Please note that I have moved this blog and you will be redirected to the new page @ netprovia.se

Saturday, February 16, 2013

New home

I have moved, look for me at netprovia.se

Wednesday, September 12, 2012

Design your network BEFORE you buy it


How would you go about building a house? Would you buy building materials and the equipment you think you will need and then start building hoping that it will turn out ok? Or possibly even make some drawings based on what you have purchased before picking up the hammer? If the drawings shows that you have forgotten something important, would you then buy the missing parts even though you have spent your budget? Or maybe just try to build around it?

Or maybe you would hire an architect to draw the house for you? Someone with experience who knows what will work and what will not. Someone who is an expert in their field who can not only design best in class but also tell you where you can save money and of course how that will affect the end result.

I am thinking that pretty much everyone would go with the architect option.

The same reasoning applies to network design (and every other part of IT, of course). During my years I think I have seen it all.

  • I have been placed in charge of designing networks AFTER equipment worth millions of dollars have already been bought and delivered.
  • I have designed networks that have had to be seriously scaled down due to cost issues. 
  • I have revisited these networks a year later and modified base design to solve issues caused by budget constraints. These networks end up more expensive but still less feature rich than they could have been had they been done right at attempt #1.
  • I have done designs for data centers where the network equipment have the same or even smaller budget than ONE of the servers it is meant to supply with network services. (Many network engineers would cry if they knew how much a single server can cost.)
  • …the list might never end on its own.

The number one enemy of a good design is the same as for any other project: Cost. Not really that strange considering that money does not grow on trees. But even in 2012 it feels as if the value and importance of a good network is not understood by the general CIO. The network is just a hole in the wall right next to the electricity socket. Who cares what happens beyond that point? It just works, does it not?

So a few requests from a humble network architect. (Keeping the list short so that it will be easy to remember.)

  • Realize that all those fancy server you buy needs a network that can support the somewhat extreme power of modern servers. You would not buy a Formula 1 car and drive it in the woods, would you?
  • Realize that even though the general life cycle of a network is longer than that of a server farm it still has a cycle. You will have to update it just like you update your computers, mobile phones, servers and pretty much everything else.
  • Design your network BEFORE you buy it. 


Friday, March 30, 2012

New Service Provider v3 workbooks

Oh happy days. Not only has INE released new SPv3 workbooks, they also updated their site to a very improved dashboard. And to top it all off I get the upgraded workbooks even though it's been nearly 3 years since I bought v2 workbooks. Perfect!

All I need now is rack rentals..

Thursday, March 15, 2012

Laser in ze eyes - EPI-LASIK

Here's description of my experience from yesterdays eye surgery. It's in swedish because right now I can't be ar*ed to rewrite it in english. Pardon my laziness as well as my inability stay on-topic in this blog ;)

Innan jag bestämde mig för att göra detta kollade jag runt bland vänner och bekanta. I efterhand upplever jag att jag inte riktigt fick en rättvisande beskrivning av hur det kunde vara så här kommer min beskrivning.

Summering: jobbigt så in i helvete i början men värt det i slutändan.

Ingreppet var inte alls farligt. Började med att jag fick bedövande droppar och en lugnande tablett. Det kändes ungefär som när man får bedövning hos tandläkaren. Sen fick jag lägga mig på en brits. De rengjorde med alkohol runt om ögonen och jag fick in lite sådant i vänster öga. Det sved som f*n men jag fick mer bedövande droppar så det gick över inom några sekunder. De snålade verkligen inte med bedövning! Jag gjorde den metod som inte innebär att de gör ett snitt i ögat. Vad de istället gör är att de löser upp den skyddande hinna man har på ögonen. Själva lasern är sedan en ytbehandling istället för innanför linsen som den gamla metoden är. När de löser upp hinnan måste de också skrapa bort den och det kändes lite märkligt. Gjorde inte ont eller något sådant utan mest bara konstigt att ligga med uppspärrat öga samtidigt som någon skrapar. Men som sagt, inte ont, inte obehagligt eller något sådant. Själva laseringreppet tog ca 20 sekunder per öga och det kändes inte alls. Man ska titta på en grön prick och det kunde iofs framåt slutet kännas lite stressande. Men samtidigt kände jag mig helt lugn för jag visste att om jag rör för mycket på ögat stängs den av. Det var lite läskigt att de gjorde ett öga i taget. Skrapade ena ögat och körde lasern och sen körde de det andra ögat från skrap och framåt. Jag hann känna viss oro för att det skulle vara jobbigt med andra ögat men det gick snarare fortare. Men jag tyckte det var svårare att fokusera på den gröna pricken så jag var lite mer stressad av det. Men som sagt, 20 sekunder laser och de säger hela tiden "25% klart, 50% klart, 75%klart" samt att en av dem höll försiktigt i huvudet och bara upprepade "titta på gröna pricken". Så det kändes lugnt och säkert.

