Interesting Links for Thursday, May 17, 2012

May 17, 2012 By Leave a Comment

Here are a few links I came across today that sparked some sort of interest in me. I’m sharing them with you and hope you find them useful.

How to get all of your crap into OmniFocus … Great post on how to get stuff into OmniFocus. I’m a GTD fan that fell off the wagon. I’m back on and getting way more done then ever! Omnifocus + the GTD method really works for me. You may like it as well.

Network Complexity Bites Back … Russ White shares some insights over on the Packet Pushers blog. I had the pleasure of interviewing Russ back when I was doing the GLobalconfig.net Interview Podcast. Great Guy!

2012 Free Presentations … If you missed Interop you can get the free presentations here!

Got a link or a site you want me to look at? Why not add it to the comments below so other readers can check it out?

Filed Under: Uncategorized Tagged With: , ,

Cisco IOS Advantage Webinars

May 17, 2012 By Leave a Comment

Golden Nugget

I wanted to share this little nugget of information that I came across today. I guess I missed these because they have been running from some time now, but Cisco puts on a monthly webinar called the Cisco IOS Advantage Webinars. They are technical webinars related to IOS and they are delivered by engineers. You can go back and see the past sessions and watch the ones you are interested in. Some past Topics include LISP, IPv6 Deployment, Simplifying Data Center Interconnects with Overlay Transport Virtualization, and EEM. There are a few upcoming sessions you can register for and I’m assuming they will keep the topics coming.

Image Credit: Crystal Martel (Flikr CC)

Filed Under: Cisco, Tips Tagged With: , , , ,

Using Blogsy to Blog on the Run.

April 28, 2012 By Leave a Comment

One of the issues I deal with when it comes to consistent blogging is that I find myself strapped for time. I am more mobile than anything these days and because of that I have a hard time pulling out the laptop and blogging. So recently I’ve started using blogsy when I’m mobile and it’s working out well. What I like about blogsy is that I can create a brand new post entirely from scratch, just like this one, or I can open up an existing post that’s sitting as a draft on my WordPress server. Here is a short video that shows what it looks like. I came across this by watching an iPad today video with Leo Laporte and have no ties to blogsy.

 

This may not fit everyone’s workflow, but it’s working well with mine.

Filed Under: ipad, Software Tagged With: , , , , ,

Understanding Switch Fabrics Part 2

April 19, 2012 By 2 Comments

In the last post of this series we introduced how Brocades Ethernet fabrics function from a high level and we discussed the need for it. I promised that in this post we would begin to discuss how the Brocade VDX switch works in it’s two operational modes, Classic Mode and VCS mode. We will not be spending much time on the Classic Mode, mainly because most already understand this mode. In Classic mode you operate as a standard ethernet switch. This means things like Layer 2 forwarding, MAC learning, STP and so on are in the mix. Since we want to get away from that mix lets focus on VCS mode.

VCS mode has many of the capabilities of a Classic Switch but there are some additions. These additions include Transpared LAN Service, vLAGs, Distributed Config Management, and End-to-End FCoE. We will discuss these features as we make our way through. For now, recall that in the Part 1 post we talked about how a cluster is formed and we had edge ports that connect to non-VCS mode switches and internally we have Fabric ports negotiated between switches that operate in VCS mode. All of the fabric ports were transparent to those on the outside of the cluster. The determining factor on whether a switch operates in VCS mode is a setting that is user controlled. If a switch comes up with the VCS mode set to OFF it assumes the Classic Switch mode and all the ports would be defaulted to a shutdown state.

If the a switch is configured with VCS mode enabled when it powers up then all the ports transition from shutdown state and start operating as edge ports. Next, the Brocade Proprietary protocol called FLDP, or Fabric Link Discovery Protocol, discovers other switches that are operating in VCS mode and if the neighbor is a Brocade VDX switch. An illustration of this is seen in the image below.

FLDP

If the neighbor is not a VDX switch the port will become an edge port. If the neighbor is a VDX Switch we then want to know if its operating in VCS mode. If it is operating in VCS mode the VCS ID must match. Each VCS fabric is identified by a VCS ID which defaults to 0. Assuming that the neighboring VDX switch has the same VCS ID the port transitions to a fabric port and an ISL is established.

