This show represented a very hands on capability with many many examples of how you, as a user of our products, can tweak and modify these device to fit your particular need. It was a surprise to me that Cisco stands alone in doing this. In other words, its a lot of work (for a manufacturer) to safely expose this type of access to customers. Its just not normal. Think about it -- the more open you make something, the more potential for issues it would seem to generate so the question becomes, why did Cisco do this? The obvious answer is because we can and customers find it useful.
Looking for a few quick links for more info?
Segment 1: Fundamentals of Embedded Management
Guest: Tracy Jiang, Product Manager
“Tracy Jiang joined Cisco in early 2001 and currently works as a product manager in the Network Software and System Technology Group. Her major responsibilities include driving the technology strategy for embedded management, network automation and programmability. She also leads the video monitoring solution for the enterprise video system initiative. Tracy holds a B.S. in Computer Science from Peking University, China, a M.S. in Computer Science from University of North Carolina in Chapel Hill, and a MBA from Hass School of Business in UC Berkeley. Tracy is married with a three year old daughter who consumes all her spare time which would otherwise be spent on her hobbies such as singing and playing tennis. ”
Segment 2: Creating a Custom Interface for IOS
My kids would always repeat back to me ‘You get what you get and you don’t throw a fit.’ This was apparently a common mantra used in their pre-school to eliminate the inevitable whining we somehow learn to suppress (some of us better than others) as we grow older. Bruno Klauser pulled a couple of cool tricks out of his hat showing us some flexibility that says you can make this easier for yourself and others with a relative ease…
Links from Bruno:
- Embedded Menu Manager: http://tinyurl.com/emm-in-124
- EASy Customizable IOS Tcl Web Server: http://www.cisco.com/go/easy
- Tweeting Router: http://twitter.com/EASyDMI
A little bio on Bruno:
Bruno Klauser works at Cisco as a Consulting Engineer for Network Management and OSS in the European Pervasive Technologies Team and for the Innovation Consulting Engineering Team, based out of Zurich, Switzerland. Within this field he’s focussing on the adoption of autonomic concepts and Network Automation based on Device Manageability Instrumentation (DMI) and Embedded Automation Systems (EASy). Bruno’s secondary focus is on Operations of MPLS Core and MPLS-based services. Key Deliverables include white paper and book chapter contributions, proof of concept demonstrations, transfer of information seminars and supporting development and architectural groups within Cisco and the industry. Bruno is a member of the IEEE and co-organizer of workshops related to his focus areas. Prior to joining Cisco in 2000, Bruno has worked as Software Engineer, Software Architect and Project Manager in SP network management projects and network management software development teams. He holds a diploma in Software Engineering from University of Applied Sciences Brugg/Windisch, Switzerland as well as a Master of Advanced Studies diploma in Human Computer Interaction Design. Bruno is married and father of a boy born in 2001 and a girl born in 2004.
Segment 3: Simplify License Installation on your ISR
Good old, FOT (Friend of TechWiseTV), Matt Lambert, he has been on the show a number of times…I think we are in line for a Telly Award with the ISRG2 Launch show we first did with Matt. This show is a MUST SEE…
But back to this show…
The Problem? Telecom providers were having licensing activation issues with the ISR G2 due to the incredibly broad geography and number of devices.
We joke that Matt may actually be ‘the brother from another Mother’ he and Jimmy Ray get along so well.
Matt Lambert has been an indentured servant of Cisco Systems since starting as a college intern in 1996. His major qualification continues to be an unnatural ability to rack-mount large routers unassisted. Since those humble beginnings as a poverty-stricken college student, Matt has gone on to work as a poverty-stricken Technical Marketing Engineer specializing in a wide range of technologies over the past decade including: ATM & Ethernet Switching, Broadband Aggregation, MPLS, Routing, policy management, network automation, Quality of Service, Deep Packet Inspection, and both Edge and Branch Architectures. He’s also been an instrumental cog on several Cisco products including the Lightstream 1010, Catalyst 8500, Catalyst 5500, Catalyst 6500, Cisco 7200, 7500, 7300, 7400, 10000, BPM and currently the Integrated Services Routers and ISR Generation 2. In general, he’s an all-around geek that’s afraid of commitment.
In his free time Matt enjoys sleeping with the fishes, literally. He’s an avid scuba diver and can frequently be found at the bottom of the local watering holes.
We always love to catch up with the SolarWinds team. Fun, smart, great tools and software…nice combination. We never get enough time to talk to their head geek, Josh Stephens, but man alive…get him and Jimmy Ray talking ’bout anything geeky and it is a tsunami of great geek wisdom.
Segment 4: Three Must Have Tools
Guest: Joe Clarke
If you only work with three tools – you can’t go wrong embracing Embedded Packet Capture, Menu Manager and Syslog Manager. Innovative applications of real world problem solving anchor this critical segment.
Bio for Joe:
“According to some on the Network Management TAC team, Joe Clarke is 12. So apparently, he was born, then came to work for Cisco. In reality, Joe joined Cisco after graduating from the University of Miami (GO CANES!) with a degree in Computer Science. He works on fixing and extending network management tools and protocols at Cisco including CiscoWorks, SNMP, IP SLA, EEM, ESM, EMM, and Tcl. For fun, Joe enjoys working on FreeBSD (man, he’s a geek). He’s a member of the FreeBSD ports management team as well as the FreeBSD GNOME team. And because Mac OS X borrowed the FreeBSD userland, you can even search for his name in Mac OS X to find his birthday (hint: give gifts of cash).
