Two factor authentication (2FA) is the way to go for authenticated access for anything than is more than a lab.
I use an Yubikey to protect my personal accounts and the password manager1 I use to maintain unique password for each service.
When it comes to use PKI on multiple machines a common problem is where to store and how to protect the access to the private key.
I read about people saving the key in a private Git, some use sync tools like Dropbox or GDrive.
During Cisco Live this year I had a chance to stop by IP Fabric booth and exchange a quick chat about their product and the problem they’re trying to solve.
After the event I had the opportunity to run a trial to better understand the product and the features if offers.
What struck me was that the product solves problems that over the years I have tried to mitigate through scripts or the use of other software that have shown many limits.
On May 10th I had a chance to attend again ITNOG in Bologna.
Even if ITNOG seems to be an event with focus on ISP I find it very educative for anyone working in the enterprise market.
The boundaries between enterprise and ISP network are a common ground for negotiation about connections, routing, security, SLA. Sun Tzu advice it is a good strategy to know your enemy, I see no enemies on the other side of the CPE but the idea remains valid.
Network documentation and monitoring are topics that never lose interest to me.
Over the years I worked with many products, Nedi, Observium, Librenms,, NetBox, Icinga, NetShot, Smokeping to name a few.
Each product has its strengths and weaknesses that in some cases are nothing more than the aspects on which the manufacturer has decided to concentrate development more.
NetShot has compliance tests easy to write and verify, Smokeping is easy to setup and focused on monitor network and services latency.
I really enjoy discussing network design and deploy details with colleagues, customers and fellow network engineer.
I find these discussions challenging, stimulating. An open, sincere and collaborative discussion gives a chance to better understand the real needs, fears, doubts of other professionals and to validate knowledge, expose gaps and most of all I learn a lot.
This is still valid when discussing Data Center design or simpler topics like how to cable switch stacks.
I’m pleased to announce that my blog has been selected as a finalist in the Most Entertaining category of the IT Blog Awards, hosted by Cisco
This blog is a project that I have been carrying out for years in the (little) free time between a demanding job, the study and the family.
I think it is important to dedicate time to the blog because it has allowed me to meet many awesome people, actively participate in the community and make my contribution to the ecosystem that has helped me at the beginning of my career.
I’ve been working on a data center migration from regular switches to a Cisco ACI fabric in the last couple of months. I can’t say that’s enough to be defined as an ACI expert but I’ll share here what I learned from the experience.
The project started with a Network Centric approach for an one-to-one migration from the previous network. After the migration new VRFs are being created in App Centric mode with contracts.
Recertification is part of the life of all active CCIEs. The process used to be an option between passing a CCIE written exam, passing a lab or getting Emeritus after 10 years, losing all CCIE privileges.
Beginning June 2017 Cisco introduced the Continuing Education Program as a new way to recertify expert level certifications.
The CE program allows to collect credits when attending eligible Cisco events or training. With 100 credits you earn the recertification.
Network changes Every time I manage a change to a customer network I have a chance to taste the many shades of possible IT Operations maturity levels.
I collected some best practices over the years about how to reduce risk and speed-up the change and testing process. I’ll share some in this post.
Improvements and suggestions are welcome in the comments of the post or on my Twitter account.
Scenario As most IT professionals I usually configure network devices in a lab environment before the actual installation at customer site.
I try to limit the installation as much as possible to a simple box moving process, spending most of the change window in a previously defined validation process.
In this particular case I deal with a data center core network that includes 8 Nexus 9k switches configured in 4 VPC pairs and a bunch of links between them.