Brief Mention of TRILL

Trill is used within the Fabric (with some proprietary Brocade functions) and every switch assumes itself to be a principle RBridge. The RBridge ID’s must be unique and the principle Rbridge determines if this is happening. If there is a conflict then the principle switch keeps the joining switch with a duplicate RBridge ID segmented. At this point the RBridge ID on one of the conflicting switches needs to be changed and if the ID is changed the switch needs to be rebooted for it to take effect.

Control Plane VLANs

There are two control plane VLANS used for control traffic. There is an Edge Control VLAN (4095) and a Fabric Control VLAN (4093). These are both created upon boot up of the switch. The edge control VLAN is what tunnels control frames between two edge ports across the fabric. Recall in the last post we mentioned that BPDU’s were transparently passed across the fabric. The Edge Control VLAN is where that happens. Control traffic on the Fabric Control VLAN is never sent out of edge ports and is used for internal VCS control frames.

Now that we have a basic understanding of how VCS-enabled switches establish a Fabric we will close this post out. In the next VCS post we will discuss Layer 2 forwarding.

Filed Under: Brocade, Data Center, Ethernet Tagged With: , , , , , , , ,

Solarwinds NPM and Netflow Monitor FTW

April 16, 2012 By 2 Comments

I’ve had the opportunity to work with Solarwinds Orion again and every time I look at it I am amazed at the visibility I have, and sometimes overwhelmed by it. However, the more I dig into it the easier it gets to understand what it’s showing me. For example, in the screenshot below I am looking at the Netflow Conversations summary. I’ve noticed here that over half of my data is is one type of conversation.

Sw2

By expanding the conversation I can see the interfaces that see the conversation and I now know that its between the sub-interfaces g0/0.11 and g0/0.10. In this case .11 is my voice vlan and .10 is my data. To me this is interesting because there shouldn’t be much carry over of data between the two interfaces.

Sw3

Selecting the conversation takes me to a more detailed view of just this conversation and I’ve expanded it out again.

Sw4

Clicking on the interface takes me to the conversation.

Sw5

I’m beginning to notice that this conversation is frequent and on udp port 514. I could filter even more using the flow navigator as seen below. In this case there isn’t much I need to do with it.

Sw6

Now that I know this is UDP traffic on port 514 you can start to paint the picture. UDP port 514 is syslog traffic. It is interesting how it called this traffic “cmd like exec” in the Orion system, but I know what it is. Logging into my router and looking at the interfaces shows one of the addresses in question.

Sw9

And sure enough, when I look at the config, someone has set up a syslog server that my router is now sending information to.

Sw10

Pinging from the router fails.
Sw12

And Pinging from my workstation fails as well.

Sw11

At this point I’m ready to remove the syslog configuration because I know it doesn’t exist, its not even a server on my server segment, and I didn’t put it in the config in the first place. By removing the config and ceasing to send syslog information to a non-existent syslog server Ill cut down the traffic on my network and clean up my netflow display in Orion.

Now if I had some way to manage my configurations that would be great. The good news is that Solarwinds has a product. The bad news is that I don’t have it installed on my server. Guess Ill have to get that going pretty soon here. In the mean time Ill keep cleaning up my network management and using Orion to spot anomalies in my network.

Filed Under: Network Management and Monitoring Tagged With: , , ,

Using the iPad vSphere Client- Not A Full Feature Client.

April 5, 2012 By 1 Comment

Using the vSphere client on the iPad has been pretty fun to mess with. In my lab network I have a number of I7 servers that have ESXi on them and a hand full of VM’s. In total I have 10 ESXi machines and jumping between them has been a total pain. So, I grabbed the trial of vCenter and installed it on another box. Additionaly another VM, called a vCMA server,  is required to connect the iPad app to the vCenter server. Once that was done I was in business. I thought this would make it made it a lot easier to manage the 10 ESXi machines in my lab without the need to be on a windows machine with the full vSphere client application.  I still can’t believe there is no Mac OSx-based vSphere client.

 

Usability

As you can see from the screenshot in the previous section, I can now log into vCenter using the vSphere client for iPad and see all if my servers in one place. If I were to access one of my servers, you would see all the VM’s on that server as in the image below.

