Cisco Blogs


Cisco Blog > Cisco Interaction Network

Master Cisco Network Devices

August 18, 2010
at 12:00 pm PST

UR Watching

Welcome to the shownotes for our CiscoLive show code named -- How to become a ‘Network Whisperer’.   This must be one of our most hands on, value-packed shows in quite awhile.  It was fun to make as I hope you will see throughout the show and the engineering talent was off the charts.   If you have not actually seen the show yet… please check out the trailer and then click on over to register and watch!
One of the problems with network management software is that it is not flexible enough and certainly not as portable as engineers need it to be. But truthfully, that is also the problem with IOS features as well. While, IOS gives us a ton of features, engineers always find the one feature, that one bump that a network device needs to solve a problem. In the past, this has been accomplished with external scripting but that has its limits. How about using the actual network devices themselves as your platform.  As you will soon see, this native access opens a world of opportunity and flexibility that you would never attempt otherwise. 
In this show we are looking at the emergence of the embedded network experience and how to make your network not only borderless, but limitless as well.
I have a question however and I need your input.

This show represented a very hands on capability with many many examples of how you, as a user of our products, can tweak and modify these device to fit your particular need. It was a surprise to me that Cisco stands alone in doing this.  In other words, its a lot of work to expose this type of access to customers and this whole show represents incredible benefits for users of these products.  The more open you make something, the more potential for issues it would seem so why did Cisco do this? 

I circled back around on this subject with Jimmy Ray as one of our final discussion points in the show (past the one hour mark….about 1:05).  I will be the first to admit I may not have worded the question very clearly, but some have interpreted the discussion that followed as being a negative to Cisco.  Watch this part closely as the show ends, what do you think?  Was this a poor way to end the show?  Did the uniqueness of what Cisco did here get lost? 

 

 

This show represented a very hands on capability with many many examples of how you, as a user of our products, can tweak and modify these device to fit your particular need. It was a surprise to me that Cisco stands alone in doing this.  In other words, its a lot of work (for a manufacturer) to safely expose this type of access to customers.  Its just not normal.  Think about it -- the more open you make something, the more potential for issues it would seem to generate so the question becomes, why did Cisco do this?   The obvious answer is because we can and customers find it useful. 

JimmyRay Joyful

I circled back around on this subject with Jimmy Ray as one of our final discussion points in the show (past the one hour mark….about 1:05).  I will be the first to admit I may not have worded the question very clearly, but some have interpreted the discussion that followed as being a negative to Cisco.  Watch this part closely as the show ends, what do you think?  Was this a poor way to end the show?  Did the uniqueness of what Cisco did here get lost? 

This show had a higher number of segments so we moved real quickly here…we also engaged in a lot of hijinks
Segment 1: Fundamentals of Embedded Management
Segment 2: Creating a Custom Interface for IOS
Segment 3: Simplify License Installation on your ISR
Segment 4: Three Must Have Tools
Segment 5: Embedded Security. Mitigating the Downside
Segment 6: Routing with IPSLA
Segment 7: DHCP pool usage via SNMP made EASY
Segment 8: The Final Word
Looking for a few quick links for more info?


Segment 1: Fundamentals of Embedded Management

The ability to interact with your networking device in a very direct and fundamental way can make a big difference in the control and ease in which you operate. 
Guest: Tracy Jiang, Product Manager
Like the rest of us…I don’t know how Tracy finds time to do what she does and know what she knows -- her grasp of this area was huge in making this show a success -- a little from her bio: 
“Tracy Jiang joined Cisco in early 2001 and currently works as a product manager in the Network Software and System Technology Group. Her major responsibilities include driving the technology strategy for embedded management, network automation and programmability. She also leads the video monitoring solution for the enterprise video system initiative. Tracy holds a B.S. in Computer Science from Peking University, China, a M.S. in Computer Science from University of North Carolina in Chapel Hill, and a MBA from Hass School of Business in UC Berkeley. Tracy is married with a three year old daughter who consumes all her spare time which would otherwise be spent on her hobbies such as singing and playing tennis. ”
TechWiseTV73 - Tracy Jiang talks Fundamentals
Embedded Automation Technologies
Demand For
Network Automation
Embedded Automation

