Author Archives: Michael McNamara

About Michael McNamara

I'm a network architect, security professional, programmer and loving husband and father.

Episode 9 – Testlab Environments

Podcast: Play in new window | Download (Duration: 42:03 — 19.2MB)

Subscribe: Apple Podcasts | RSS

We returned to record our ninth episode on Sunday July 24, 2016.

Interesting News and Events

Cisco Live US LasVegas

The CCIE Routing And Switching Written Exam Needs To Be Fixed by Tom Hollingsworth
Fixing The CCIE Written – A Follow Up by Tom Hollingsworth

Roundtable Discussion – Testlab

Why should we test something before we deploy it in the live production environment?

The difference between what is in the datasheet and the real world deployment.

Feature Testing / Configuration Testing

  • Is it working in general?
  • Comparison between different features / functions that provide the same service e.g.
  • Routing protocols OSPF, ISIS, BGP, EIGRP
  • Is it working with the new software
  • Is it stable
  • Failover tests /convergence times
  • Interoperability Tests
  • different features
  • vendors
  • device types like e.g. Firewall, Router, Server

Virtual Solutions

  • GNS3
  • Cisco VIRL
  • Juniper vSRX
  • A10 vThunder
  • Citrix vNetscaler
  • Cumulus VX

Performance Testing

  • Never trust the datasheets
  • Packet genrators:
    • iPerf / jperf
    • Spierent
    • IXIA Chariot

Monitor your testlab

  • Perfsonar
  • Check_MK
  • Netflow / Flow exporter

What tools are you using?

Jason Edelmann Networktocode On Demand Network Labs

Cisco Nexus, Cisco IOS, Cisco IOS-XR, Arista, OpenDaylight, Citrix VPX, Cumulus, Juniper vMX, Juniper vSRX

PacketLife.Net Community Lab by Jeremy Stretch. Jeremy closed the lab a few years back but it was a great resource for those that didn’t have access to the gear to test their metal and skills.

If you have any questions, thoughts, or feedback please leave a comment below.

Cheers!

Episode 8 – Network Troubleshooting

Podcast: Play in new window | Download (Duration: 43:40 — 20.0MB)

Subscribe: Apple Podcasts | RSS

We returned to record our eighth episode on Sunday July 3, 2016. Happy 4th of July America!

Interesting News and Events

Copa America – Chile defeats Argentina in penalty shots (I honestly felt bad for Lionel Messi)

Roundtable Discussion – Network Troubleshooting

  1. Understanding the problem.
    1. Is the problem impacting all users/systems or just a small subset?
    2. What this ever worked? Whatever is broken has worked in the past?
    3. Any scheduled changes that might be somehow involved in the problem?
  2. Identifying the individual components involved.
    1. Is the problem impacting all devices, mobiles, laptops, desktops?
    2. Is the problem impacting only specific applications or systems?
    3. What network components are involved? Firewall, load balancer, switch, router?
  3. Capturing/replicating the problem
    1. Is this problem easily replicated by yourself or someone else?
  4. Work the problem to resolution
    1. Be careful not to make the problem worse by jumping to conclusions.
  5. Document the fix and learn
    1. You’ve solved your first problem, make sure you document it in case you ever run into the same problem again, this way you’ll know what to-do and how to quickly fix it.
    2. If the problem is repeating and systemic then work to determine how to resolve the issue permanently. You may need to involve the hardware manufacturers to validate if you have a software bug.

Stelios Antoniou from PluralSight wrote an article back in 2009 titled, Cisco Network Troubleshooting for Beginners. It’s still a great resource for those trying to understand how to use the different tools available while troubleshooting.

What tools are you using?

I wrote about Ditto back in 2014 in an article titled, Windows Clipboard Manager – Ditto. I’m still a big fan of Ditto and I’m still using it today on all my Windows 10 systems. This clipboard manager saves me a lot of time as I cut and paste between applications. It’s also allowed me to go back and verify that what I actually cut-n-pasted was correct since it has a lengthy buffer and saves that buffer between reboots. You can even search the clipboard history. I’ve setup a few custom shortcuts that allows me to cut and paste multiple items at the same time.

Thanks to Damian from @PacketBrigade for giving us some feedback the last episode’s audio. While networking, firewalls and load balancers are second hand to Dominik and myself we’re both learning how to podcast and produce good content.

If you have any questions, thoughts, or feedback please leave a comment below.

Cheers!

Episode 7 – NextGen Network Firewalls

Podcast: Play in new window | Download (Duration: 48:45 — 22.3MB)

Subscribe: Apple Podcasts | RSS

We returned to record our seventh episode on Sunday June 19, 2016. Happy Father’s Day!

