Author Archives: Michael McNamara

About Michael McNamara

I'm a network architect, security professional, programmer and loving husband and father.

Episode 15 – Thoughts on 2017

We returned to record our fifteenth episode on Sunday January 8, 2017.

Interesting News and Events

Roundtable Discussion – 2017 Thoughts?

Looking back at all the episodes we recorded in 2016:

01 >> How to Improve Yourself
02 >> Fast Deployment vs Planing
03 >> New Location Rollout
04 >> Evolution of Broadband Internet
05 >> Network Monitoring
06 >> Discussion with Avaya’s Roger Lapuh
07 >> Next-Gen Firewalls
08 >> Network Troubleshooting
09 >> LAB Environment
10 >> IPv6 Internet Addressing
11 >> Infrastructure Lifecycle
12 >> Fiber and Twisted Pair Cabling Plant
13 >> Campus Network Design
14 >> Building Temporary Interim Networks

  • SDN disruption continues – SDN-WAN has convincing arguments
  • Public Cloud / Private Cloud
  • Automation / DevOps
  • Small Scale IT vs. Large Scale IT vs. Humongous Scale IT (differing challenges to each)
  • Security Challenges / IoT
  • IT Generalist – Knowledge of Application Layer, Network Layer, Storage Layer, Computer Layer – extremely valuable going forward

Sideline

  • Consumer – cutting the cord – Video over Internet, Video on Demand, Streaming TV, AT&T DirectTV Now, Smart TVs, Hulu, Roku, Google Chromecast, Amazon Fire TV
  • What HD Channels get I get over the air? – USA

What tools are you using?

syslog-ng – I’ve running syslog-ng for the past 15+ years as my centralized syslog server with great success. Here’s a blog post from Balabit outlining how to deploy syslog-ng with Elasticsearch and leveraging Kibana to visualize the data on CentOS/RHEL.

Cheers!

Episode 14 – Building Interim Temporary Networks

We returned to record our fourteenth episode on Sunday October 30, 2016.

 Interesting News and Events

Roundtable Discussion – Building Interim Networks Small & Large

The use cases include conventions, events , temporary sites, construction, and disaster recovery.

Dom’s biggest temporary event – G8 Summit Germany Heiligendamm 2007
The Scout Router

  • The first device that is onsite for remote management
  • Connect all new devices and ISP Connections
  • Build up the rest of the network
  • Reverse with decommissioning the temp site you also can use a “scout router”

The preconfigured temp rack includes a half sized rack in a flight case on wheels.

All needed components for an instant network:

  • Switches, Routers
  • Firewall / Proxy Servers
  • Voice Call server / Voice Mail
  • Wireless Controller / Access Points
  • UPS / Power

Challenges

  • ISP connection
  • WLAN >> empty space vs. crowded space
  • Power
  • Passive Infrastructure

What tools are you using?

I’ve been working a lot recently with Aruba Instant APs, troubleshooting issues and tuning the configuration of over 600+ virtual controllers. I recently stumbled over AirRecorder from Aruba Networks as a very handy troubleshooting tool and flight recorded to capture data for later analysis.

What tools are you using?

Cheers!

Episode 13 – Campus Network Design

We returned to record our thirteenth episode on Sunday October 2, 2016.

 Interesting News and Events

Roundtable Discussion – Campus Network Design

How to build a Campus Network

How many devices will be on the network ?

What kind of Devices do you need ?

  • Switches , Core (maybe distribution) Access
  • L3 Routing , classic Routers, L3 Switches, Firewalls
  • WLAN Access Points, Controller
  • Wan Optimizer
  • Infrastructure for VoIP
  • What tools are you using?

How to build a redundant campus network:

Layer 2

  • Spanning tree, Multi Chassis Link Aggregation , LAG/LACP
  • Stacking, like Cisco Cat 3k line, VSS technology  or Avaya Switches, Juniper virtual Chassis , HP IRF
  • virtual Switch Clustering , Cisco vPC, Avaya SMLT, Cisco VSS

Layer 3

First Hop redundancy Problem:

  • VRRP
  • HSRP
  • RSMLT

Choose the right technology for your needs / usecase.

Protect your Network:

  • Loop prevention   STP, BPDU Guard
  • DHCP Snooping
  • Rate Limiting
  • Access control

Use a seperate management network for your network devices.

Use encryption for management such as SSH, SNMPv3 and HTTPS

Preconfig / Templates / Provisioning:

  • Switches
  • Ports
  • VLANs

Out of Band Management

  • Opengear
  • Cradlepoint

What tools are you using?

