February 24, 2018

Potaroo blog

Peak DNSSEC?

Has the adoption of DNSSEC already peaked well before any level of complete deployment? If so that what might that mean for the way in which we manage security and resilience on the Internet?

February 24, 2018 12:50 AM

February 23, 2018

ipSpace.net Blog (Ivan Pepelnjak)

EVPN with MPLS Data Plane in Data Centers

Mr. Anonymous (my most loyal reader and commentator) sent me this question as a comment to one of my blog posts:

Is there any use case of running EVPN (or PBB EVPN) in DC with MPLS Data Plane, most vendors seems to be only implementing NVO to my understanding.

Sure there is: you already have MPLS control plane and want to leverage the investment.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 23, 2018 09:00 AM

XKCD Comics

February 22, 2018

The Networking Nerd

Wireless Doctors

Wireless is a complicated thing. Even when you try to distill it down to networking basics on the wired side of the access point, you still have a very hard problem to solve on the radio side. Even I’ve talked in the past about how wireless is now considered a “solved” problem. But, the more I interact with wireless professionals and the more I think about the problem, the issue isn’t that IT departments think wireless is solved, it’s that they don’t appreciate the value of a specialist.

The Last Place Doctor

There’s an old joke that goes, “What do you call the person that graduated last in their medical school class? Doctor.” Professionals spend a lot of their time learning a tradecraft and practicing it to get better. And it’s not just doctors. So do plumbers, electricians, and teachers. Anyone that has ever tried to do any of these trades will tell you that the basics are capable of being figured out by the average non-professional, but the details are a huge leap.

You’d never assume that being able to put on a Band-Aid on a scrape would qualify you to do brain surgery. Or that changing a lightbulb would mean you can rewire a house. Why is it then that most IT people think that knowing the radiation pattern of an access point antenna qualifies them to just hang them wherever they want with no regard for coverage or interference?

Specialists are an important part of society. They spend their time learning things so that they can do them better than anyone else. You’d never argue that a basketball player would make a good offensive lineman. That’s a physical difference and a difference in skillset that can’t translate between the two. So why do we do it in IT?

For wireless specifically people think that it’s easy because it “just works”. Time and time again when I talk to my friends in the wireless community they tell me that it’s far too easy to put up wireless that works badly. And because it’s functional people just go with it. Whether it’s a hotel or a public venue or a coffee shop, people are content to tolerate bad design and terrible implementation. Yet, when someone steps in to try and help them fix the problem there is hesitation on the part of the customer to make it happen.

The Specials

Why are customers hesitant to make their wireless work correctly with help from a specialist? The answer could be that people think wireless is so easy that paying someone to do it is too much of an expense. It could also be that when the wireless professional starts talking about the pieces that are “hard”, namely the radio design, antenna selection, and site survey, that people just tune out the jargon and think they are getting sold a bill of goods. Yet, when the doctor starts telling them about all the procedures that need to be done to get them healthy they won’t bat an eye.

Wireless professionals need to be treated just like any other specialized professional that provides a service to help people. It may not be brain surgery or arguing a case before the Supreme Court, but it’s a piece of specialized knowledge that they spend their time practicing to the point where they are very, very good at it.

Wireless professionals also need to make sure they justify their value when the conversation inevitably turn toward costing too much or not adding any value to a design or survey. Stand up for what you do! Tell the customer that your skills are crucial to make this deployment work properly. It’s always amazing to me that no one bats an eye at someone when they say they need time to figure out OSPF in a network but when a wireless professional says they need to do a site survey there is a huge discussion about it.

Customers too need to realize that their wireless deployments are easier to accomplish when the proper resources are allocated to make them happen quickly and efficiently. You can either pay a professional with years of experience to make it happen or you can grab a CWNA book and start learning the trade. But thinking that wireless is an easy problem does a disservice for both the wireless professional community and for your users as well.


Tom’s Take

The more I talk to my wireless friends, the more I realize that wireless is hard. I spend a lot of time with the packets on the wire side and I understand how those things work. But I also don’t have to worry about trees, microwaves, Bluetooth, or any one of the hundred other problems that can interfere with an otherwise perfect deployment. The people that know more than me have learned over years how to do it right. And so, when someone asks me if I can do a big wireless installation for them I don’t have a problem going to one of my friends. Because I’d rather the wireless doctors do it right than me doing it halfway.

by networkingnerd at February 22, 2018 04:26 PM

My Etherealmind

Big Changes Ahead for Core Internet Protocols – IETF Journal

Excellent summary of what seems to be poorly understood. IPv6 is going nowhere slowly but the higher level protocols are changing today. Now, significant changes to the core Internet protocols are underway. While they are intended to be compatible with the Internet at large (since they won’t get adoption otherwise), they might be disruptive to […]

by Greg Ferro at February 22, 2018 03:03 PM

ipSpace.net Blog (Ivan Pepelnjak)

Big Red Button for Network Automation

A while ago I was enjoying a few beers with a longtime friend of mine who happens to be running the networking team for one of the rare companies that understands how infrastructure should be built and operated.

Of course, I had to ask him what he thinks about the imminent death of CLI and all-encompassing automatic provisioning from some central orchestration system. Here’s the gist of his response:

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 22, 2018 12:26 PM

February 21, 2018

My Etherealmind

NANOG Keynote: History of the Internet (it was not the bomb)

Scott Bradner retired in late 2016 after more than 50 years in Harvard University IT. Along the way he worked in the IETF for 25 years – 10 on the IESG – and served on the ISOC & ARIN boards.

by Greg Ferro at February 21, 2018 08:02 PM

ipSpace.net Blog (Ivan Pepelnjak)

How Useful Is Microsegmentation?

Got an interesting microsegmentation-focused email from one of my readers. He started with:

Since every SDDC vendor is bragging about need for microsegmentation in order to protect East West traffic and how their specific products are better compared to competition, I’d like to ask your opinion on a few quick questions.

First one: does it even make sense?

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 21, 2018 07:17 PM

Internetwork Expert Blog

We now offer live, on-site Google Cloud Architect training!



 

We’re excited to announce the release of our newest bootcamp: The Google Cloud Architect Exam Bootcamp. Currently the only course of it’s kind on the market, this bootcamp focuses specifically on what candidates need to know to pass the GCP Cloud Architect Exam. Like our other bootcamps, this class is taught live, on-site by an expert INE Instructor and will feature 5 days of intensive, hands-on, real world exercises, practice exams, and in-depth case study discussions. Attendees will also be provided access to a complete series of GCP based cloud labs.