Det jobbiga kom efteråt. jag var inte alls förberedd på att jag skulle vara så obscent ljuskänslig som jag var. De hade sagt att jag skulle kunna gå till väntande bil (men inte köra) men det kan jag säga att det kunde jag inte. Pappa hade parkerat på drottningatan, typ 30 meter från porten. Inte ett moln på himlen och solen stod rätt i ögonen. Det var lite halvjobbigt att hitta fram, om man säger så. Sen var det riktigt jävligt fram tills att solen gick ner. Tänk dig att någon sitter med en strålkastare in i ögonen hela tiden, även när du blundar. Jag låg i sängen under dubbla täcken men stördes ändå av det vita underlakanet som reflekterade för mycket ljus. Och ja, jag hade naturligtvis dragit för alla fönster och stängt dörr osv. När bedövningen släppte började det också göra väldigt ont i höger öga så jag var tvungen att ta de smärtstillande dropparna som jag hade fått förhållningsorder om att försöka undvika. Fast jag tror egentligen att det största problemet var ljuskänsligheten.

Det blev lite jobbigt när jag skulle ta dropparna första gången. Jag kunde inte öppna ögonen tillräckligt länge för att se vilka två av de fyra flaskorna jag fått som jag skulle börja med. Två ska jag ta första tio dagarna och sedan byter jag till en tredje. Den fjärde flaskan är "bara" ögonbalsam som jag kan ta när jag vill. Det tog ungefär 15-20 minuter att lista ut vilka två det var jag skulle börja med. Det var SJUKT frustrerande! Det underlättar förmodligen att inte vara singel ;)

Det bästa var nog att en kompis gjorde detta för 2-3 veckor sen. Han berättade att det hade varit riktigt jobbigt första tiden efteråt. Det var väldigt nyttigt att få höra det för jag hade inte hört någon säga något om att det skulle vara jobbigt. Det hade gått så bra så för alla så om jag inte hade hört den där "skräckhistorien" om hur det hade varit för honom så hade jag nog drabbats av panik över att det omöjligtvis kan ha gått rätt.

Idag är jag fortfarande ljuskänslig men inte alls som igår. Jag är glad för att det är molnigt just nu. Men det blir bättre och bättre hela tiden. Redan nu är det väsentligt bättre än vad det var när jag vaknade för ett par timmar sen. Så länge solen inte skiner in klarar jag mig egentligen utan solglasögon men det är skönare med så jag fortsätter iaf dagen ut.

Synen är märkbart bättre men det har inte stabiliserats än. Det tar väl någon dag eller två till. Ser också fram emot måndag då bandagelinsen tas bort..

Wednesday, February 22, 2012

Multicast PIM-DM Acrobatics

Imagine a network looking like this:



Green boxes symbolize a small portion of two different MANs under the same management. Each city is running PIM-SM with their own RP. The cities interconnect with BGP and MSDP.

City1-R1 is directly attached to an IP-TV Service Provider. There is no PIM neighborship, the SP is just flooding all their streams out the interface connected to City1-R1.

Everything is working just fine in City1. The streams are visible in the Multicast routing table and customers all over the city can view the different channels. The MAN operator now wants customers in City 2 to be able to watch the same channels. This should be possible since they have a working MSDP connection. But of course it doesn't work because that's how it is in our wonderful world. Things don't work(tm). City2-R1 (RP) lacks the SAs from the Service Provider. Looking at the mroute table on City1-R1 reveals the following sample
#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 233.x.y.z), 7w0d/00:02:34, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Sparse, 00:41:21/00:02:30
    Port-channel70, Forward/Sparse, 11w0d/00:02:34

(a.valid.source.1.1.1.1, 233.x.y.z), 1w5d/00:03:27, flags: T
  Incoming interface: Vlan42, RPF nbr validNbr, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 1w5d/00:02:40, 
Spot the flags for the S,G entry.  We are missing the A or M flags. This entry will not be propagated using MSDP. The first solution seems to be to just ask to get a MSDP connection with the Provider (will give the M-flag = propagation will occur) but this was not possible. The provider gave an explanation with some acceptable (..weeell..) arguments so we had to find a different solution.