Segment 2: Creating a Custom Interface for IOS

My kids would always repeat back to me ‘You get what you get and you don’t throw a fit.’  This was apparently a common mantra used in their pre-school to eliminate the inevitable whining we somehow learn to suppress (some of us better than others) as we grow older. Bruno Klauser pulled a couple of cool tricks out of his hat showing us some flexibility that says you can make this easier for yourself and others with a relative ease…

TWTV73 - Master Cisco Network

Links from Bruno:

Twitter

A little bio on Bruno:

Bruno Klauser works at Cisco as a Consulting Engineer for Network Management and OSS in the European Pervasive Technologies Team and for the Innovation Consulting Engineering Team, based out of Zurich, Switzerland. Within this field he’s focussing on the adoption of autonomic concepts and Network Automation based on Device Manageability Instrumentation (DMI) and Embedded Automation Systems (EASy). Bruno’s secondary focus is on Operations of MPLS Core and MPLS-based services. Key Deliverables include white paper and book chapter contributions, proof of concept demonstrations, transfer of information seminars and supporting development and architectural groups within Cisco and the industry. Bruno is a member of the IEEE and co-organizer of workshops related to his focus areas. Prior to joining Cisco in 2000, Bruno has worked as Software Engineer, Software Architect and Project Manager in SP network management projects and network management software development teams. He holds a diploma in Software Engineering from University of Applied Sciences Brugg/Windisch, Switzerland as well as a Master of Advanced Studies diploma in Human Computer Interaction Design. Bruno is married and father of a boy born in 2001 and a girl born in 2004.

 


More to come!

 


Segment 3: Simplify License Installation on your ISR

Good old, FOT (Friend of TechWiseTV), Matt Lambert, he has been on the show a number of times…I think we are in line for a Telly Award with the ISRG2 Launch show we first did with Matt. This show is a MUST SEE…

But back to this show…  

The Problem? Telecom providers were having licensing activation issues with the ISR G2 due to the incredibly broad geography and number of devices. 

Matt Lambert

We joke that Matt may actually be ‘the brother from another Mother’ he and Jimmy Ray get along so well. 

Matt’s bio:

Matt Lambert has been an indentured servant of Cisco Systems since starting as a college intern in 1996.  His major qualification continues to be an unnatural ability to rack-mount large routers unassisted.  Since those humble beginnings as a poverty-stricken college student, Matt has gone on to work as a poverty-stricken Technical Marketing Engineer specializing in a wide range of technologies over the past decade including: ATM & Ethernet Switching, Broadband Aggregation, MPLS, Routing, policy management, network automation, Quality of Service, Deep Packet Inspection, and both Edge and Branch Architectures.  He’s also been an instrumental cog on several Cisco products including the Lightstream 1010, Catalyst 8500, Catalyst 5500, Catalyst 6500, Cisco 7200, 7500, 7300, 7400, 10000, BPM and currently the Integrated Services Routers and ISR Generation 2.  In general, he’s an all-around geek that’s afraid of commitment.
 
In his free time Matt enjoys sleeping with the fishes, literally.  He’s an avid scuba diver and can frequently be found at the bottom of the local watering holes.

 


We always love to catch up with the SolarWinds team. Fun, smart, great tools and software…nice combination. We never get enough time to talk to their head geek, Josh Stephens, but man alive…get him and Jimmy Ray talking ’bout anything geeky and it is a tsunami of great geek wisdom.

SolarWinds

 


Segment 4: Three Must Have Tools

Guest: Joe Clarke

Joe Clarke

If you only work with three tools – you can’t go wrong embracing Embedded Packet Capture, Menu Manager and Syslog Manager. Innovative applications of real world problem solving anchor this critical segment.

Three Must Have Tools
1.     Embedded Packet Capture
2.     Embedded Menu Manager
3.     Embedded Syslog Manager

Bio for Joe:

“According to some on the Network Management TAC team, Joe Clarke is 12.  So apparently, he was born, then came to work for Cisco.  In reality, Joe joined Cisco after graduating from the University of Miami (GO CANES!) with a degree in Computer Science.  He works on fixing and extending network management tools and protocols at Cisco including CiscoWorks, SNMP, IP SLA, EEM, ESM, EMM, and Tcl.  For fun, Joe enjoys working on FreeBSD (man, he’s a geek).  He’s a member of the FreeBSD ports management team as well as the FreeBSD GNOME team.  And because Mac OS X borrowed the FreeBSD userland, you can even search for his name in Mac OS X to find his birthday (hint: give gifts of cash).