 

I the above image you can see the IP of the server, memory, CPU utilization, and so on. Selecting the tools option on the bottom you get a menu for testing with ping and traceroute. Aside from that the tools are not very useful, other than the fact that you can verify connectivity from your current location, rather than from your vCenter server. As for manipulation of the VM themselves there is a small menu that gives a few options such as suspending and so forth.

 

My Take

Over all the tools are very basic, and I’m not convinced that this is anything more than a pretty window that you can shout through to get a few minor tasks done. I may be wrong, but with what I can see that’s about it. There’s more usability with iTap RDP accessing a box at work with the full blown vSphere client on it. Still, it looks sexy right?

 

Filed Under: Data Center, Product Review, Software, VMware Tagged With: , , , , ,

Understanding Switch Fabrics Part 1

April 5, 2012 By 8 Comments

To begin understanding Ethernet Fabrics, as seen through the eyes of Brocade, it’s important to know about classic ethernet switches, how they have traditionally been provisioned, and why the way we have done this in the past isn’t really the best way to do things.
Let’s begin with figure 1 where we see a classic ethernet switch topology. In the topology let’s assume that we have traffic flowing between Switch A and Switch E. What we know about traditional technology is that for Layer 2 we cannot have a loop. Why? Because loops are bad. Why are they bad? Because of the design of ethernet. So, with that in mind, we are to understand that we have a loop between B, C, and D, and that somehow that loop will be blocked. How so? Spanning Tree Protocol. It doesn’t matter if its Rapid, Multiple, or any other flavor. The fact is that it’s going to be running and it’s going to remove the loop.

Fabric1 1

So now looking at figure 2 we can see the topology now that spanning tree has done its thing.

Fabric2

What’s the big deal?

Why doesn’t this work well in todays networks? Because the convergence time when STP flips links takes too long and you wind up losing packets, and because you’re wasting a perfectly good link.

So how does an Ethernet Fabric work and why does it solve my problems?

At a high level, an Ethernet fabric provides a more flexible interconnected network between individual switches. We’ll just call this a Fabric. Switches that form a fabric create something called a virtual cluster which consists of physical switches. This is seen in figure 3, where switches B, C, and D have formed a virtual cluster, or fabric. You can now see how the classic ethernet switches, A and E, are sitting outside of the virtual cluster, connected to the cluster by an edge port, and the Inter-Switch Links of the cluster are now called Fabric Ports.

Fabric3

Fabric Ports are transparent to the classic ethernet switches which are connected to edge ports. The fabric and fabric ports appear as just a single switch to external classic ethernet switches. This is reminisce of how MST domains are seen to CST if you’re paying attention. A key difference however, is that we are no longer running STP in the Virtual Cluster.

So what about the classic ethernet switches that are still running STP? Now, BPDU’s used by the classic ethernet switches, are transported transparently through the Fabric. Understanding these basic concepts bring us to the point where we need to begin looking at how a switch operates and how a cluster is formed. In the next post we’ll take a look at the Brocade VDX switch and it’s two operational modes, Classic Mode and VCS mode.

Filed Under: Brocade, Data Center, Ethernet Tagged With: , , , , , , , ,

ASA CX Looks Good With No Java and new Hard Drives!

April 3, 2012 By 4 Comments

For those of you who work on ASA’s quite often you’ll know that there’s more and more, specifically SSL VPN related configurations, that you have to do with ASDM as opposed to the CLI. This forces us to use our old friend (read: nemesis) Java. It’s become quite a bit more polished over the versions, but still, using it to configure the ASA can sometimes be like pulling teeth. It Hurts! But here is some light at the end of the tunnel!

Getting A Peek at the ASA CX

ASA cx1

The new ASA CX was demonstrated to delegates at Networking Field Day 3 in San Jose, and I must say it looks pretty slick. It uses the SecureX Framework and for those of you who are unfamiliar with that framework I suggest a read over at Cisco’s Landing Page for SecureX. It leverages global and local security information for dynamic, real-time threat protection. One way that the SecureX framework leverages global security intelligence is by collecting customer data, which you have the option to opt-in to. Some may not like this idea, so be sure to pay attention when you initially set up your devices that are part of this SecureX framework (IPS, ASA, etc). You can chose not to send data, but the device still receives data.

