Cisco Blogs


Cisco Blog > Cisco Interaction Network

TechWiseTV Episode 131 Network Game Changer

I gotta be honest here. I not a big fan of many of our marketing programs here at Cisco. Well, really it’s the launch vehicles that I think are too flowery and silly to be honest. I’m sure analyst clap their hands with glee.  

I like that aggressive attack style of marketing that challenges competitors and makes huge claims that we have to back up. Stuff like; “Yeah, we invented routing. Ours is the best, suck it Juniper” or even; “Oh you built a switch out of off the shelf Broadcom chips HP?…cool story bro. When you’re ready for actual innovation call your Cisco rep and ask about the 6800-X” I love that stuff man…make the claims and let the engineers fight it out like a MMA match. Last one standing gets the RFP.

When we were approached about the next marketing launch; “Game Changer” I actually laughed out loud. What game are we changing here? Yet another type of ACL’s or adding another VPN technology? Yeah..ummm…Woot.  Look, I get the drill; we have to release new stuff to keep the product line fresh. It’s the story of manufacturing. That’s why some car years are meh and others are incredible. Like 1957, 1963, 1969, 1973, etc…those cars changed the game. The gap in time is due to engineering hours to development and prototyping. It takes a very very long time to build anything from CAD to green board product.

Read More »

My Top 5 Networking Pet Peeves

I was sitting in a small tapas café in Barcelona with Robb and his wife enjoying a plate of Jamon Iberico. It’s amazing ham served with tomato bread and it is the best ham I have ever ate in my life.  Oh man, one slice in your mouth and your taste buds sing like David Lee Roth on Ice Cream Man. We cannot get it in the United States like that. It was illegal in the U.S. for a while then they started selling it, but it’s not even close to the same, don’t waste your money. OK either way, I’m getting off track here, it’s awesome, and plenty of yums were heard.

As we were sitting there, I popped my knuckles. I’ve been doing it since grade school. So now, I just do it without thinking about it kinda like breathing. Robb’s wife leaned over to me and in a kind and delicate Texas accent said; “if you pop your knuckles one more time I’m gonna jab this fork right in your skull…bless your heart…”  Understand too, she had been eating dinners with us for about a week now listening to me blabber on about OSPF timers, ASIC floor planning and how much power the Death Star would need to actually blow up a planet. Robb is used to it. He’s had seven years of Jimmy Ray practicum training, but his poor wife…man, respect to someone that has that much control to last a whole week.

We all have pet peeves that we either hate or do that other folks hate. Of course not you dear reader, your perfect, keep reading. Like any engineer, my pet peeves are indexed, cross referenced and compartmentalized. I have them for fishing, scuba diving, racing and of course…networking. Here are five things that really make me say; “Oh Dude…come on man!”

Peeve 00x01: Setting long TTL’s and/or long XLATE timeouts. Network Geeks are like the digital equivalents of Jack Lelanne (including the blue jumpsuit) they all want to reduce something. For us, it’s network traffic. Setting long TTL’s will work…but if you make a fat finger error typing something… it may take hours before you know it.  Plus, many social sites that are pulling content from other sources are sitting their TTLs in the seconds range. Don’t do it. Resist the dark side because troubleshooting this is a real pain.

Peeve 00x02: Using the HOSTS or LMHOSTS to get around something; “real quick”. Back in the day, when Microsoft network used WINS (they still do and yes you need to config it), these files saved a tons of time especially in the earlier Outlook Express days and it’s much faster.  MS networks resolve names in the following order LMHOSTS, Local Cached Info, HOSTS file, DNS then NetBIOS. (you can change that behavior in the SYSTEM.INI file). Sounds good right? Ahhhhh….NO. All networks now are very DNS centric although the name resolve order is still the same. So if ya make a change in the HOSTS file, then later on run into an “odd DNS error” you know one that makes ya say…Hmmmm…never saw that before…that’s odd…chances are it’s a HOSTS file. Too many hours of troubleshooting cutting into our XBOX 360 time have been lost here.

Peeve 00x03: Lack of Documentation. Nobody likes it. Ok I can feel myself getting mad typing this one….It seems like a waste of time especially as busy and dynamically changing as our jobs are. Without documenting and/or commenting scripts/configs you are not only putting the network at a massive risk, you are absolutely guaranteeing that you’ll be called in on your day off or vacation. Basically, you’re a friggen whanker. When I’m at a Star Trek convention dressed up as a Klingon showing off my totally groovy Bat’leth moves, it’s a total buzz kill to take a call on legacy firewall rules that I didn’t either clean up or document. Comment configs, write down changes, type it in a doc. Store it in a central place for IT teammates. Do not make it long and detailed or you’ll stop doing it. Time (24 hour clock), Date, Exact Change, System name, Your name. This quick and simple procedure will save tons of time and really make you the network rock star! If you don’t take the time to document, when you pass away, your eternal punishment will be following someone driving slow in the fast lane, riding shotgun with an old man talking to his grandkids on a cell with bad reception in a Prius with Justin Beber playing on the radio non stop. 