The goal of our GCP Cloud Architect Exam Bootcamp is to equip students with a foundation-level knowledge of Google Cloud Platform to pass the exam. The primary focus of the class is core concepts and topics found on the GCP Cloud Architect written exam.

This bootcamp is currently only offered in May and August of 2018, at our NC location, but more dates and locations will likely be added in the future.

Who Should Take it?

Our Written Exam Bootcamp is for anyone who is beginning their GCP Cloud Architect certification journey, but already has at least basic knowledge of cloud computing. We strongly recommend at least 1 year of hands-on experience prior to attempting a GCP Cloud Architect Exam Bootcamp.

What Can You Expect?

This Bootcamp is structured to run 10 hours per day, with a one-hour lunch break. Each day will be a combination of lectures, instructor-led demonstrations, Q&A sessions, hands-on exercises, and frequent quizzes. Students will also have full access to their lab equipment throughout the evening to continue practicing on their own or as groups.

Each student will be equipped with his or her own Qwiklabs and GCP account. Each day, instructor lectures will be followed by applicable technology-focused labs. Upon completion of this class, the student will have a solid foundation of knowledge and a keen understanding of what topics to focus on for the remainder of their studies.

Interested in becoming one of INE’s first Google Cloud bootcamp students? Click here for more information.

by jdoss at February 21, 2018 04:03 PM

XKCD Comics

February 20, 2018

IPEngineer.net

Automation: Easy Button vs Sentient Voodoo Magic Button

Automation has become this “all-encompassing thingy” much like SDN. It’s a software industry problem and it’s critical more now than ever that we do not slip backwards by trying to drag a broken idea forwards.

This post contains nothing new and should act as polish on common sense. If you’re on the look-out for removing pain and getting stuff done with the power of automation, read on.

If your processes and operating handbook for your team or organisation is in disarray, it will not come too much as a surprise when your automation team implements something inherently broken. Naturally the technology, shortly followed by the team will take a boat load of blame. Whilst artificial intelligence and machine learning is promising, unless you have a team of subject matter experts or have very deep pockets, automation today is simple and the patterns are hard wired. Even decision making logic has been should be pre-thought. Automation platforms do not today think creatively and do not possess sentient capabilities. If they did, I would be on a beach right now drinking mojitos, smoking cigars and wondering what to do with my time on this rock (the answer by the way would be activities like climbing and golf).

Push Them Buttons

Pressing buttons can be fun especially if it has a flashing light. A button however, can be an opinionated jerk. Once pressed, it might do the correct thing once, then spit half finished items off the end of the production line whilst at the same time claiming success and running for cabinet.

Boiling down a set of operations to be started and repeated idempotently by the same button is the result of a team designing a process and taking it through governance to ensure it will do the absolutely required tasks.

A button represents a well thought out atomic unit of logic that has deterministic decision branching.

If your atomic unit of logic is broken, so will be your button. If you don’t know what API calls to make, the type and content of data then you’re button will be loosely comparable to a deranged and angry gorilla navigating its way through your operational stack.

Decision branching is synonymous to a decision block in a flow chart. First, you need the information to be able to answer the question. Just because we can use variables doesn’t mean we can perform arcane black magic. If you’re thinking “But we can make decisions dynamically, that makes it clever”, then go without your treat at the weekend. Converted manual processes that are technically accurate at the time of creation matched against the version of API or SDK in use, yield the best foundation for automated processes. Each automation platform offers varying levels of finesse and logic control to manifest the process. Mastery of a platform goes along way to clean and deterministic automations.

For example:

If {{ data }} is "foo" then do X

By the above, if data is a number and the underlying logic does not type cast the type of data to a string, because “foo” is a string, then this might actually crash your button. Your intent is misguided and lack of thought is on display here.

What is even more common:

If {{ data }} is bar, then do something magic automation thingy because software

This is all too real unfortunately. The lesson and closing thought is this: If you want to simplify automation operations down to fool-proof buttons, make your processes fool-proof. Once humans can operate the process without error then an automation platform stands a chance.

Once your process is proven, then it can be converted to the parlance of your chosen automation tool. Your automation tool will have integration modules to push and pull data and it will have the decision making logic capabilities required to make informed and accurate decisions.

When interacting with an API of any kind, your surface area for problems increases by magnitudes. Writing reliable code is one thing and writing integrations against someone else’s is a time problem. It might work today, but what about the next minor library update?

Chaos Gorilla and Using Your Credits

Let’s pretend for a second that your well honed processes are automated with these “super” buttons. The irony here is that without exercise, your team’s ability to mend things quickly diminishes as familiarity drops with the various interfaces your automation integrates against.

It’s quite well known that some organisations have ‘game days’ where a pack of monkeys is let loose on infrastructure. I’m not so sure it’s true where automation is turned off. By engaging your team to manually work through normally automated tasks, it enables technical skills to be retained and also serves to validate automated processes. Teams should not be afraid to restart or upgrade services and automation has the adverse affect of removing confidence and introducing guess work.

Automation can end with grey failures and as software moves ever forward, these kinds of game days give you an opportunity to keep your automated processes current and your team sharp.

As we engineer more reliable systems, it’s entirely normal for people to expect less downtime and the pressures of ever available systems means we get might get scared to do anything “just in case”. Normality however lends us “downtime tokens” in the form of uptime demands. If you get used to spending your “downtime tokens” you can also exercise the organisations ability to execute business-as-usual operations without feeling like everything is on fire.

Some of this might make you feel uncomfortable and this post came out of trying to assist conversations going forward specifically in bravery and organisational evolution.

Close

Whilst this post sounds awfully negative on the whole, it’s supposed to be an expectation setter. When automation is done wrong from both a skill set and technological point of view, the outcome can be disastrous. Automation when done and controlled correctly can improve the velocity of innovation and business on the whole.

The post Automation: Easy Button vs Sentient Voodoo Magic Button appeared first on ipengineer.net.

by David Gee at February 20, 2018 06:35 PM

ipSpace.net Blog (Ivan Pepelnjak)

We Do Magic Crypto with No Impact and No Performance Loss

Not surprisingly, every now and then I get a comment from a pushy $vendor rep who fails to mention that he works for a vendor, or that he happens to be their VP of Marketing. Here’s a gem I got late last year (no, I did not allow that comment to be published):

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 20, 2018 11:59 AM

February 19, 2018

Internetwork Expert Blog

New to the INE Video Course Library: Introduction to Azure Design and Implementation

Last week we added a new Azure course to our video library. This is the first course of it’s kind and can be found on the INE streaming site and also for sale on ine.com

<iframe frameborder="0" height="315" src="https://www.youtube.com/embed/AZtDRyvsqKc" width="560"></iframe>
 

Why Study Azure:
Azure is Microsoft’s version of web services management. Azure is a great option for DevOps professionals due to it’s diversity. Azure allows you to create intelligent apps using the language of your choice, including Node.js, Java and .NET, and works for both PC and Mac users. With 100+ services and tools to manage apps, Azure Design has become a favorite among many large companies and should be considered an essential study topic for DevOps professionals.