Joe makes his home in North Carolina with his girlfriend Naomi and his corgi Logan.”
Segment 5: Embedded Security. Mitigating the Downside
Guest: Tracy Jiang
Embedded devices and automated actions may make life easier for the network manager but they are also favored targets for the malicious individual as well. What are the warnings, tips and tricks you need to know so all these tools can be used safely.
Embedded Security – Mitigating the Downside
1. The Yen-Ying of networking. Good for me even better for a hacker.
2. Embedded devices of all types and brands are wide open to security breaches – why?
- Not monitored
- Ignored and unknown by staff
- Attacks not understood. Stuff like:
- Reverse Cross Channel Scripting
- File grepping via URLs
- XSS and CSRF still biggies even here
3. Cisco’s answer to securing embedded management:
- EEM policy registration by default requires super user privilege
- EEM tcl policy digital signature support protects the integrity of the policy and prevent unauthorized policy from being registered
- EEM user policy operate in Tcl-safe mode which disables access to critical system resources, such as protected directories
- EEM policy max-run parameter limits the policy execution time to protect the system from a programming error
- EEM Tcl byte code support offers source code obfuscation, better IP protection
- CLI command controlled by AAA authorization, provided added control on what can be executed
Segment 6: Routing with IPSLA
Guest: David Lin
Expertise: Commercial Systems, CiscoBeyond, Embedded Automation, IP, EASy, Routing Protocols, SAF, IP Multicast, EEM, IOU, Tcl Scripting, GOLDLabs Certified Instructor
Network monitoring, software deployment, and testing and verification for large, globally distributed networks require expensive network management right? Maybe not.
Embedded Automated Systems (EASy)
HA and Mobility
Problem: Railroad needed High Availability monitoring for their massive network
Solution: High Availability for Mobile Networks
Bio for David:
“David Lin is a Technical Marketing Engineer working in the Network Software & Systems Technology Group at Cisco. He has been with Cisco for 10 years and during that time has worked as a Technical Lead in the Routing Protocols group supporting customers in the San Jose TAC, served as a CCIE bootcamp proctor and Cisco GOLDLabs certified instructor, and contributed and developed a set of powerful, easy-to-use, automated diagnostic scripts for Commercial Systems through the use of Embedded Event Manager that have been downloaded and enjoyed by thousands of Cisco’s valued customers and partners on Cisco.com/go/ioscommercial. David is a founding member of the EASy tiger team and has worked closely with a number
of Fortune 500 companies to develop many of the customized solutions available today on Cisco.com/go/easy.
David holds a CCIE in R&S and has more than 15 years experience in networking along with a BS in Mechanical Engineering from UCLA. Prior to joining Cisco, David worked as a network engineer at EarthLink Networks, a nationwide ISP, where he first developed his love of internetworking and commitment to customer service. During his free time, David enjoys playing the drums and watching NOVA ScienceNow on PBS.“
Segment 7: DHCP pool usage via SNMP made EASY
Guest: Joe Clarke
As will happen in trying to capture lengthy command line demonstrations that will ultimately play in an itty bitty window….they get hard to see. Joe offered up this commentary to assist with what was being illustrated:
When I first bring up the terminal with the SNMP output, I note that the
two objects of interest are:
The DhcpPoolSize is 254, and that won’t typically change as that is the
static size of our pool. However, the DhcpLeases object will change as
clients lease and release addresses. When we first see the object, the
value of DhcpLeases is 1:
Then, Robb plugs in the laptop, and we see the value changes to 2:
Then, I release the address on Matt’s laptop, and the value changes back
We can see that as the CLI value for active DHCP leases changes so, too
does our custom SNMP object.
Segment 8: The Final Word
Robb and Jimmy Ray say their goodbyes from CiscoLive and leave you with a few parting words of wisdom for moving forward.
Cisco Press Book Shoutout:
“TCL Scripting for Cisco IOS” by Ray Blair, Arvind Durai, John Lautmann
Great book for many many skills we reviewed in this show. I don’t know how he has the time but Joe Clarke was involved in this publication as one of the two technical editors of the book.
The book _is designed to be a good desk reference for Tcl in IOS. It has some great examples on how to do simple automation up to building your own web server. The book goes over the Tcl programming language, the Embedded Syslog Manager, EEM, and the Embedded Menu Manager. It’s a great resource for anyone getting started with Tcl, Tcl in IOS, or just needs something to which they can refer as they craft their IOS applications.
From the description:
You’ll learn easy techniques for creating, using, and modifying Tcl scripts that run directly on Cisco network devices from the Cisco IOS command line. The authors first teach basic Tcl commands and concepts for capturing and manipulating data and for querying or controlling Cisco equipment. Building on these core skills, they show you how to write scripts that automate and streamline many common IOS configuration, monitoring, and problem-solving tasks.
The authors walk through the entire script development process, including planning and flowcharting what you want to accomplish, formatting your code, adding comments, and troubleshooting script errors. They also present many downloadable sample scripts, along with practical guidance for adapting them to your own environment.
Did you really read this far? Wow. Prove it. Drop us a note in the comments here ….did you pick up on Jimmy Ray’s shirt this time? What was this reference to Aunt Sally?
Be sure and connect up with us on our facebook fan page: facebook.com/techwise. Ton’s of ‘behind the scenes pics/videos and conversations brewing…
We create or take part in a lot of other content if you are interested beyond the main show -- you can keep up with us on our YouTube page or you can also subscribe to the podcast channel (opens iTunes).
Jimmy Ray’s Blog on Network World is a MUST READ “Networking Geek to Geek”