Joe makes his home in North Carolina with his girlfriend Naomi and his corgi Logan.”

 


Segment 5: Embedded Security. Mitigating the Downside

Guest: Tracy Jiang

Tracy Jiang

Embedded devices and automated actions may make life easier for the network manager but they are also favored targets for the malicious individual as well.  What are the warnings, tips and tricks you need to know so all these tools can be used safely.

Embedded Security – Mitigating the Downside
1.     The Yen-Ying of networking. Good for me even better for a hacker.

2.     Embedded devices of all types and brands are wide open to security breaches – why?

  • Not monitored
  • Ignored and unknown by staff
  • Attacks not understood. Stuff like:
  • Reverse Cross Channel Scripting
  • File grepping via URLs
  • XSS and CSRF still biggies even here

3.     Cisco’s answer to securing embedded management:

  • EEM policy registration by default requires super user privilege
  • EEM tcl policy digital signature support protects the integrity of the policy and prevent unauthorized policy from being registered
  • EEM user policy operate in Tcl-safe mode which disables access to critical system resources, such as protected directories
  • EEM policy max-run parameter limits the policy execution time to protect the system from a programming error
  • EEM Tcl byte code support offers source code obfuscation, better IP protection
  • CLI command controlled by AAA authorization, provided added control on what can be executed

 


 

Talkative Fan

 


 

Segment 6: Routing with IPSLA

Guest: David Lin
Expertise: Commercial Systems, CiscoBeyond, Embedded Automation, IP, EASy, Routing Protocols, SAF, IP Multicast, EEM, IOU, Tcl Scripting, GOLDLabs Certified Instructor

David Lin

Network monitoring, software deployment, and testing and verification for large, globally distributed networks require expensive network management right? Maybe not.
Embedded Automated Systems (EASy)
HA and Mobility
Problem: Railroad needed High Availability monitoring for their massive network
Solution: High Availability for Mobile Networks

Bio for David:

“David Lin is a Technical Marketing Engineer working in the Network Software & Systems Technology Group at Cisco. He has been with Cisco for 10 years and during that time has worked as a Technical Lead in the Routing Protocols group supporting customers in the San Jose TAC, served as a CCIE bootcamp proctor and Cisco GOLDLabs certified instructor, and contributed and developed a set of powerful, easy-to-use, automated diagnostic scripts for Commercial Systems through the use of Embedded Event Manager that have been downloaded and enjoyed by thousands of Cisco’s valued customers and partners on Cisco.com/go/ioscommercial.  David is a founding member of the EASy tiger team and has worked closely with a number
of Fortune 500 companies to develop many of the customized solutions available today on Cisco.com/go/easy.

David holds a CCIE in R&S and has more than 15 years experience in networking along with a BS in Mechanical Engineering from UCLA.  Prior to joining Cisco, David worked as a network engineer at EarthLink Networks, a nationwide ISP, where he first developed his love of internetworking and commitment to customer service.   During his free time, David enjoys playing the drums and watching NOVA ScienceNow on PBS.“

 


Segment 7: DHCP pool usage via SNMP made EASY

Guest: Joe Clarke

Joe Clarke

As will happen in trying to capture lengthy command line demonstrations that will ultimately play in an itty bitty window….they get hard to see.  Joe offered up this commentary to assist with what was being illustrated:

When I first bring up the terminal with the SNMP output, I note that the
two objects of interest are:

DISMAN-EXPRESSION-MIB::expValueInteger32Val.”EASy”.”DhcpLeases”.0.0.0
DISMAN-EXPRESSION-MIB::expValueInteger32Val.”EASy”.”DhcpPoolSize”.0.0.0

The DhcpPoolSize is 254, and that won’t typically change as that is the
static size of our pool.  However, the DhcpLeases object will change as
clients lease and release addresses.  When we first see the object, the
value of DhcpLeases is 1:

DISMAN-EXPRESSION-MIB::expValueInteger32Val.”EASy”.”DhcpLeases”.0.0.0 =
INTEGER: 1

Then, Robb plugs in the laptop, and we see the value changes to 2:

DISMAN-EXPRESSION-MIB::expValueInteger32Val.”EASy”.”DhcpLeases”.0.0.0 =
INTEGER: 2

Then, I release the address on Matt’s laptop, and the value changes back
to 1:

DISMAN-EXPRESSION-MIB::expValueInteger32Val.”EASy”.”DhcpLeases”.0.0.0 =
INTEGER: 1

We can see that as the CLI value for active DHCP leases changes so, too
does our custom SNMP object.