About the course:
Length- 1 hour 23 minutes
Instructor- Gary Bushey

In this Series we will take a look at what Azure is, including what IaaS, PaaS, and SaaS mean. We will thoroughly discuss Azure PaaS and some of the specific technologies used with PaaS, namely containers and artificial intelligence.

In the second section, we will discuss how to move your applications to Azure. The first video will provide an introduction to the Architectural decisions to make when moving your application, including which style (like N-tier, Microservices, or Web – queue – worker) and which data store (like a relational database, document database, or object store) to use. The second video will discuss design principals to keep in mind when moving your application. This includes items like Availability, Resilience, and Monitoring. The series will end with a discussion of the various cloud design patterns that can be used to realize the design principles. These include items like the Ambassador, Circuit breaker, and Sharding patterns.

About the Instructor:

Gary Bushey is a certified Azure Architect that has worked for numerous Fortune 500 companies and the US Department of Defense. When not working with computers he is traveling around the US in his RV with his girlfriend and their two dogs. He enjoys outdoor activities like hiking, biking, camping and grilling, as well as building houses with Habitat for Humanity.

by jdoss at February 19, 2018 06:44 PM

ipSpace.net Blog (Ivan Pepelnjak)

Automation Isn’t About Building a Button to Press

This is a guest blog post by Carl Buchmann, Managing Solution Consultant at TeraMach. Carl attended the Building Network Automation Solutions online course in 2017.

There is one thing I regret not doing sooner during my automation journey, and that is adopting Git and a proper IDE/text editor that has built-in source control management. I personally use Microsoft Visual Studio Code, as it has Git built in and has many great extensions to validate code syntax.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 19, 2018 10:15 AM

XKCD Comics

February 17, 2018

ipSpace.net Blog (Ivan Pepelnjak)

Worth Reading: Whiteboxes for Everyone

Gian Paolo Boarina wrote a blog post describing why it’s so ridiculous to see everyone excited about the latest thing Netflix (or Google or Amazon or…) managed to pull off. Absolutely worth reading.

On a similar topic: did you notice that Google started promoting clientless SSL VPN as the next great thing? RFC 1925 anyone?

by Ivan Pepelnjak (noreply@blogger.com) at February 17, 2018 10:15 AM

February 16, 2018

Inevitable (Himawan's blog)

Network Engineer Certification in 2018


Last week I was in Mountain View, in a room full of senior Network Engineers, and we were talking about the skills that need to be developed by more junior Network Engineers. Suddenly someone shouted from the back "CCIE!" and the whole room started laughing.

So CCIE is a laughing stock now?

No need to get offended. You have to understand the context here:
These group of people have been working for the best company in the world. They have been working on the most advanced network infrastructure. The company's undersea cables connect all contingents, to delivers 25% of worldwide Internet traffic.


These people didn't develop their skill through certification. They developed their skills by building the real stuff. When these group of Network Engineers realized the network capacity in the company's data centers has grown so fast that conventional routers and switches can't keep up to meet the requirements of its distributed systems, they decided to build its own instead. These Network Engineers build and operate software-defined networking, before the world invented that terminology. They've been automating network operation in Data Center, WAN, Internet Peering, all the way to Wifi and Enterprise networking, to support 7 company's products with more than billion users.

But think about my situation 18 years ago when I started. I was jobless. I graduated not from Computer Science. There was not any clear guideline available on how to become a Network Engineer. There was not any opportunity to develop my skills. Pursuing certification, from CCNA to CCIE, was the most logical and the best choice at that time.


Having said that, it's 2018. And if any of you think your current situation is similar with me 18 years ago, and that makes you try to repeat my experience with certification today, you should think again.

Remember the most important principle here: use certification as a mean to learn the knowledge. Certification program is good since it puts structure to your learning path. And certification exam, is usually a good way to measure your progress. So if you believe your certificate will get you a job, it's up to you. If you still like to read "top paying" or "hottest IT certification" article, be my guest. I can tell you straight away no certification will be able to put you in that room in Mountain View.

However, if you agree with my point to use certification as guideline to study, here are the Top 10 that I think every Network Engineer should pursue in 2018:

(Please note I'm putting only the certifications that I have personally taken and possessed, to walk the talk)

1. Treat Network as Cattle, not Pet

This comes from one important idea in Google Site Reliability Engineering: that in order to have a reliable system, you need to make it out of interchangeable and replaceable parts that can fail at any time. Bikash Koley, CTO at Juniper Networks, reviews the challenges of networking within large scale infrastructure, reviewing the change needed from treating networking less like pets, and more with fleet management in mind.

This first point is not about certification. It's about mindset.

2. Vendor-Agnostic Networking Skills

Just like shown in one example of Google Network Engineer job ads that I posted several months ago, network engineering is here to stay. We still need someone with in-depth networking knowledge. You still need to know IGP and BGP and traffic engineering in details. Those knowledge are owned by Network Engineer (NE), not Software Engineer (SWE), Site Reliability Engineer (SRE) nor Security Engineer.

And you may use certification to build networking expertise. My advise is to reach at minimum CCNP/JNCIP level. You are welcome to continue to Expert level, but there is a risk for your knowledge to become too vendor-dependent for the implementation of the concept. And this also means take only one: either CCNP or JNCIP (or any equivalent from another vendor). They all teach the same concept, the only different is in the way to implement it. And you can go to multiple tracks to learn Routing & Switching, Data Center, Service Provider, Security and so on depending on how much you want to cover from an end-to-end network.

3. Linux is the New English 

Many tools for network engineer run on Linux, so it makes sense for any Network Engineer to know how to use it. I believe at minimum you should have a System Admin level knowledge. If you can go deeper and learn about hypervisor, kubernetes pods and Linux virtual networking, it is even better. Application workloads run on Virtual Machine or Containers are running on top of this OS as underlay. Today's network engineer must know how to connect them through virtual switch and virtual network, using several options of overlay protocols.

