Networking

Unpatchable?

Quite often cable management is something that starts well when a new IDF is deployed and then gets messier over time. Cable p0rn channel on reddit shows plenty of example of how cabling should look like. I usually don’t do cabling and I’m not good at it either so I’ll not post my home lab setup ;-) Unpatchable? The real problem with poor cable management arises when a new box must be connected and all switch ports are already patched.

Moving Complexity

I read a lot of discussions about complexity in networking and IT today that include a large amount of FUD. Topics range from “we’ll all lose our jobs because abstraction” to “you can’t fix complexity” to “welcome robot overlords” ;-) Complexity is something that may be easy to move, even easier and to increment, hard to remove. For a clear definition of complexity read Navigating Network Complexity by Jeff Tantsura and Russ White.

White boxes for everyone?

White boxes and their impact on enterprise networking is a hot topic today, with many point of views. The last update from Dave Temkin, VP of Network Architecture ad Netflix, put more gasoline on the flames: Super proud of my team - today they removed the last "big expensive router" from our network; no more Cisco ASR or Juniper MX. Inexpensive commodity switches run the entire Netflix Open Connect CDN!

Cisco ASA show connections ordered

When a customer calls with a problem or request I often see a chance to investigate a technology, learn something new or apply random skills to find a creative solution. This time is about an ASA, customer noticed too much traffic on the Internet facing interface. Syslog, Netflow, bandwidth monitoring and any other useful tools are totally missing, only the old good CLI to help. The MVP We can get a list of all active connections from ASA with

Innovation sirens singing

In episode 13 of the Network Collective podcast around minute 26 Jordan Martin asks: Aren’t we all just following a trend? The discussion topic is how to mentor juniors in a learning path to grow their skills and be experts eventually. The question can be translated as: Are we creating fake (IT) news/trends or is it just (excessive) nerd enthusiasm? Bloggers, events, news Tech professional read every day about some new technologies promising to change the way we work, live and play.

Network Automation seminar with Ivan Pepelnjiak

This week I’ve attended the Network Automation Seminar organized by Reiss Romoli. The speaker was the great Ivan Pepelnjiak! I was happy to meet Ivan again after NFD16. At the event I joined old and new friends: Andrea, Nicola, Paolo and Tiziano. Are these networkers or programmers? ;) @ioshints @adainese @nmodena @ReissRomoli @Paolo_Lucente #networking pic.twitter.com/RwjX6h2Mng — Gian Paolo (@gp_ifconfig) October 19, 2017 Content is king In two days Ivan presented tools, solutions, concepts and a lot of use cases of network automation.

NFD16 day two - Apstra

Day two of NFD16 started with Apstra and their intent-based networking system. Intent concept is not as broad as SDN but still vendors have different views of this meaning. According to Apstra an intent is “the definition of the expected outcome”. The sum of the intents of a network is the source of truth. Read Sasha Ratkovic blog post about the definition of Intent Based Networking. The checklist he suggest can be very useful to compare different solutions and spot intent washing strategies.

NFD16 day one - Arista

Second part of Tech Field Day NFD16 day 1 continues with Arista. Getting ready for @AristaNetworks #NFD16 pic.twitter.com/SCWXVGsR2l — Gian Paolo (@gp_ifconfig) September 13, 2017 Arista’s presentation included 400G (hist: it’s fast!), EOS programmability, Network Automation and Telemetry, Routing Architecture Transformations. All video recording are in the youtube channel of TechFielDay. EOS Programmability Ken Duda (Founder, CTO, and Senior VP of Software Engineering) did a great session about EOS programmability explaining the reason of some technical choices and the available options.

NFD16 day one - Veriflow

First day at Tech Field Day NFD16, I’m quite excited to be here among fellow network engineers to share our views on products and technologies. I’m planning to post my takeaways for each vendor with variable lengths based on my knowledge and interest of the specific product. Today’s first presenter is Veriflow. Let’s see what Continuous Network Verification is and how it can help to make networks more robust and secure.

AirPiConsole part two

Welcome back to AirPiConsole blog post, this is part two. If you read part one and followed the configuration steps you should now have a fully working Raspberry Pi Zero W connected to your WiFi network. You should also be able to connect via Bluetooth to get a console connection without knowing the IP address of the Raspi. Now it’s time to move on and start to actually connect to the serial ports.

AirPiConsole part one

As a network engineer I spend a lot of time with my laptop connected via serial cable to various devices. Physical serial connection is needed for initial device setup and sometimes per customer’s security policy I can’t access the network, so I can only use out-of-band management. I also configure many devices at staging lab that I call the “Theory room” because you know, in theory everything works ;-)

NFD16 delegate

I’m happy to announce I’ll join a great team of professionals for 3 days of pure networking awesomeness in Silicon Valley: Great news: I'm a #NFD16 delegate! https://t.co/WuziopJtKc Can't wait to join such a great team of professionals! — Gian Paolo (@gp_ifconfig) August 11, 2017 NFD16 is part of Tech Field Day events where vendors and professionals meet to share and discuss about the IT world, products, trends and future.

