just slack off and use your admin account and instead create a new AXL user for this, they will also require CM administration privileges.

Once this is done MediaSense is essentially configured! Their is very little you can configure except for selecting which users can utilize the 'Search and play' functionality.

You do this by navigating to Administration - Mediasense API user Configuration

The fact that they call this section Mediasense API user, along with the very limited functionality available to the user makes Cisco's insistence that this is simply a device for COLLECTING the media, not for organizing/searching through it even more obvious.

The GUI that is available to search through recordings can be found on at the following URL:


You can login with the user you defined as a mediasense API user previously.

The GUI is pretty limited as you can see and you can see in terms of searching and organizing, but you can export the recordings, save them and even perform a live monitor by clicking on "Active Calls"

For CUCM configuration the first step is to configure a SIP trunk pointing to the IP address of the Mediasense server, this is straightforward so the steps for this are not outlined below.

Once this is done, you need to create a route pattern and point a number to this SIP trunk.

Finally, you need to define a call recording profile under:
Device -> Device Settings -> Call Recording Profile

 The settings for this are shown below, obviously replace 9998 with the number you configured previously and pointed to the SIP trunk

To configure a phone to use the call recording feature, you must first make sure the phone has a Built in Bridge enabled under the phone configuration, next, you must go to the phones line and select the call recording profile:

 For troubleshooting, I find it helpful to turn on the recording beeps so that you can tell the call is being recorded. This can be found back under the phone device configuration:

 So there you have it, cheap and cheerful call recording that might be all you need for certain situations.

I hope this helps someone out there!

by peter_revill ( at March 23, 2015 11:55 AM

XKCD Comics

March 21, 2015

Bridging the gap between CCIE RS and SP

Router Mode – Out of Path

Wanos runs in bridge mode by default. In some cases it might not be possible to place a simple bridge appliance in-line or in-path. In this scenario out of path can be used by configuring the wan optimizer in router mode or server mode.

When router mode is configured, only the physical wan0 interface is used. The primary IP address, as configured in the GUI or wanos-cfg, is used to indicate wan0 traffic. One or more secondary IP addresses are configured to indicate the lan0 networks. This implementation is designed to preserve IP visibility throughout the network. This means addresses are not translated or proxied and clients, servers and network visibility tools see original source and destination addresses.

Source based or policy based routing:

In the following diagram the data center wan optimizer primary and secondary address share a segment with the gateway router. Optimized traffic from the wan is directed to the wan0 address Traffic from the lan that needs to be optimized is directed to the virtual lan address High availability safe fail-over is possible by tracking the wan accelerator address.

Wan Optimizer PBR Policy Based Routing Out of Path

Policy Based Routing Out of Path


Simple routing:

In the following diagram the data center wan optimizer primary address shares a segment with the gateway router. Traffic from the wan is directed to the wan0 address Devices on the lan have their default gateways set to be the wan accelerator virtual lan addresses and High availability is possible by configuring secondary routes.

Wan Optimizer Router mode Out of Path

Router mode Out of Path

The post Router Mode – Out of Path appeared first on Free WAN Optimization Software.

by Wanop at March 21, 2015 04:27 PM