To develop Linux skill you can use something like RHCSA or equivalent.
(Note: I don't want to get into the debate of Linux vs. BSD here. Just look at the tools that you are using as Network Engineer, and check which OS they run and study it)

4. Speak API not CLI

Arista Networks CEO Jayshree Ullal once said “CLI is the way real men build real networks today.” In large-scale network this is definitely not the way to go. Instead of connecting to network device manually using CLI, our management tool or software must connect to the device using API. Understanding what is supported by the API can help to develop or even troubleshoot any issue between our software and the device.

I don't think there is any certification specifically covering API (and I haven't taken any that covers this). But I found this Network Programmability Basic learning program from Cisco DevNet is really good in explaining APIs.

5. Controller and Orchestrator 

Network used to be treated as group of devices running autonomously, with distributed intelligent, and each device is making the decision where to forward the packet. If we treat network as one fleet, the decision should be done from central location. This central Controller or Orchestrator must know how the network looks like, the current state of the network, and in Intent Based Networking System it can even translate business intent into specific instruction to be sent to network device.

In an end-to-end environment, all physical and virtual resources are managed by Controller and Orchestrator, that consists of network control, compute and storage control and service control, with cross-domain orchestration to manage all of them. This Controller and Orchestrator provide northbound API for the application, and use various southbound API from all the control layer to the resources. Southbound protocol from controller to the device does not have to be OpenFlow. However, if somehow you want to learn this protocol in more detail you can use the certification from ONS.

6. Automate or Die

Running network infrastructure as code is not something cliché anymore; it's real and necessary. When you have more devices in the network, automation is the only way to avoid human error. However, automation can bring complexity. And one mistake in CLI may bring down only one device, while one mistake in automation platform can be propagated quickly to the entire network.

My advice is to build your automation skills slowly: starting with Level 1, task specific automation, where you can write simple code to communicate to network devices using various APIs to execute certain task. Then move up to Level 2 by using platform like Ansible and its playbook to execute series of task to complete one workflow. Continue doing this until you reach Level 5 automation when you just need to define the policy between users or components in the network, by providing declarative requirements, and the system will execute without any human interaction. Zero human touch networking. This is the level for Intent-Based Networking System.

7. Cloud, more Cloud, and Multi-Cloud

According to PwC research, virtually all mid-and large-sized enterprises expect to move some workloads to the cloud in the next 1-3 years. Google spent over $30 billion in an effort to significantly improve its Cloud infrastructure. Alibaba now offers even more features than before in an attempt to take on the might of Amazon. Oracle is making massive investments in its cloud infrastructure with the addition of 12 new data center locations around the world, to join the cloud wars against IBM and Microsoft.

If the paragraph above does not encourage you to learn about Cloud, then you should! Enterprise IT in the future will have to connect their premise to Cloud, to multiple Cloud providers in fact, and as Network Engineer you must design the interconnection. At minimum you need to learn at least one Cloud provider, and you can use certification like Google Cloud Architect or equivalent for AWS.



8. Model Driven and Data Structure

A model is a simplified representation of a system. When we send the command using certain protocol to the device over API directly, this is called Stove Pipe approach. We need an abstraction layer, or a model, in the middle of the communication between all those protocols with the network devices. Think its function as mechanism to “normalize” devices configuration into one standard data model then push that configuration into devices using one standard protocol.

Company like Google has been using abstraction with model-driven approach to provide network topology view, configuration data structure and content, and telemetry data structure and attributes. A data structure is a particular way of organizing and storing data in a computer so that it can be accessed and modified efficiently. It is a collection of data values, the relationships among them, and the functions or operations that can be applied to the data.

Again, I believe the videos from Devnet's Hank Preston is the best place to start learning about this.

9. Analyze Users' Behaviors

Many Network Engineers are busy everyday firefighting the problems in the network. They are the King of troubleshooting. Sometimes they troubleshoot problems that happen due to manual deployment and provisioning in the network. When we start using automation and controller to do deployment and operation of the network, Network Engineers are not going away. Now they need to do work that is closer to the users. They need to understand more who the users are, what they do in the network, what application they are accessing, how the users behave, and so on. In such a away Network Engineer needs to move to become network analyst, to collect those information and perform the analysis in order to predict any problem in the future and prevent it before it happens. Network Engineer will then provide better user experience to the users.

I don't know if there is any certification to teach you to do this, but recently I took Coursera's From Data to Insights with GCP (even the analysis is not related to networking) and I found it very interesting.

10. Software Engineering Principles

Remember, Network Engineer is not a Software Engineer. However, in order to treat a network as a fleet, using controller and workflow automation, that connects to network device using APIs, it will be really helpful if any Network Engineer understands Software Engineering principles.

Network Engineers produce architectures and designs. Those architecture and designs should incorporate software thinking. How can software implement the architecture at hand? Which primitives do we need, and in which order, to implement and operate the design? You don't need to write code it all yourself; But it helps if you can specify it as a set of requirements to a Software Engineer.

In my opinion, any Network Engineer should at least take CS50 class: Introduction to Computer Science from Harvard. And you should know at least Agile software development framework such as Scrum. You can take this certification if you want.

The top 10 above should prepare you to become the Network Engineer of the Future. Or, as I mentioned it before, you also have a choice to spend more time closer to the business and start becoming Solutions or Enterprise Architect. Architect must translate business requirements into technical specifications, and provide integrated solutions to answer the requirements. You may want to pursue business-related certification (Togaf?) or even an MBA.

And if somehow you have a better chance to develop your skill by building something real, just like those Network Engineers in Mountain View, forget the certifications all together.
Just start building.

by Himawan Nugroho (noreply@blogger.com) at February 16, 2018 05:54 PM

The Networking Nerd

Making Alexa Tech Demos Useful

Technology always marches on. People want to see the latest gadgets doing amazing things, whether it be flying electric cars or telepathic eyeglasses. Our society is obsessed with the Jetsons and the look of the future. That’s why we’re developing so many devices to help us get there. But it’s time for IT to reconsider how they are using one of them for a purpose far from the original idea.

Speaking For The People

By all accounts, the Amazon Echo is a masterful device. It’s a smart speaker that connects to an Amazon service that offers you a wider variety of software programs, called skills, to enhance what you can do with it. I have several of these devices that were either given out as conference attendance gifts or obtained from other giveaways.

I find the Echo speaker a fascinating thing. It’s a good speaker. It can play music through my phone or other Bluetooth-connected devices. But, I don’t really use it for that purpose. Instead, I use the skills to do all kinds of other things. I play Jeopardy! frequently. I listen to news briefings and NPR on a regular basis. I get weather forecasts. My son uses the Echo to check simple fraction math when he’s doing homework. My daughter uses it to time her math facts practice.