I recently needed a small compact remote jumpbox that i could use to help isolate a problem I was experiencing in a physically remote network. I employed a Raspberry Pi 2 Model B with Anker USB 3.0 to RJ45 Gigabit Ethernet Adapter which allowed me to use the small computer as both a jumpbox and a remote packet capture solution. I was able to manage the computer remotely over the built-in Ethernet adapter and then used the Anker (it’s actually a Realtek chipset) Ethernet adapter to capture the problem frames coming from a SPAN port using tcpdump with some capture filters. You’ll need to be careful of how much traffic you throw at the little computer but I was really impressed with how well the solution worked.

What tools are you using?

References:

Episode 12 – Fiber and Twisted Pair Cabling Plants

We returned to record our twelfth episode on Sunday September 18, 2016.

Interesting News and Events

hackingbible1998-crop

Roundtable Discussion – Fiber and Twisted Pair Cabling Plant

Cable plant considerations when upgrading network.

Fiber

If you are considering upgrading your network make sure you check the specs on your fiber plant. If you are already running 1Gbps you might not be able to run 10Gbps. There’s a big difference between a grey, orange (OM1 62.5um MM), aqua/blue (OM3 50um MM) , pink (OM4 MM) and yellow (Single Mode) fiber patch cables.

Examples;

  • Client was trying to replace ATM OC-3 links with 1Gbps links over 62.5um OM1 multi-mode
  • Client was trying to run 10GEBase-LR over 62.5um multi-mode which was over 1100ft in distance.

There are ‘newer’ workarounds available including mode conditioning patch cables and LRM transceivers that allow long haul optics to function over legacy OM1 fiber plants.

Connectors: ST, SC , LC, MTRJ, E2000, MPO

Copper

The same caveat applies to legacy UTP (unshielded twisted pair) wiring.
You only need 4 wires to run 100Mbps.
You need all 8 wires to run 1Gbps.

Example;

  • Client complained that desktops were only running at 100Mbps and not 1Gbps, eventually found that cable plant only had been wired for 4-wire and not 8-wire.

LED cables

What tools are you using?

Differentiating Application Performance vs Network Performance Issues

iPerf / iPerf3 – measure bandwidth and throughput across your network infrastructure. Great tool for gathering baseline observations and then validating real-world performance.

Cheers!

References:

Episode 11 – Infrastructure Lifecycle

We returned to record our eleventh episode on Sunday August 28, 2016.

Interesting News and Events

Roundtable Discussion – Infrastructure Lifecycle

 

Reasons for a refresh?

  • End of Life (EoL)
  • End of Support (EoS)
  • Performance
  • Expansion
  • Budgeting (new equipment might be less costly than maintaining older equipment under maintenance contracts)
  • New features requirement (PoE+ vs PoE / 10Gbps vs 1Gbps / 1Gbps vs 100Mbps)
  • Manageability

Strategic Lifecycle Planning – often companies plan and budget to replace their infrastructure every 5 – 7 years.

What kind of refresh ?

  • The easy one; 1:1 like e.g. one core switch for a newer cores witch
  • Technology change; like e.g. from classic STP to multi chassis link aggregation
  • Fabrics
  • Software Defined Networking

You can really stretch the budget by looking at second hand equipment, especially for non-critical sections of the infrastructure. Avoid grey market equipment and only work with a reputable vendor.

 

Reach out for the Vendors:

  • Educate yourself before the vendors show up
  • Compare different vendors and technologies with each other
  • Document the features that you are looking for in the solution
  • Proof of Concept – prove out the possible solution
  • Rollout Planning
  • Maintenance window – new product gets implemented to the production environment
  • Finger crossed (look for bugs)

What tools are you using?

Synergy – Synergy combines your desktop devices together into one cohesive experience. It’s software for sharing your mouse and keyboard between multiple computers on your desk. It works on Windows, Mac OS X and Linux. It’s only $10 for the basic version and well worth the money in Dominik’s opinion.

Michael’s technical challenge?

T460-heroThese past two weeks I’ve been working to figure out why the Lenovo ThinkPad T460 w/Intel AC 8260 wireless adapter wasn’t playing well with a Cisco 5508 Wireless LAN Controller and Cisco 1262N and 3702E Access Points. The device itself is pretty nice… very thin, not very heavy, great keyboard and doubles as a tablet. I’ll be sad to give it up when I figure out what’s broken. Watch my blog for a follow-up and possible conclusion.

Update: August 30, 2016 – workaround is to enable A-MPDU for 802.11n – Lenovo ThinkPad T460 Yoga with Intel AC 8260 Wireless Issues

Cheers!