Category Archives: Technical

Creating Uplink Port-Channels in UCS Manager

Recently, a customer asked me for a quick how-to for plumbing and configuring northbound port-channels on their UCS B-series setup. The basic install including management access had been completed some time ago, but as projects sometimes go, this one had been back-burnered for some time so we were just getting around to making it work.

Continue reading

Tagged , ,

ASA File Operation Tips

I’ve been working on Cisco’s ASA firewall platform for years, and I continue to work on a variety of environments with multiple generations of the ASA for clients at H.A. Storage. One of my favorite features of the ASA platform has been the quality of the high-availability failover mechanism, which is generally very reliable, fast, and seamless.
Tagged ,

The Buzz About NetBeez

One of the great benefits of attending Tech Field Day events is the opportunity to learn about new startups that I might otherwise not have heard about. And one of the great things about startups is their ability to apply a fresh set of eyes to long-standing problems without being bogged down by existing products or past decisions.

Continue reading

Tagged , , ,

Normalizing ACLs to Support Automated Changes

Although I look forward to network fabric management seeing broad deployment, the fact is that many networks (and especially enterprise LAN/WAN) will be managed with traditional methods for some time yet. Inconsistencies in device configurations can present a barrier to some types of automation. In this article, we’ll explore that very challenge and a resolution I came up with to handle it.

Continue reading

Tagged , , ,

Managing the Network as a Fabric — About Time!

Earlier this September, I attended the Tech Field Day Networking Field Day 8 event. Over the course of three days, we saw presentations from many very interesting vendors including a mix of startups and established market leaders. One trend that really stuck out to me more this time around than at any previous NFD event was a nearly ubiquitous emphasis on data center network fabric management. In other words, truly managing an entire data center network (or at least a sub-block of it) as a single unit.

Continue reading

Tagged , , , , ,

Using EEM to Remotely Change a WAN IP – Part 1

I often work remotely on customers’ infrastructures with their remote hands on-site. When a small office or branch changes ISPs or IP blocks, I occasionally find myself in a position where I have to change the only public IP address of a device like a branch office router or firewall, with no out-of-band management. The trouble with this is fairly obvious (on a Cisco device): by changing the IP address via which I am accessing the device over SSH, I will lose my own management session to it. Once the management session is lost, I can’t update the default route, and now the device is broken and I get to walk the on-site hands (who are often not very Cisco-literate) through changing a default route.

Continue reading

Tagged , ,

Weighing AWS VPN Options

Earlier this week, a client asked for some assistance in building a VPN from their corporate office to Amazon Web Services for a project they were doing. I’ve done this a few times before, a few different ways, so I proceeded to give my client some pros and cons of the two most common methods I’ve used. After putting that analysis together, I realized it could be helpful for others so here it is (with the addition of a few snazzy diagrams!).
Tagged , , ,

Server Brawn + Switch Brains = Infrastructure Fabric

Last week I attended Networking Field Day 7, and was introduced to Pluribus Networks. Pluribus is taking an interesting approach to building the data center fabric, by combining high-performance data center top-of-rack (ToR) switching with powerful server internals in a platform they’ve dubbed the Freedom Server-Switch.



The Freedom platform can be loaded to bare with RAM and storage along with some pretty powerful CPUs (this data sheet provides all the details), which enables embedding various network (and not-so-network) services right in the network at every edge. The platform runs the NetVisor operating system, based on BSD. This software can be had in various feature levels:


Various services that can be enabled beyond typical L2/L3 network services include DHCP, DNS, PXE, load balancing, CDN functions, NAT, NAS (yes, really), and traffic analytics. Since these switches are designed for deployment as leaf nodes in leaf-spine architecture datacenters, this embeds these services right at the network ingress point for each connected device.
You may be thinking about the potential administrative overhead included with performing advanced network services on each ToR switch, but that burden is eased with fabric-wide management features that allow an administrator to interact with any node in the fabric and issue commands that can affect a subset of fabric nodes, or the entire fabric at once.
During the NFD7 demonstration, Pluribus Networks CTO Sunay Tripathi showed us the ease with which the entire fabric (the Fabric Cluster, as they called it) could be programmed to single out a specific traffic flow (based on any number of parameters), and perform some operation on it such as redirecting it to a specific port, a service running on the Freedom platform, or copy the traffic to local storage. With a couple commands, he was able to intercept and store traffic matching the flow parameters from anywhere on the network the flow may appear. This was powerful stuff. And of course, since Pluribus exposes APIs for accessing these features, one can imagine the ability to automate various network service functions from external applications. In fact, Pluribus provides an SDK for “bare metal” access to the switch so that future applications could potentially extend functions beyond anything that’s been thought up so far. Additionally, VMs can actually run on the platform, so perhaps other functions traditionally centralized in the network (IDS/IPS, anyone?) can be embedded right at the network edge.
Something that really struck me about the Pluribus NetVisor software was that the fabric was equally manageable from a Unix command line, a rich switch CLI (although the syntax looked quite a bit different from anything I’ve ever used, so there’d be some learning curve there), a web-based GUI called vManage, and a variety of API interfaces. Lately, the industry has been laser-focused on APIs, APIs, APIs. I thought Pluribus struck a good balance with their approach recognizing that the CLI is not dead, and APIs provide another, but not exclusive, vector for network management. These various tools could be leveraged by network administrators that are comfortable and adept with different administration models and none appears to be handicapped by their choice.
More than that, though, what I saw in Pluribus’ platform was a bold attempt to move toward what may well be an inevitable future. I’ve been thinking for some time about how in the not-so-distant future as network, compute, and storage facilities coagulate we’ll not have many “network engineers” or “server engineers”, but rather “infrastructure engineers” who know how to work everything. Sure, we may still retain a focus or specialty, but it’s going to become very difficult to claim “I’m a network engineer. I just provide the network. Servers and storage aren’t my thing.” At least, if you want to stay relevant and have a job, it will be difficult.
The Pluribus Freedom Server-Switch really embodied that notion. Rather than building a high-speed switching fabric that has services blocks hanging off of it to provide network services, application services, storage, security, monitoring, and even applications themselves, the Pluribus solution struck me as an infrastructure fabric, providing many of those services right in the fabric, at every point of ingress and egress. Surely Pluribus is not trying to replace enterprise or tenant servers themselves, but moving the various utility services into that infrastructure fabric consolidates the deployment, administration, and management of those infrastructure support services allowing the servers and storage attached to the fabric to be used for what they’re intended for — applications.
While I saw a lot of promise in the Pluribus Networks offering, I do think they will have a bit of an uphill battle in many shops that have not yet moved to a more consolidated “infrastructure team” approach (which is most environments I see), as the server and storage teams may feel threatened by the idea of “the network” running various services and even hosting storage. I suspect this technology will be a better fit in more agile environments that have embraced a holistic approach to infrastructure services.
I strongly recommend watching these videos from Networking Field Day 7 as they really demonstrate the fascinating approach Pluribus Networks has brought to the table. Pluribus Networks also has some good whitepapers sprinkled around their site that are worth a read as they present some good technical detail rather than just marketing fluff.
Pluribus Networks was a sponsor of Networking Field Day 7. At no time did they ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
Tagged , ,

Faking an ASA as a DNS Forwarder

I came across a good tip the other day that was very helpful during a small site firewall migration. Here’s the back story:

I was migrating a small single-site customer that had, up to this point, been using a FIOS-provided consumer-type router/firewall/access point to some Cisco gear including an ASA firewall for better firewall/VPN capabilities. This is fairly common with small businesses that start out with essentially consumer-style connectivity and finally begin to grow to a point of needing business-grade capabilities. My preparation went fine, and when the time came I swapped the ASA firewall in place of the FIOS-provided one. Then everything broke.

Continue reading

Tagged , , ,

Using the Cisco CSR1000V in GNS3 With VirtualBox

The better part of a year ago when the Cisco CSR1000V was publicly released, I quickly tested the notion of running the Cloud Services Router in VMWare Fusion on the Mac, rather than on a full vSphere server. Since then, I occasionally see that some readers land on my blog after searching for the terms “CSR1000V GNS3” looking for assistance in integrating the CSR with the popular networking simulation platform. The CSR1000V is attractive as it provides a means to run IOS-XE, the same variant as on the ASR-series routers, and unlike Dynamips, Cisco has blessed use of the CSR with the 2.5 Mb/s throughput-limited trial license as a legitimate labbing platform. Last night I decided to see if it could be done. Turns out, it’s easy.

Continue reading

Tagged , , ,

Virtualization, Storage, and other techy stuff

The Stupid Engineer

I ask those questions you're too clever to.

Sunay Tripathi's Blog

Pluribus Networks Founder's Blog on OS, Networking, Virtualization, Cloud Computing, Solaris Architecture, etc

Ed Koehler's Blog

Just another weblog

Data networking, stray thoughts, nerdy fun...

Network Heresy

Tales of the network reformation

The Borg Queen

Jottings on the intersection of tech and humanness

Networking From The Trenches

Ramblings about my thoughts, experiences, and ideas.

Networking 40,000

Attaining my CCIE with the help of Warhammer 40k

Network Shenanigans

Making Packets Do Silly Things

It must be the network...

Ramblings of JD (@subnetwork)

Not Another Network Blog

Musings from yet another IT nerd

rsts11 - Robert Novak on system administration

Resource sharing, time sharing, (20)11 and beyond. A retired sysadmin's blog.