It would appear that the power behind an Echo speaker lies not in the hardware, but in the software stack built on it. It’s so powerful that most people don’t even refer to the speaker as an “Echo”, but instead as “Alexa”, the default name used to activate the listening service. People ask Alexa all kinds of things. And Alexa provides answers or ways to get the answers. It’s so popular that modern IT organizations have started to get in on the action.

Alexa, Tell Me A Story

Enterprise IT vendors are starting to show off their programming skills by creating Alexa skills to integrate with their software. Ostensibly, this would be to showcase how the platform has a rich API that allows for a large amount of information to be queried all at once. Users could ask Alexa to give them a readout of what’s going on without having to log into the system at any given time. I’ve personally seen demos that ask Alexa to find out who is using all the network bandwidth, what is the status of the wireless network, and even details on protocols.

However, there is a huge downside to using Alexa for this purpose. Without specifically crafted questions, you get a readout that is like trying to drink from a monotone firehose. Alexa is just like any computer system in that it will dutifully read you whatever input is given to it. That’s fine if you want the kind of detail that you get in your average computer monitoring system. But, if you’re using a smart speaker to cut down on the amount of information you are processing, you probably don’t want the entire text of the system read out to you.

I always fall back on the idea of people trying to make small talk. When you ask someone how their day is going, you typically aren’t looking for a recitation of their entire schedule from start to finish with all the details they can pack in. You’re looking for simple answer – good, okay, or not good. That’s the basic level of information that anyone wants about anything. More specific queries can drill down into other areas, but the initial conversation needs to be easy to parse in one or two sentences.

Another issue with using Alexa for technical demos is how the system parses IP addresses and DNS names. Alexa will dutifully read an IP address to you one digit at a time, including periods between octets. That can be annoying for addresses in the old Class C range with lots of 3-digit numbers. Also, you’d have to write them down to get any kind of coherence about which system was being discussed, which does kind of eliminate the usefulness of getting information from a speaker. With DNS names, Alexa will try to read the name of the system as if it were a real word. That can produce results that range from hilarious to downright unintelligible. It makes trying to understand these briefings much harder.

So, how can this be fixed? The answer is actually quiet easy. Instead of making your Alexa skill read off every possible piece of information with a simple query, have it give a basic readout. Possible answers like:

  • Things look good now
  • There are a couple of trouble spots to look at. Would you like to know more?
  • There are quite a few problems. I suggest logging in to learn more.

Each of these answers gives the user a chance to understand things. A “good” response means everything is good and you don’t need to know more. An “okay” or middle response says there are only a couple of issues that could be summarized here. A “bad” response tells the user that there is too much information to be easily digested in an audio briefing an that they should log into the system to see more. That gives the user the option of getting more compact information in a format that makes sense to them rather than listening to the speaker drone on for 5 minutes about all the errors in the system.


Tom’s Take

Technology is a wonderful thing. Technology used for the proper purpose is even better. The Amazon Echo is a great tool that helps advance our understanding of what people listen to and how they use machine learning and AI to ask questions and get answers. But, ultimately the Echo is a consumer device built around consumer questions. It’s up to enterprise tech vendors to write skills that give us the chance to interact with the speaker, not just get an information dump first thing in the morning. Enterprise tech vendors need to understand that they are what makes Alexa’s briefing useful. Select the information they will receiving and package it in such as way as to make it digestible.

by networkingnerd at February 16, 2018 03:10 PM

My Etherealmind

NetShot · ifconfig.it

Network asset scanning and detection tool. Open source.

by Greg Ferro at February 16, 2018 03:03 PM

ipSpace.net Blog (Ivan Pepelnjak)

[Video] Configure Data Center Devices with PowerShell

PowerShell started as a tool to automate Windows servers. It was picked up by VMware (and others) as a platform on which they built their own solutions (PowerCLI and PowerNSX)… but did you know you can use it to configure data center infrastructure, including NX-OS switches, SAN networks, and Cisco UCS?

In the Configuring Data Center Devices with PowerShell video, Mitja Robas described how to do that, and provided source code for all his examples.

You’ll need at least free ipSpace.net subscription to watch the video.

by Ivan Pepelnjak (noreply@blogger.com) at February 16, 2018 06:58 AM

XKCD Comics

February 15, 2018

Security to the Core | Arbor Networks Security

Musical Chairs Playing Tetris

February 20, 2018: This blog has been amended since it was originally published on February 15, 2018. This version removes the association with the APT group responsible for the Night Dragon campaign that we had incorrectly made. We thank the research team at Palo Alto […]

by Sean Sabo at February 15, 2018 09:23 PM

Internetwork Expert Blog

Don’t miss our online live Spanning-Tree Webinar!

Tune in Tomorrow, February 16, 2018 for a FREE online live Spanning-Tree webinar with Keith Bogart.

<iframe frameborder="0" height="315" src="https://www.youtube.com/embed/ZFzD6iGaRcc" width="560"></iframe>
 

Deciphering Spanning-Tree Technologies
Starts February 16, 2018 at 10:00 AM (PST) 1:00 PM (EST)

Understanding the logic of 802.1d and how it builds a loop-free “tree” is critical to passing any Cisco certification exam. Presented by INE instructor Keith Bogart (CCIE #4923), this session will take you through that logic so that, given any bridged/switched layer-2 network, you can predict what tree will be formed. Ask questions live with an experienced industry expert!

by jdoss at February 15, 2018 05:00 PM

ipSpace.net Blog (Ivan Pepelnjak)

How Self-Sufficient Do You Want to Be?

The first car I got decades ago was a simple mechanical beast – you’d push something, and a cable would make sure something else moved somewhere. I could also fix 80% of the problems, and people who were willing to change spark plugs and similar stuff could get to 90+%.

Today the cars are distributed computer systems that nobody can fix once they get a quirk that is not discoverable with level-1 diagnostic tools.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at February 15, 2018 09:46 AM

February 14, 2018

Internetwork Expert Blog

CCIE Collaboration Blueprint Changes and Collab. 2.0 Video Release Dates: As Explained by Rohit Pardasani

Cisco has announced that the CCIE Collaboration Lab blue print is changing from version 1.0 to version 2.0. The new blueprint goes live on July 23, 2018.
As expected, the lab will not have any physical devices, everything will be virtualized. The phones (8845), being the only physical devices, will be remotely controlled, students will not have them on their desk anymore.
Besides the phones, students will also have remote control of Spark, Jabber and the Cisco Meeting App.

Cisco also announced several new products and solutions, such as the Cisco Expressway Series, Cisco Meeting Server, Cisco Spark Hybrid Services, Cisco Unified Communications Mobile and Remote Access, and Cisco Cloud Services Router (CSR) 1000V. New topics such as APIs have also been added to ensure that CCIE Collaboration certified engineers have the knowledge and skills needed to satisfy dynamic requirements in customers’ collaboration environments today.

