Author Archives: sr71rocks

Cisco VIRL and Time for a New PC

My home PC is over 7 years old, and let me tell you…it was past time for an upgrade. I’ve been running Photoshop and Lightroom, along with an old version of VMware Workstation…talk about old and s-l-o-w! I started planning for a new PC earlier this year, but wasn’t really in a rush…just sort of waiting for something to push me over the edge…the “time to buy” edge.

Well, that edge was Cisco VIRL (Virtual Internet Routing Lab). One of the classes I attended at this years CiscoLive in San Diego concerned Cisco’s efforts in virtual network simulation. They have a commercial product (CMD – Cisco Modeling Labs), and they have a personal edition (VIRL). CMD is very expensive…as in, well…VERY. However, VIRL is reasonably priced…$200/year (it’s subscription based). VIRL is incredibly powerful and flexible; you can design and run many different types of simulated networks, all running real Cisco IOS (IOSv actually…a virtualized version of IOS). There is a limit of 15 nodes though…yes, that’s not really enough, but it does let you do a lot of testing and learning. (Visit here for more info on VIRL.)

Back to my PC. There was NO way it would ever be able to run VIRL…so I just had to buy a new one. 🙂

As you can tell, I don’t buy new PC’s often, so I wanted to make sure they last. The specs on my new PC…

Intel i7 Quad-core processor (3.6 Ghz)
32 GB of RAM (VIRL loves RAM!!)
Nvidia Graphics card with 4 GB RAM
1 TB hard drive
256 GB Samsung 850 PRO SSD drive (I added this in myself)

Wow…let me tell you…this thing rocks! And I spent today installing and running VIRL. (This is not an easy installation…you really need to follow directions, but it’s not really that difficult. Knowing your way around Linux sure helps though.) Here is a screen shot of VIRL with 6 routers configured…

VIRL installed and running…with a simple 6 node network configured

I have just scratched the surface of VIRL…it is incredibly complex, but that’s ok…I have a lot to learn, but the rewards will be well worth it. I will post more about VIRL soon.

RFC 1925 – Still Relevant After 19 Years

If you really need to dig into the protocols, then RFC’s (Request for Comment) are where you need to go. These “papers” are what defines protocols and other technologies, and are used extensively by engineers and computer scientists to properly program these technologies. As an example, if you need details about OSPF, then you could refer to RFC 2328 (for OSPFv2) and RFC 5340 (for OSPFv3). You will end up knowing way more about OSPF than you really want.

Now, as time marches on, technologies tend to get old and are replaced. And new RFC’s are written to define the latest technologies. However, if you have a few minutes, here is an RFC that should remain relevant for many years to come…and it was written in 1996…

The Twelve Networking Truths – RFC 1925

My favorite is 7a! Enjoy!!

Saturday Snapshot – Working Up High

I work for a large construction company in California which also owns a number of aggregate (rock) mines. So sometimes, the phrase “onsite” can have very interesting meanings…

Working up high at an aggregate mine

This week I had to do some troubleshooting of a microwave link from one of our plants out to a nearby mining pit (about 4 miles away). The view was spectacular! And a bit nervous at the same time…it is a steep and long climb to the top of this tower. When I took this picture, it was late in the afternoon and the plant had stopped production for the day…it was nice and quiet up here. However, I was up here several times the day before during production, and it was incredibly noisy, with lots of vibration, and a muddy mist showering down through the structure. Not a pleasant environment at all. I had my laptop wrapped up in a large plastic bag to keep it clean.

The problem ended up being related to an old switch (installed years ago by an outside vendor). I put a temp switch in place for now, but I’m going to install a proper switch, one designed for this kind of environment…such as the Cisco Industrial Ethernet 2000 series…

Industrial grade switches…much needed in my environment

Have a great weekend!!

New Horizons – The Little Ship that Could

If you are any kind of geek or into astronomy…(and I’m both!!)….then today was a great day!!