HP Procurve to Cisco switchport migration with Python and Netmiko

Summertime usually means a busy period for Network Engineers, customers are on holidays and we have the opportunity to performs all the changes that impact network connectivity. For me this usually means core switch replacement. Today I was moving a configuration from an HP8200 to a Cisco 4500, taking care of all the details of ports, trunks, vlans. From this: to this: When a task is manual, boring, repetitive and error-prone my automation skills came to help.

Networkcareer.net interview

My interview was published today on Networkcareer.net, the latest project from Daniel Dib and Kim Pedersen. It’s available online HERE.

Ansible and IOS quick start

Ansible has been around for I while but I didn’t had a chance to play with it so far. Now the time has come: I manage enough IOS devices with homogeneous configurations in multiple sites without Cisco Prime. Any change is a pain, it’s time to automate all the things! My environment I run Ansible inside Bash on Windows, I don’t see any issue or difference than running in an actual Linux box or docker/vagrant/whatever and it permits a better integration with the tools I already use.

Meraki Masters

Last week I had the opportunity to attend a “Cisco Meraki Masters” session at Meraki HQ in San Francisco. Meraki Masters is a program that sits on top of CMNA to give partners a deeper view of the Meraki product line, vision and roadmap. Merakify a.k.a. “Don’t spend your time doing work a well-trained monkey could do.” Meraki has a strong focus on the “merakification” of the products. Merakification means that all the repetitive tasks a network administrator performs almost on daily basis are now included in the Meraki Dashboard.

Docker networking bridge to host NIC

This post is part of a series about Docker, including: Docker Introduction Docker: Install software inside a container Docker Volumes Today we’ll see Docker networking with a very specific target in mind: bridge container to the host network. This isn’t supposed to be the way of work of containers: a container should be created to run a single application so container networking, from the point of view of a Network Engineer, is essentialy a Port Address Translation with a firewall exception.

Ethernet Economiser aka RJ45 splitter

Just a quick post since I speak with many network engineers and I notice some confusion about this topic. Are all 4 pairs of an Cat5e cable used? The answer is.. it depends. For gigabit speed 1000T all four pairs are used. If 100TX speed is enough we can of course split the cable and double the connections without pulling more cables: In my specific case I’ve used a single cable drop in the garage to connect a humidity/temperature to a 1wire bus sensor while allowing a future connection of an Ethernet device.

CWNA

Last week I passed PW0-105 exam and obtained the CWNA certification: I work with wireless network since 2005, I began installing some SoHo APs and in the last few years I designed and deployed many bigger networks, some of which are challenging high density environments. I read manyCisco documents about wifi design and in this year’s Cisco Live I attended many session related to wifi. After passing CCNA-W I didn’t felt confident enough, I know how to design, install and troubleshoot a wireless network but I wanted to have a deeper knowledge of the technologies involved ant how the protocols work.

PVST and non Cisco switches interoperability

This week I’m attending an HP training in Milan The course topics aren’t as challenging as I’ve expected but I had the opportunity to test focus on some interoperability problems that may occur in mixed environments, especially with Cisco and non-Cisco devices, like PVST. For this post we use 2 switches, a Cisco and a non Cisco (HP in this case), the topology is simple: CISCO port g1/0/3 --> HP port 13 On the Cisco switch we enable PVST:

NtRadPing - a free Radius test utility

Quite often when a network configuration includes authentication or 802.1x on network devices Radius is the protocol of choice. NtRadPing is a free utility to test a Radius server. The usage is simple: insert the IP address of the radius server, the secret, user name and password of the user to test. Remember to add the IP of the PC as NAS on the Radius server to allow request to be processed and answered.

HP Fast Track

HP allows Cisco certified people to achieve it’s MASE/ASE certs using Fast Track: While HP certifications aren’t as popular as Cisco’s they can be a way to learn a different platform and increase career opportunities. The official cert guide is available on Amazon.

The 10 Networking Commandments

Thou shalt above all, maintain the integrity of the network. Thou shalt have a long term strategic direction. Thou shalt always opt for quality before expediency. Thou shalt meet the requirements, exceed the expectations and anticipate the needs of users. Thou shalt benefit from a successful implementation by careful project planning. Thou shalt provide reliability, availability and serviceability. Thou shalt maintain detailed, timely and accurate documentation. Thou shalt commit to continuous training.