The traditional UC products are using version 12 (UCM/IMP/Unity Connection) and 11.6 in the case of CCX. All CCIE Collaboration v2.0 lab exam candidates will be provided a headset for questions that require audio verifications.

The new lab exam curriculum comprises seven domains. The new segmentation into these seven domains improves the logical exam topic structure and ensures alignment to Cisco’s Collaboration products and solutions. So, let’s have a quick look at these seven domains and how cisco has divided these domains into an approximate percentage value of questions that you may expect in the lab.

 

With network programmability having a continually larger slice of Cisco’s focus, it’s no surprise that Cisco’s list of topics added in version 2.0 starts off with Collaboration APIs. Here is Cisco’s list of major additions to their CCIE Collaboration unified topics:

Key topics added in v2.0:
Collaboration APIs
Cisco Expressway dial plan
Cisco Unified Communications Mobile and Remote Access
Cisco Spark Hybrid Services
Single-Sign-On
Ad-hoc and rendezvous conferencing on Cisco Meeting Server

Key topics removed from v1.0:
Digital telephony signaling: BRI/CAS/R2/NFAS
H.323 Registration, Admission, and Status (RAS) and gatekeepers
Cisco Mobile Voice Access (MVA)
Cisco Service Advertisement Framework (SAF) and Call Control Discovery (CCD)
IOS basic automatic call distribution (B-ACD}

So, let’s compare the Hardware and Software between CCIE Collaboration v1.0 and v2.0

 

 

Besides the blueprint change, Cisco also announced a format change in the CCIE Collaboration v2.0 exam. The lab v2.0 exam now consists of three modules:

Module 1: Troubleshooting:
In the Troubleshooting module, you’ll be presented with a series of troubleshooting scenarios to resolve. Your troubleshooting is done entirely on virtualized equipment, and what you do when troubleshooting one trouble ticket doesn’t impact any other trouble ticket. Similarly, these troubleshooting scenarios are performed on virtualized gear separate from what you’ll be working with in the Configuration module.

Module 2: Diagnostic:
During the Diagnostic module, you’ll be diagnosing collaboration issues using documentation only (e.g. e-mail threads, console outputs, trace files, traffic captures, etc.). Using the provided documentation, you’ll attempt to diagnose the root cause of the reported issue. You should also identify where the issue is located on a network diagram. If you successfully diagnose the root cause, you should be able to state the key piece of information that led you to your conclusion. If you were unable to diagnose the root cause, you should be able to state which key piece of information was missing from the provided documentation. The Diagnostic module does not provide actual access to any devices or applications.

Within the Diagnostic module, the items are presented in a format that is similar to the Written exam. It includes:
Multiple-Choice (single answer or multiple answers).
Drag-and-Drop type style.
Point-and-Click on diagrams.

Module 3: Configuration:
As you might guess, it’s in the Configuration module that you’ll be executing a series of inter-related lab tasks on a common collaboration topology. This module is most similar to prior lab versions.
You have to complete these modules in order, and you cannot go back to a previous module. So, you must do the Troubleshooting module first, and after you complete it, you cannot revisit it.
Next, let’s consider how much time you have for each module. The goal is to complete the modules in the following times, which total to 8 hours:
Module 1: 2 hours
Module 2: 1 hour
Module 3: 5 hours
However, let’s say you’re nearing the end of your allotted 2 hours for the Troubleshooting module, and you need more time. You have the option of taking 30 minutes from your Configuration module and adding it onto your Troubleshooting module. That would give you 2.5 hours for Troubleshooting and 4.5 hours for Configuration. Of course, you’ll be forced to make that decision without having seen the Configuration module. As a result, you won’t know if you’re making a wise decision or not.

 
In order to pass the lab exam, the candidate must meet these two conditions:

  • The total sum of all module scores must be at least the minimum value of the overall cut score or higher.
  • The minimum cut score of each individual module must be achieved.

  • Will You Be Impacted?
    If you’re currently preparing for your CCIE Collaboration v1.0 lab exam, the topics you need to know for that exam are still version 1.0 topics until July 23, 2018. If you already have a few months of study under your belt, you might want to accelerate your study efforts to clear the lab prior to the cut-over date. INE has a bootcamp which can help you achieve your CCIE before the blueprint change.

    When will INE be releasing the new CCIE Collaboration Lab Version 2.0 Video’s?
    The good news is that, INE has already chalked down an action plan for the new CCIE Collaboration v2.0 video series. Each of these videos would be technology based, with practical demonstration of the technology.
    Our first plan of action would be, to build a demo pod by mid-March where we could start creating videos for the new topics which cisco has listed in their v2.0 blueprint. Once the new blueprint is active, we would fine-tune our pods for rack rental. We expect all videos to be released to students by mid-August 2018.
    If you have any specific questions, you may email me on rpardasani@ine.com and I would be happy to assist you in achieving your CCIE Collaboration v1.0 or CCIE Collaboration v2.0.

    by jdoss at February 14, 2018 09:11 PM

    My Etherealmind

    Evidence-based Troubleshooting: Observations on Problem-solving from Economic Psychology

    Excellent piece on psychology of being a technology worker. MUST READ. For those of us who work in technology, we pride ourselves in our rationalism. We deal in the territory of binary math, algorithms, and logic. Yet we often fail to step back and see ourselves as mere mortals. We acknowledge some disciplines suffer from […]

    by Greg Ferro at February 14, 2018 03:03 PM

    ipSpace.net Blog (Ivan Pepelnjak)

    ExpertExpress Evolved into a Team of Experts

    Years ago, I decided to try out another idea: solving real-life challenges with the help of an easy-to-consume online consulting service. When I discussed the idea with my friends during one of the early Networking Field Day events the opinion was pretty unanimous: “this will never work”

    Fortunately, they were wrong. Not only did ~100 customers decided to use it in the meantime, the simple idea grew to a point where I couldn’t do it all on my own.

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 14, 2018 09:07 AM

    Networking Now (Juniper Blog)

    New Gootkit Banking Trojan variant pushes the limits on evasive behavior

     

    On January 19, 2018, Juniper Threat Labs detected a Gootkit banking trojan at one of our customers sites. The file was hosted on a compromised golfing site, namely “carolinalakesgc[.]com”.  This malware uses some unique anti-analysis and anti-sandboxing tricks. It also employs a new persistence method taking advantage of the Pending GPO feature. The malware spawns a suspended mstsc.exe (Remote Desktop Process) and injects itself into it. Before installing itself into the system, it performs several checks related to sandboxes and tools associated with malware analysis.