New Horizons image of Pluto from a couple of days before flyby (Image Credit: NASA/APL/SwRI)

The NASA probe New Horizons had it’s close encounter with Pluto, flying by the planet at a distance of only 7750 miles, and collecting a ton of data! And it survived the flyby just fine I might add. All this data though, will take about 16 months to fully transmit back to Earth…the probe is so far away from us that the data communications rate is only about 1 Kb per second. It will take about 45 minutes to transmit just one picture back to Earth. Incredible!!

Check out this story from NBC for a general update. For a really good technical story on how New Horizons transmits the data, check this out (note…it was written back in January).

Congratulations to NASA and the team at John Hopkins University Applied Physics Laboratory!! Job well done!!

In Finland, Doing the Crime Doesn’t Mean Doing the Time

Here is an incredible story out of Finland concerning the trial, conviction and sentencing of a youth heavily involved in cybercrime, payment fraud, botnets, and even calling in bomb threats. The kid (17 years old) was given a two year suspended sentence. I’m just shaking my head in disbelief…no wonder kids think they can get away with anything…because than can!!

Here is the Krebs story: Finnish Decision is Win for Internet Trolls.

And yes, I’ll say it one more time…you really should be reading Krebs on Security everyday. If you value network security in any way, then this website will help you better understand network security and the world we live in.

Network Virtualization with VMware and NSX-v (Oh Boy!!)

As network engineers, we all know that whenever “the network is slow”, we get the blame. Always. And then you have to drop what you are doing and prove that it isn’t the network. And in doing this, you will usually figure out where the blame really lies…typically a misbehaving server or poorly performing application.

What does this have to do with VMware and NSX? Well…let me explain. Over the years we have developed tools, applications, and procedures to figure out what is causing a network slowdown…things such as NetFlow, Wireshark, SPAN, network TAPS, MRTG, SYSLOG, SWATCH, etc. And for the most part, we have our act together. When I hear of a network slowdown, I usually have an answer within 15-30 minutes, or even quicker. We know our stuff, don’t we?

Well, over the last 4 years my company has largely virtualized all of our Intel based servers (Windows based mostly, with a few Linux servers for added flavor). We had two long rows of cabinets full of physical servers, and now we have most all of them on 6 very powerful VMware hosts. (It’s truly incredible to see.) And I have had to adjust…port-channels and nic-teaming, lack of visibility within the virtual switch, just to name a few. But now…

Things are changing BIG TIME. Next to get virtualized is the network itself. Want proof?…then read the following white paper from VMware about their NSX-v application..

VMware NSX for vSphere Network Virtualization Design Guide

Warning…this guide is big, over 90 pages. But your head will be spinning long before you get to the end.

And your mind will be blown!! Mine is. Incredible stuff is heading our way people, and we need to be ready. Or get left behind.

Kiwi Cattools – Awesome Tool for Network Engineers

As a network engineer, there are certain things that you must do, or face the consequences. Making backups of all your network devices on a regular basis is one of those things. Plus, monitoring your network for any configuration changes (whether authorized or not) is a good thing too. If you have a very small network you could keep track of all this manually, but if not, then you NEED a tool to take care of this. I would suggest using Kiwi Cattools (part of Solarwinds).

I’ve been using Cattools for many years, way back before Solarwinds acquired Kiwi. Cattools is very comprehensive…it can track configuration changes and alert you when they occur; it will perform regular backups and archiving of device configs; and you can use it to push changes out to your devices saving you lots of time (nothing like changing all your NTP server settings to over 100 devices in just a few minutes!!!).

If you recall from my post yesterday on securing SNMP, that configuration change triggered an email alert from Cattools last night letting me know that a change occurred on the switch, and showing me what the change was. The email had an attachment in HTML format that you can review in your web browser, and it shows the before and after configuration, high-lighting the changes…

Cattools alert showing ACL #2 addition

Entries in GREEN show additions, RED is changes, and BLUE is deletions. This is very cool stuff people!! Plus, the price is very reasonable. (Note…in case you are wondering, I do not get anything from Solarwinds for recommending their products. Unfortunately.)

So, for your peace of mind, get Cattools (or similar product) for your network. You will be glad you did!