This is when it becomes painfully obvious that Multicast is a bit of a black hole. There's not a lot of resources out there. Well that's not entirely true. There are resources but there's not a lot of real world examples. The solution finally seems to appear when an operator of the MAN remembers that he saw something about dense-mode during an Advanced Multicast session at CLEUR2012. After some digging we find that there's an add-on to ip pim dense-mode. Proxy register! From documentation:
Dense Mode with Proxy Registering
For a router in a PIM sparse mode (PIM-SM) domain configured to operate in sparse mode or sparse-dense mode, the ip pim dense-mode proxy-register command must be configured on the interface leading toward the bordering dense mode region. This configuration will enable the router to register traffic from the dense mode region with the rendezvous point (RP) in the sparse mode domain.
So we change from ip pim sparse-mode to ip pim dense-mode proxy-register on the interface facing the provider and whoop. A new show ip mroute:

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
       V - RD & Vector, v - Vector
 
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 233.x.y.z), 7w0d/00:02:51, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Dense, 10:35:15/00:00:00
    Port-channel70, Forward/Sparse, 5w0d/00:02:51

(a.valid.source.1.1.1.1, 233.x.y.z), 5d23h/00:03:23, flags: TA  Incoming interface: Vlan42, RPF nbr validNbr, Mroute, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 5d23h/00:03:01, H
Spot the flags. We now have an A which means that it will be sent to MSDP peers and verification on City2-R1 shows:

#sh ip msdp sa-cache 233.x.y.zMSDP Source-Active Cache - 1 entries for 233.x.y.z(validsource.1.1.1, 233.x.y.z), RP 10.11.254.2, BGP/AS 65001, 00:01:40/00:05:16, Peer 10.x.y.z 
 
#sh ip mroute 233.x.y.z  
(*, 233.x.y.z), 00:02:53/00:02:36, RP 10.x.y.z, flags: S  Incoming interface: Null, RPF nbr 0.0.0.0  Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36
 
(validsource.1.1.1.1, 233.x.y.z), 00:02:53/00:03:21, flags: MT  Incoming interface: Vlan2002, RPF nbr validNbr, Mroute, RPF-MFD   
Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36, H
There we go. dense-mode proxy-register solved the issue and customers in City2 can now view the channels. Note that this is a workaround solution implemented while waiting for the provider to be able to setup MSDP connections.

Saturday, February 4, 2012

Cisco Live Europe 2012

The Event

CLEUR 2012 was a LOT better than 2011. They had redone the entire venue from last year. Last year the venue felt extremely large (which it is) because there was so much walking about and while walking between different areas there were no real sense of continuity. For 2012 they had obviously given it more thought. Everything felt more like one (extremely) large area instead of several different islands who just happened to be in the same (extremely) large building.

CLEUR 2011 also left a lot of people hungry because quite frankly, the food was utterly worthless. I'm sorry England but you have no sense of taste what so ever. I'm guessing that quite a few people expressed this in the event review afterwards. This year they had given it more effort and I have to say that none of the lunches attached themselves in my memory. That might not sound good but remember that we're talking about lunch for oh I don't know how many, around 7k? It's impossible to serve something that anyone will remember as one of the top 5, 10 or even 100 experiences of their lives. Look at it from the other angle instead, if I don't remember the lunches they can't have been bad, right? Well done! 

But same as last year, there's just not enough coffee available. I realize that they don't want to serve coffee outside of the breakout rooms because they of course want the people to move down to the World of Solutions. They need to have people there or no one will pay for a booth next year. That's all understandable and acceptable. BUT! With only one escalator going each way to/from the breakouts and World of Solutions as well as a pretty damn long walk it takes better part of a 30 min break to just do a coffee raid. And what's with not even having coffee in the World of Solutions at the lunch break? Official response from @CiscoLiveEurope was that there would be Coffee at 3 pm. Guys, seriously. We swedes need our own coffee container!