     

     

    by paulkimayong at February 14, 2018 02:02 AM

    XKCD Comics

    February 13, 2018

    Internetwork Expert Blog

    We’ve added a new GIT Fundamentals course to our library!

    Log into your members account, or check out ine.com to view our latest addition to the INE video course library, GIT Fundamentals.

    <iframe frameborder="0" height="315" src="https://www.youtube.com/embed/oWYWCzVxlsw" width="560"></iframe>
     

    Why Study GIT Fundamentals:
    GIT Version Control Systems are popular among many organizations, you should learn the basics now so that when faced with a GIT based project you’re able to contribute to your team quickly and efficiently.

    About the Course:
    This course is 3 hours and 27 minutes long and taught by Eric Parker. This is an introductory course, meant to familiarize students with the core GIT system concepts.

    What You’ll Learn:

    At the end of the course, students will be able to modify and commit data to both local and remote GIT repositories. Upon the completion of the course, you will be ready to start contributing to GIT based projects of your choice.

    About the Instructor:

    Eric Parker is a native Texan and a graduate of Texas A&M University and is more than happy to tell you all about it! He has spent the last 12+ years building software solutions in the Raleigh, NC area and has architected JAVA, .NET and JavaScript based software projects in both mid-size and enterprise level companies. He currently leads the infrastructure engineering team for a leading professional AV manufacture. The team focuses on DevOps, Continuous Integration and Infrastructure Automation for both on-premise and cloud-based solutions.

    Before teaching himself how to create .NET web apps, Eric spent 15 years in the construction industry. He still enjoys woodworking and has built a large majority of the furniture in his home. When not spending time with his wife of 20+ years and his 3 boys, you will find Eric outside hunting, fishing and loving every type of outdoor activity.

    by jdoss at February 13, 2018 08:54 PM

    Networking Now (Juniper Blog)

    Underground Malware Marketplaces

    On message boards and dark web marketplaces, vendors offer everything from custom malware to on-demand distributed-denial-of-service (DDoS) attacks. Hidden tools to track someone’s every online move or access to their Instagram account? Weaponized exploits for extortion and espionage? The computing power of thousands of hacked “zombie” computers? It’s all available for the right price. In this article we’ll take a walk through the cybercrime black market to see what’s for sale.

    by AsherLangton at February 13, 2018 08:19 PM

    ipSpace.net Blog (Ivan Pepelnjak)

    EVPN Is More than VPLS on Steroids

    Tiziano Tofoni wrote a lengthy comment on my EVPN in small data center fabrics blog post continuing the excellent discussion we started over a beer last October. Today I’ll address the first part:

    I think that EVPN is an excellent standard for those who love Layer 2 (L2) services, we may say that it is an evolution of the implementation of the VPLS service, which addresses some limits in the original standard (RFCs 4761 and 4762).

    I might be missing something, but in my opinion there’s no similarity between EVPN and VPLS (apart from the fact that they’re trying to solve the same problem).

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 13, 2018 09:34 AM

    February 12, 2018

    Network Design and Architecture

    4 people passed CCDE Lab with my CCDE training recently

    I realised just now that I didn’t share the names of the people who used my CCDE resources and got their CCDE numbers recently.   I know all of them, their capabilities, technical strength. I am happy to see that they are CCDE now.   Congrats to Ken Young , Jaroslaw Dobkowski , Malcolm Booden […]

    The post 4 people passed CCDE Lab with my CCDE training recently appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

    by Orhan Ergun at February 12, 2018 05:49 PM

    Make before break and Break before make

    Make before break and break before make. I shared many posts so far which was covering the terms used in different field of networking. This one is one of them. Also I will introduce, probably to many of you, a new terminology ‘ Break before make ‘    If you are from the IP/MPLS background […]

    The post Make before break and Break before make appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

    by Orhan Ergun at February 12, 2018 05:32 PM

    My Etherealmind

    Why hiring the ‘best’ people produces the least creative results — Quartz

    The complexity of modern problems often precludes any one person from fully understanding them. Factors contributing to rising obesity levels, for example, include transportation systems and infrastructure, media, convenience foods, changing social norms, human biology and psychological factors. Designing an aircraft carrier, to take another example, requires knowledge of nuclear engineering, naval architecture, metallurgy, hydrodynamics, […]

    by Greg Ferro at February 12, 2018 04:20 PM

    ipSpace.net Blog (Ivan Pepelnjak)

    Automation Win: MPLS/VPN Service Deployment

    I always encourage the students attending the Building Network Automation Solutions online course to create solutions for problems they’re facing in their networks instead of wasting time with vanilla hands-on assignments.

    Francois Herbet took the advice literally and decided to create a solution that would configure PE-routers and create full-blown device configurations for CE-routers.

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 12, 2018 09:30 AM

    XKCD Comics

    February 10, 2018

    ipSpace.net Blog (Ivan Pepelnjak)

    Worth Reading: Networking Really Runs on Rainbows

    From the fantastic Lines, Radios and Cables (a MUST READ if you’re even remotely interested in this thing called latency):

    When we put different colours of light, or wavelengths, onto a single fibre, we call it Wave Division Multiplexing (WDM) which is a complicated way of saying a pretty rainbow […] International trading is powered by rainbows, literally.

    by Ivan Pepelnjak (noreply@blogger.com) at February 10, 2018 09:22 AM

    February 09, 2018

    The Networking Nerd

    The Winds of Change From January

    Some quick thoughts on networking from my last couple of weeks at Networking Field Day 17 and Tech Field Day Extra at Cisco Live Europe:

    • Cisco is in the middle of turning a big ship away from hardware. All their innovation is coming in the software side of the house. Big announcements around network assurance. It’s not enough any more to do the things. Now you need to prove they were done and show your work. Context and Intent only work if you can quantitatively show that they were applied.
    • Containers are still a thing. Cisco has a new container platform. I also had the chance to chat with a startup called AppOrbit that’s doing some interesting things around containers but including storage and networking. They should be primed for some announcements soon, so stayed tuned for that!
    • Automation is cool again. Well, maybe it never stopped being cool. But thanks to Extreme Networks and Juniper people are really hopping on the train to talk more about removing the limitations of the CLI and doing it with tools like Slack. Check out Lindsay Hill and Matt Oswalt showing this off to people in some finely crafted demos.
    • 2018 is the year that the CLI dies. Sure, we’ll go with that. Between Slack and Github and even Cisco’s push to drive ACI through literally everything we’re going to see more and more people configuring networks with a mouse instead of a keyboard. Which is a bit crazy when you think about it, but it’s not so far fetched as you might think compared to the way people are configuring AWS right now. I dare you to find the CLI for AWS’s switches in your control panel.
    • Lastly, change is inevitable. People reading through the above items may say to themselves that their job is going to away. They may worry that they’re going to be an old fuddy duddy before they know it. If you never want to change, that’s fine. As Truman Boyes said this week: https://twitter.com/trumanboyes/status/961785937993846789 But if you want to really succeed and move along, you can’t be afraid to change. You need to pick up new skills and learn new things. Oceans and rivers don’t erode mountains because they are there. They wear them down because they are incapable of moving and changing. Change is thrust upon them.