Securing SNMP Access on Cisco Switches

Here is a quick and easy one…

I installed and configured Solarwinds Network Engineer’s Toolkit on a new server today, and did a quick SNMP (Simple Network Management Protocol) test to my core switch. Well, it didn’t work…which actually is good. It meant that I did configure access restrictions via SNMP. And you should too…if you don’t, then ANYONE can install an SNMP utility and try and gain access to your switches, or other network devices.

Here is my SNMP config on my switch…

SNMP Configuration

The “2” at the end of the line references access control list number 2…

ACL #2 – Restricting SNMP access

As you can see, I have configured SNMP access from two separate servers, which did not include the new server I was using today. (If no ACL was referenced, then anyone can access the switch via SNMP). I then added that server into ACL 2…

Adding another server to ACL 2

And everything worked just fine! So, moral of the story is to make sure and secure your SNMP access…and test it every now and then to make sure it’s working properly.

Thank You Dad…For Everything

My Dad – Grady Moore

Today is Father’s Day. And I still miss my Dad, even after all these years…he died of cancer in 1998, way too young at just 63. In all the ways you can measure the positive impact of a father, my Dad succeeded. I owe my intense curiosity to my Dad, and my love of aviation too. And even more importantly, my Dad showed me how to love the Lord, and how to treat a wife.

My Dad worked his entire career at Lockheed, starting on the line popping rivets. He helped build the Jetstar, C130 Hercules, C141 Starlifter and C5 Galaxy. I grew up in the traffic pattern of Dobbins Air Force Base, in Marietta Georgia, watching all these planes fly overhead night and day, for 15 years. Even now, I can identify a C130 or C5 just by the sound they make. During all of this, my Dad went back to school and obtained a degree in Education. And about the same time, during my high school years, Lockheed transferred my family to Lancaster California, where my Dad finished his career teaching the airlines how to maintain the Lockheed L1011 Tristar. He LOVED teaching, and did a great job with the airlines.

Lockheed L1011 Tristar

Thanks Dad for your example! There are generations of Moore’s growing up in your footsteps…and that’s a good thing!

Security Breaches…Here We Go Again

Greetings everyone…I’m back! My wife and I had a GREAT time in San Diego last week attending CiscoLive. It was an excellent conference, held in a great city (I love San Diego!!), and we had a wonderful time (my wife attended the Keynotes with me, along with the World of Solutions events, and the Customer Appreciation Event with Aerosmith). We tracked our steps and averaged between 13,000 and 15,000 steps each day…for each of us…wow!! We used a really nice app on our iPhones called Pacer, and it classified us as “Highly Active”. No kidding!! I’ll be posting some recaps of CiscoLive over the next several days.

Today, however, is more news within the field of security…or the lack thereof. And it’s not good folks…not good at all…

The US Office of Personnel Management announced a significant breach of their systems in which it’s estimated that personal information on between 10 to 14 million federal employees was stolen. (See the excellent report over at KrebsOnSecurity OPM Breach.) I heard a bit today from the Congressional Inquiry (that was very quickly organized I might add) that most of the affected systems were not properly secured (lack of timely patching of servers/systems, lack of robust authentication mechanisms…the list goes on). Part of me wants to stand up, turn towards Washington DC, and scream “Idiots!!”. But then the other part of me wants to run back to work, and double check my firewalls and routers…am I doing everything that I can to protect my company??

Ugh…security is a never ending process. One of the speakers at CiscoLive said that everyone has been hacked…whether you know it or not. I have realized now that I agree with that statement. I’m going to spend this summer double-checking all of my security processes and configurations. And I’m going to try and find evidence of an intrusion…I think it has already happened, but I’ve just not “seen” it yet.

One more bit of security news…if you are a user of LastPass, it too has suffered a breach. Here are a couple of good articles concerning it: NetworkWorld LastPass Breach and over at KrebsOnSecurity LastPass Breach.

Networks Are Cool — A Network Engineer's Blog

Having fun with networks and encouraging the next generation of network engineers