 


Segment 8: The Final Word

The Final Word

Robb and Jimmy Ray say their goodbyes from CiscoLive and leave you with a few parting words of wisdom for moving forward.

Cisco Press Book Shoutout:
“TCL Scripting for Cisco IOS” by Ray Blair, Arvind Durai, John Lautmann

Great book for many many skills we reviewed in this show. I don’t know how he has the time but Joe Clarke was involved in this publication as one of the two technical editors of the book.

Joe’s endorsement:
The book _is designed to be a good desk reference for Tcl in IOS.  It has some great examples on how to do simple automation up to building your own web server.  The book goes over the Tcl programming language, the Embedded Syslog Manager, EEM, and the Embedded Menu Manager.  It’s a great resource for anyone getting started with Tcl, Tcl in IOS, or just needs something to which they can refer as they craft their IOS applications.

From the description:
You’ll learn easy techniques for creating, using, and modifying Tcl scripts that run directly on Cisco network devices from the Cisco IOS command line. The authors first teach basic Tcl commands and concepts for capturing and manipulating data and for querying or controlling Cisco equipment. Building on these core skills, they show you how to write scripts that automate and streamline many common IOS configuration, monitoring, and problem-solving tasks.
 
The authors walk through the entire script development process, including planning and flowcharting what you want to accomplish, formatting your code, adding comments, and troubleshooting script errors. They also present many downloadable sample scripts, along with practical guidance for adapting them to your own environment.



Did you really read this far?  Wow.  Prove it. Drop us a note in the comments here ….did you pick up on Jimmy Ray’s shirt this time?  What was this reference to Aunt Sally? 

 

Be sure and connect up with us on our facebook fan page: facebook.com/techwise. Ton’s of ‘behind the scenes pics/videos and conversations brewing…

We create or take part in a lot of other content if you are interested beyond the main show -- you can keep up with us on our YouTube page or you can also subscribe to the podcast channel (opens iTunes).

Our show twitter account is at twitter.com/ciscoCIN but you can also follow Robb, Jimmy RayTina Shakour, (Collabroation) Jennifer Geisler (Borderless) and Omar Sultan (Data Center)

Jimmy Ray’s Blog on Network World is a MUST READ “Networking Geek to Geek” 

The Dream...

We are done!


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

10 Comments.


  1. Ohhhh! Please correct that ‘Your Watching TechWise TV’ in the first image!!!!!!!!!!!!!!

       0 likes

  2. Much better. Sorry for being a bug. Now I can read this great post! :)

       0 likes

  3. To contact the Embedded Automation Systems (EASy) team for questions on this broadcast, ideas or engagement, email us at:ask-easy@cisco.com.Betty

       0 likes

  4. Thanks, muuch better! Sorry to be a bug. Now I can read the post! :-)

       0 likes

  5. This was an excellent presentation and very well put together. Thanks for this wealth of information Robb and Jimmy Ray! Great summary write up on this page Robb as well as the posted links.

       0 likes

  6. Robb Boyd

    Thank you Ryan!

       0 likes

  7. Hey great show. Really interested in the TCL, so much so, just ordered the book. Can’t wait to get stuck in.

       0 likes

  8. That makes sense to me but does this?

    The beatings will continue until morale improves. :)

       0 likes

  9. Hi Guys,

    How about a training session about setting up a Cisco ASA 5505 using Windows Small Business Server 2008? Something simple using the ASDM 8.3 interface program would benefit all newcomers to Cisco ASA features.

    Just food for thought.

    Thanks,
    Dennis P.

       0 likes

  10. Hi, just wandered by. I have a Miami 4g site. Amazing the amount of information on the web. Looking for something else, but good site. Have a great day.

       0 likes