    Tom’s Take

    Go out and make a change this week. Do something different. Use a different treadmill for your workout. Visit a store you’ve never seen before. Place yourself in a different situation and see how you respond to it. Then come back to your desk and look at your work. Look at containers and automation with new eyes. I bet it will look a lot less scary and lot more fun to you. Don’t be afraid of change. Embrace it and grow.

     

    by networkingnerd at February 09, 2018 05:18 PM

    ipSpace.net Blog (Ivan Pepelnjak)

    Video: What Is PowerNSX?

    One of the beauties of VMware NSX is that it’s fully API-based – you can automate any aspect of it by writing a script (or using any of the network automation tools) that executes a series of well-defined (and well-documented) API calls.

    To make that task even easier, VMware released PowerNSX, an open-source library of PowerShell commandlets that abstract the internal details of NSX API and give you an easy-to-use interface (assuming you use PowerShell as your automation tool).

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 09, 2018 08:17 AM

    XKCD Comics

    February 08, 2018

    Internetwork Expert Blog

    Don’t Forget! Tune Into Our CCNA/CCNP Q&A: February 2018

    Presented by INE instructor Keith Bogart (CCIE #4923), this free 60 minute session is an open forum for anyone seeking information regarding the Cisco CCNA or CCNP Routing & Switching exam and related technologies. Ask questions live with an experienced industry expert!

    <iframe frameborder="0" height="315" src="https://www.youtube.com/embed/Vm0X345PEPs" width="560"></iframe>
     

    When: February 9th at 10 am (PST)/1 pm (EST)

    Who Should Watch: Anyone with questions about earning their associate or professional level Cisco certification

    Instructor: Keith Bogart CCIE #4923

    by jdoss at February 08, 2018 07:34 PM

    My Etherealmind

    Computer latency: 1977-2017

    Hard data testing of keyboard to screen response time

    by Greg Ferro at February 08, 2018 05:23 PM

    ipSpace.net Blog (Ivan Pepelnjak)

    Want to Learn More about Docker and Containers?

    One of my readers wanted to know more about containers and wondered how ipSpace.net materials could help him. Here’s a short step-by-step guide:

    I published this blog post to help ipSpace.net subscribers navigate through Docker- and containers-related material. You might want to skip it if you’re not one of them.

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 08, 2018 08:41 AM

    February 07, 2018

    ipSpace.net Blog (Ivan Pepelnjak)

    Machine Learning and Network Traffic Management

    A while ago Russ White (answering a reader question) mentioned some areas where we might find machine learning useful in networking:

    If we are talking about the overlay, or traffic engineering, or even quality of service, I think we will see a rising trend towards using machine learning in network environments to help solve those problems. I am not convinced machine learning can solve these problems, in the sense of leaving humans out of the loop, but humans could set the parameters up, let the neural network learn the flows, and then let the machine adjust things over time. I tend to think this kind of work will be pretty narrow for a long time to come.

    Guess what: as fancy as it sounds, we don’t need machine learning to solve those problems.

    Read more ...

    by Ivan Pepelnjak (noreply@blogger.com) at February 07, 2018 07:43 PM

    My Etherealmind
    Internetwork Expert Blog

    Check Out Our Newest Course: CCNA Cyber Ops Technology: SECFND 210-250

    Last week we added a new CCNA Cyber Ops Course. This course is available to AAP members through your members and to everyone else through ine.com

    <iframe frameborder="0" height="315" src="https://www.youtube.com/embed/mET3mPmXAcY" width="560"></iframe>
     

    Why You Should Watch:
    Cisco’s CCNA Cyber Ops certification provides individuals with the knowledge to identify and respond to security incidents. This certification provides a path to working in a Security Operations Center (SOC) and security positions. As a CCNA level certification, Cyber Ops provides introductory knowledge so one may be aware of the security landscape, understand security concepts and general networking.

    About the Course:
    This course will cover the exam topics of the Understanding Cisco Cybersecurity Fundamentals (SECFND 210-250) Exam.This course is taught by Andrew Crouthamel and is 7 hours and 32 minutes long.

    What You’ll Learn:
    We will dive into topics such as networking concepts and IP addressing, as well as security concepts including access control models, risk assessment and the CIA triad. We will also review cryptography methods and host-based analysis details, as well as security monitoring tools and attack methods used by threat actors.

    About the Author:
    Andrew is a seasoned IT engineer with over 12 years of experience. He started out in IT as an assistant computer technician, blowing dust out of computers for a school district, moving up through the ranks to systems administrator, network engineer, and IT Manager. He currently works for an international satellite communications company, ensuring LAN and WAN connectivity for a large network of ground stations and customers such as NASA, ESA, JAXA, Boeing, The U.S. Air Force, and more. Andrew holds numerous Cisco and CompTIA certifications, and is a part-time Cisco Instructor.

    Andrew’s hobbies outside of technology include many outdoor activities, such as hiking and canoeing. He is currently learning woodworking and is working on a 17′ cedar wood-strip canoe in his garage, much to his wife’s dismay. He lives in Pennsylvania, where his family has been for generations, dating back to 1754. Andrew lives with his wife, young daughter and too many pets

    by jdoss at February 07, 2018 05:18 PM

    My Etherealmind
    ipSpace.net Blog (Ivan Pepelnjak)

    Automation Win: Cleanup Checkpoint Configuration

    Gabriel Sulbaran decided to tackle a pretty challenging problem after watching my Ansible for Networking Engineers webinar: configuring older Checkpoint firewalls.

    I had no idea what Ansible was when I started your webinar, and now I already did a really simple but helpful playbook to automate changing the timezone and adding and deleting admin users in a Checkpoint firewall using the command and raw modules. Had to use those modules because there are no official Checkpoint module for the version I'm working on (R77.30).

    Did you automate something in your network? Let me know!

    by Ivan Pepelnjak (noreply@blogger.com) at February 07, 2018 07:37 AM