Interesting News and Events

We got so caught up in the network firewalls discussion we didn’t even cover any of the news stories.NGN

Roundtable Discussion – Network Firewalls

Is the Firewall only a defective router?

What do we want to achieve with a firewall:

  1. Visibility
  2. Security Zones / segmentation
  3. Policy enforcement

Running ACLs on switches vs a real firewall appliance
Statefull inspection Firewalls
VPN functions
SSL Intercept

NextGen Firewall

  1. Deep packet inspection , protocol and content aware
  2. IDS/IPS
  3. Sandboxing (Palo Alto: WildFire)
  4. automated updates >> cloud integration
  5. behavior based protection

Vendors: Palo Alto, Checkpoint, Cisco Firepower, Fortinet, Juniper SRX,
Dell SonicWall, Barracuda, Watchguard, Intel/McAffee Forcepoint,

Management: Palo Alto Panorama , Cisco Threat Defense, Checkpoint Multi-Domain Security Management, Fortinet FortiAnalyzer
Vendor Independent: AlgoSec, Tuffin

Virtualization: VMware NSX, Cisco ACI, Skyport Systems

What tools are you using?

WANem WAN emulation tool – available in appliance (ISO file) form from Tata Consultancy Services. Leverage variables such as delay, jitter, packet loss, duplication, packet reordering, corruption and bandwidth limitations.

Has your email address or username shown up in a user dump from a recent hack?
‘;–have i been pwned?

Cheers!

Episode 6 – Discussion with Avaya’s Roger Lapuh

Podcast: Play in new window | Download (Duration: 50:33 — 23.1MB)

Subscribe: Apple Podcasts | RSS

We returned to record our sixth episode on Sunday May 22, 2016.

Discussion

This week we had the opportunity to speak with Roger Lapuh, Product Line Manager and Architect for Avaya.

Past

The history of Avaya Networking, Wellfleet and SynOptics merged to form Bay Networks back in 1994. Northern Telecom acquired Bay Networks in 1998 and renamed itself Nortel. In 2009 Avaya acquired Nortel’s Enterprise Voice and Data business units through a bankruptcy auction.

In 1997 Bay Networks acquired Rapid City which spawned the first layer 3 switch in the Accelar product line. The product line was renamed to Passport and would eventually be renamed to the Ethernet Routing Switch.

SMLT Story and development
Layer 3 extensions RSMLT //  VRRP BackUp Master

Present

The first ideas to Shortest Path Bridging (SPB), the  development of SPB and the challenges presented in its design. The standards process in IEEE 802.1aq, the first implementation in the Ethernet Routing Switch 8600.

Packet Pushers Show 44 – The Case For Shortest Path Bridgingwith Paul Unbehagen and Peter Ashwood-Smith (Huawei).

Future

Distributed Virtual Routing (DVR) resolves the network tromboning between the Layer 2 fabric and Layer 3 gateways.

Port Mirroring over an SPB fabric creating a virtual tap network.

We have a large vibrant community using Avaya equipment over on the Network Infrastructure Forums, I would strongly urge you to stop by and see what’s going on.

Thanks again to Roger Lapuh for joining us!

Cheers!

Episode 5 – Network Monitoring

Podcast: Play in new window | Download (Duration: 1:00:44 — 27.8MB)

Subscribe: Apple Podcasts | RSS

We returned to record our fifth episode on Sunday May 15, 2016.

Interesting News and Events

Roundtable Discussion – Network Monitoring

  • Network Monitoring (is something up or down?)
  • Performance Monitoring (how is something performing?)
  • Application Monitoring (is an application functioning properly?)
  • Environmental Monitoring (how humid or hot is my data center?)
  • Electrical Monitoring (what’s the state of my PDUs, UPSs, generators?)
  • Why should we monitor
  • What should we monitor
  • How should we monitor: SNMP , Agent …
  • Categorys of Monitoring Tools : Alarming , Graphs, Trap receivers , Flow Analyzer,
  • Vendor specific tools
  • Overview of available tools at Wikipedia:   https://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems
  • Vendor Products: PRTG, SolarWinds, HP OpenView, CA Spectrum, Microsoft SCOM, Statseeker, WahtsupGold, Grafana, Zabbix
  • Open Source: Nagios, Icinga, Check_MK (OMD), MRTG, RRD, Cacti,
  • Custom crafted Monitoring:
  • US department of Energy (https://my.es.net/)
  • Challanges:
    • Active vs passive monitoring (MPLS Explorer)
    • Visibility (https://my.es.net)
    • Maps and visualization
    • Keep it up to date
    • custom check development

What tools are you using?

Dominik highly recommends that folks check out Check_MK, if they are interested in looking at a new monitoring solution. Mike suggests you also give a look at PRTG, there is a 100 sensor version of PRTG available for free.

Cheers!