Keynotes

I barely remember what Padmasree Warrior talked about. The entire speech felt more like something aimed at management and not the more technical types who I am sure makes up at least 98% of the attendees. We're not interested in fluff. Fluff is for those who don't understand what's really going on. Yes, I'm talking about management.

Dave Evans gave the second keynote. It was slightly more interesting but I think he left his charisma in some sort of jet lag or something. Don't look at the floor! Change your tone now and then! And be more prepared when you "interview" the guest speaker.

Richard Noble from Bloodhound Project was guest speaker during the second keynote. Excellent! He was way more charismatic than Dave and I would really have liked to hear more about the Bloodhound project!

So in summary: this years keynotes lands at the bottom in the list of Live's I've attended (only 3 so still Bronze, I guess).

Breakouts


It was much harder to schedule my breakouts this year. Probably because it was my third time in four years. I skipped a lot of sessions because they felt like something I've heard before. But as always there were a couple of good sessions. I especially liked the session about IPv6 security. I wish I hadn't changed form Advanced LISP to Carrier Ethernet as techtorial. I've been to three techtorials now and the best one was my first. It was about Datacenter and they did about 60 min (?) of talking followed by 15 min of demo about what they had just talked about and then on to the next subject. The other two were pretty much 98% talk and 2% demo. That's not a good setup for a 9 hour day. It needs to be more alive. I will have to think very hard about a techtorial next year. It's not worth the 500 extra quid for about as many extra slides.

Summary


All in all I'm happy with the week. 8.5 routers out of 10. I can't really think of anything they could do to make it better. At least not something that is likely. More escalators would be a nice surprise, I guess. I feel a bit Cisco-Live-saturated and as it is right now I don't feel like going next year. But I know that will change I will most likely be back in London this time next year.

So yeah, apart from not having coffee CLEUR 2012 was a VERY well planned and designed. Well done!

Monday, January 9, 2012

CCIE Security by the end of 2012?

Nah, not likely. I've bought workbooks and I'm actively following two co-workers who are both studying for their CCIE Sec. For now I'm mostly interested in the technology workbooks but who knows, maybe I'll go for an attempt at the lab myself.

I'd prefer Service Provider, though...

"What's your best advice for CCIE preparations?"

I get a lot of questions from co-workers and others regarding advice for the CCIE lab. Here are my own personal top two. The two things that I truly feel helped tipped the scale:

1) Take care of yourself. During those last months of serious labbing I still took the time to exercise. Go for a long walk, take a run. Go for a swim. Anything that gets you moving. Eat right. Take care of yourself! It really helps you to get the most out of a 12 hour lab session. 

2) Go for that first attempt even if you feel you're not ready. I've written about that before so go read that post as well.

Did you come here from Google looking for tech advice? I have a few of those as well but none of those made an impact as huge as the two above.

Monday, October 17, 2011

There is a post-CCIE life

The best thing about being DONE is that I can finally come home and sit down with something other than a Cisco Press book. I can actually do non-tech stuff without feeling that stab of guilt. I think I've forgotten how, though :o

Next on my tech-related schedule is:
  • Develop a series of workshops for my colleagues going for their CCNA
  • Develop a series of workshops for my (other) colleagues going for their CCNP
  • Write an internal Best Practice document regarding Data Center networking

And I must not forget to have some fun so I'm also going back to my old CCIE SPv2 workbooks. No, not because I want the certification (which I do) but because SP is the most interesting part about networking (imho).

Saturday, October 15, 2011

Clarifications about the reread

I've gotten a lot of "well don't forget undebug all"-comments. A couple of clarifications here:

1) The lab is very stressful. It's easy to not think straight when you're running out of time. For every device that I forgot to disable debug on there are 10 that I did NOT forget to disable debug on.

2) I'm not even sure if debug was the issue. It could have been anything.

I could have gotten new questions that they hadn't had the chance to perfect the grading scripts for yet. I can think of several technology specific issues that I will not say out loud due to NDA. I said "do not fear the reread" and what I meant was; When in doubt; ask for a reread. Do not fear the statistics that more or less tell you to fsck off.

JUST DO IT.