Getting back to the introduction the ASA CX, as the demo proceeded, one of the delegates piped up and asked, “What’s it using for management?” The response… HTML5. That’s right, no java is needed to manage the ASA CX using Cisco Prime Security Manager.

Hardware

The ASA CX is sitting on the UC hardware and is in the form of a blade. Here’s a look at the box that was sitting in front of us during the NFD presentation.

ASA CX NFD

There are two models of ASA CX, the ASA CX SSP-10 and ASA CX SSP-20. Both have 600GB hard drives, which is a little new to the realm of ASA’s. In the past, there were no hard drives because they didn’t store all the data on box that they do now. These disks are hot swappable and there are two of them that can be seen in the image below.

Also, you can see in the images that there are two blades in the Chassis. The lower blade is the ASA and the upper blade is running a standalone version of Cisco Prime Security Manager. Packets handled by the interfaces on the blade with Cisco Prime are moved in hardware across the backplane to be processed by the ASA. What’s nice about this setup is that Cisco Prime Security Manager is NOT ASDM. You can still use ASDM to manage the ASA CX if you want, but with Cisco Prime, who would want to? The Cisco Prime Security Manager interface is a web based interface that uses HTML5 to navigate configuration elements and display information about the ASA CX.

ASA CX HD1

If you’d like the see the demo that Cisco has published I’ve embedded it below. This demo was done by Brian Conklin, the Cisco TME that presented to the Field Day delegates. This video does a good job of moving through the device features minus the distractions of delegate questions about features and capabilities that came to mind.

One a side note, if you like watching videos about technologies like this, there are a ton of other videos produced during NFD3 and available for you to view on Vimeo. To find them head over to http://techfieldday.com and select the field day that you’re interested in.

My Take

I think the ASA has made some great progress. While I love the CLI, I understand the necessity for a web based management solution and I think that the Cisco Prime Security Manager is heading in the right direction. It’s easy to complain about what vendors have and what they dont have, what they support and what they don’t support, and that’s fine. Most of us want to find the perfect solution for our given environment. I just dont think there is one. But, could this solution be leading the pack of tools that are available? Maybe, but you’ll have to get your hands on it to find out. Anyone want to send me one?

Filed Under: Cisco, Events, Firewalls, Network Management and Monitoring, Network Systems, Security Tagged With: , , , , , , , ,

You Might Not Belong In IT

March 31, 2012 By 14 Comments

It’s my opinion that conferences and events where you can discuss topics related to an area you are passionate with like-minded people are invaluable. Recently I had a discussion with a number of like-minded “networking nerds” and a very sensitive subject came up. What I’m talking about is the fact that some people might not belong in IT. Allow me to elaborate.
I’ve seen a trend, and maybe it’s this generation of “Winners”, that expect a company to provide all the tools and training to meet the requirements of their job. They couple this with the desire to do the bare minimum, and then complain when they don’t get what they want.

“Guess what; you’re dead wrong!”

At what point did people begin to believe that they didn’t have to know anything, aside from what a company teaches them, in order to collect a pay check? It’s this mentality that makes me believe there are a number of people who simply don’t belong in IT.

IT is about exploration

For those of us who have been in IT for a long time, you probably remember late nights of screwing with things that just wouldn’t work. It’s like that 4 year old who takes everything apart and tries to put it back together again. Sometimes you cant do it, but you try. You try and you learn. When you’re done you’re left sometimes, with a pile of parts and a deep understanding of how something was put together. I don’t see a lot of people doing this anymore. I see a massive group of people who expect to do whatever they want, whenever they want, and claim that the company didn’t give them the training they needed or the tools they needed to complete their assignment. Nobody wants to claim ownership and assume responsibility.

There is a cost involved in IT

For anyone who is considering a career in IT there are a few things you should be aware of. Here is my short list.
1. You need to learn on your own time.
This is the price we pay for an IT position. Today’s companies don’t have the training budget or the subject matter experts to turn you into a rock star. A lot of personal dedication is required on your part.

When I was learning the in’s and out’s of IT I spent a lot of personal time and my own money to learn how things worked. I stayed up late. I got up early. I forced myself to learn this because I loved what I did. True, I was single at the time, but I was married with a newborn when I got my CCIE in Security. The point is, if you love it, and you want it, you can prioritize and do it. Stop wasting time on Facebook. Nobody cares about your cat/dog or the new Eminiem album, or your farm, close family excluded. ( I can say this because I’ve caught myself doing similar stupid things)

2. If you don’t screw up, you’re not doing it right.

You have to make the mistakes to learn for the next time. Face it, nobody is perfect. Stop trying to be. Be who you are, own your mistakes, and move on. I can’t tell you how much I’ve screwed up. I’ve made huge mistakes, but I’ve also had big wins. Most people tend to forget the mistakes if you put up a few wins, but you don’t get the wins without the losses.

3. You need to ask for help, but don’t expect to always get it.

It’s ok to ask for help. And it’s ok to ask an employer for training. Just understand that you’re not always going to get it. To do well in IT you need to be able to figure things out without a lot of help. This means you should be a master of the search engine, and spend the time reading what you find. If you don’t like reading then try to search for video tutorials. The internet is an information mega-hold and you just have to learn how to use it.

4. It’s essential to follow your peers online and engage with the community.

Blogs, Twitter, IRC, Packet Pushers Podcast, Live Streamed Events, trade shows, user groups, forums, vendor networks and so on. Find a place where other people like yourself hang out, get involved in the conversation, and watch your technical knowledge and abilities grow.

I can honestly say that I would not know some of the things I know if it weren’t for the relationships I’ve made on twitter,the blogs I’ve read, the shows I’ve attended, and the community I’m a part of.

  • @Ioshints
  • @Etherealmind
  • Terry Slattery
  • Earl Aboytes
  • Wendell Odom
  • Todd Lammle
  • Russ White
  • @sfoskett

The list goes on, and on, and on…and I’m sorry if I didn’t mention you.

Wrap-up

I could go on for days on this topic, but I’ve tried to touch on a few areas that not only matter to me, but that I believe will help you in your personal career. I’m hoping my peers will have additional thoughts and add to the discussion. IT, while a profession, a career, and a job, can be more than that. To me, IT is a community of people, who like me, enjoy learning, breaking stuff, thinking about work arounds, sharing their thoughts, and developing an area of expertise in which nobody will EVER totally be an expert, but everyone is ALWAYS learning, growing, and advancing. If that’s not what you’re looking for then you probably don’t belong in IT.

Filed Under: Tips Tagged With: , , , ,

Using Hazel and Open Meta CLI for Document Management.

March 26, 2012 By 3 Comments

Not long ago Greg Ferro posted about is knowledge management process with PDF’s on the two post series, My Knowledge Management Process With PDF Files – Part 1 and My Knowledge Management Process With PDF Files – Part 2

I use a similar process and the same set of tools, however I don’t have DevonThinkPro down yet. The one tool that I am steadily becoming more and more of a fan of is Hazel. Hazel automates actions to folders that it watches.

I use Hazel to automatically tag files for me. Here is how my process works and what’s required.

The Tools

The only tools needed are Hazel and the Open Meta Command Line Tool. I’m also using LEAP in this post to navigate tagged files.

The Setup

Setup Hazel to Monitor a folder of your choice. In this example I’ve got Hazel watching the downloads folder for PDF’s from cisco.com.

Drop1

As you can see in the setup if the source URL is contains cisco.com and it’s a PDF I want to add the Tag “cisco”. Later on I can take actions based on the tags on files, or I can use Leap immediately to navigate my files using tags.

The Process

First Ill go out to cisco.com and download the ASA 5500 Series 8.4 and 8.6 configuration guide. When the PDF downloads Hazel leaps (it doesn’t actually leap) into action and tags the file for me.

Drop

Looking at the downloads folder with LEAP i can see that Hazel has tagged the file for me.

ASA

Takeaway

It’s not a perfect solution yet, but I am constantly refining it and it really does save me time in sorting through the digital stack of PDF’s sitting here on my virtual desk.

Where I originally got the idea.

I originally got the idea from DocumentSnap. In another post I’ll show you how I use the Fujitsu ScanSnap S1500 to scan paper documents in and automatically tag them based on content written on the page.

Filed Under: Mac, Tips Tagged With: , , , ,
« Older Posts

Social Widgets powered by AB-WebLog.com.