Peeve 00x04: Using non routable User Principal Names.  Ah remember when Family Guy was still funny and domain.local was just fine? Then along came this friggen cloud thingy and messed everything up. Many network admins have tested cloud technologies and turned them away due to slowness, SSO not working, log on failures and other “weird errors” Then here comes the bashing! “Cloud Networking sucks worst the Star Trek NG episodes with Barclay in them” Look folks, Barclay does suck for sure, cloud networking can really make our life A TON easier! If you are still using non routable UPNs, you’ll have a ton of cloud issues. It’ ain’t gonna work! Flipping over to a routable one is really easy and hey, since it’s TechWiseTV, I’m here to help! (Otherwise I charge by the hour…) Chances are most users are using their email (SMTP) namespace then just:

-          AD DomainsTrustsright click PROPERTIES then add Alternative UPN. Add your domain you actual own and use for email.

-          Now you can use my cool script thang:

Import-Module ActiveDirectory

 Get-ADUser -Filter * -SearchBase ‘DC=domain,DC=local’ | ForEach-Object ($_.SamAccountName) {

 $CompleteUPN = $_.SamAccountName + “@domain.com”

 Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN

 }

I just used this a couple weeks ago at a site having probs with Office365 in a test lab. Worked great!!

Peeve 00x05: Not verifying backups. This is the last one because it’s the biggest one on the list. If you forget everything else, please, I beg you, test your backups at least once every two weeks. I do not mean the verify process that runs at the end of a cycle. Your logs should tell you successful backups for sure. Test them. Pull the media from a few random servers and restore one in your lab. Make sure your team knows exactly how to do this.  Learning this during a system failure will destroy your cred with the check signers. DOCUMENT THE TEST!!! (that’ll save your tail in a post mortem analysis). Like our favorite sports teams, our networks will fail. Sometimes for a good reason and other times…you’re gonna be like…ummm…what?  No doubt about it. Practice it like a fire drill because in many ways it is. I have seen many good IT folks shown the door because of data loss. Data protection is the absolute easiest thing to get money from bean counters on. Nobody wants to be the no vote on that line item. If so DOCUMENT IT! My Dad always taught me; “Never go cheap on what comes between you and the Earth” Buy the best shoes, socks, tires and mattress. I’d add backup solutions to that list also.  Buy the best and know it inside and out.

Well looks like TechWiseTV is going back to Barcelona for VMWorld. Now where did I put that helmet??

Jimmy Ray Purser

Trivia File Transfer Protocol

The name; “Fido” is linked to dogs because of their loyalty.   Fido comes from the Latin root word “fidus” meaning loyalty. 

VOIP Upgrading…Doesn’t suck as I bad as I thought…

I used to not like the TV show; The Office. I could appear more cultured and say something like, “Oh the US version was not as good as the British version…” but who I’m I kidding! I grow up in a trailer park in the beautiful hills of Tennessee. So truthfully, I thought they both blew. That is…until I started working for a Micheal Scott-like manager…then I got it big time! I ordered the blue ray boxed set to serve as an in-service training video. (I don’t work for that goober anymore…maybe the Futhark rune I purchased online actually worked! Plus it wasn’t at Cisco…every Manager here is super mega awesome and works for; “The Greater Good…The Greater Good”…”

Major upgrades of anything just flat out friggen major league suck. I’m not talking patches or minor mod maintenance updates…while those can be a pain, they are critical to keeping our network stable and secure. No I’m talking about those UPGRADES that add more features and change functionality. Those suck and will always suck. We are adding a larger more complex code base on older hardware. There’s gonna be problems, end of story.

I learned this in my dumb years (insert your joke here) by putting a 427 Chevy motor in a Camaro built for a 350 was not a good idea. While it, “worked” it put too much stress on the supporting parts and stuff like shocks, coil spring, tie rods, drive shift, cooling system…etc. Then one day driving home late at night the tie rods said; “Dude…I just can’t take any more…” I would have heard that but with .38 Special jamming thru my Craig 8-track with Audiovox Tri-axial speakers then filtering thru plush and lush mullet of glory, I just felt the car spin out of control when a mail box, parked F150 with no tail gate, a gun rack and hood antlers then finally a fence introduced themselves to my insurance agent, that looked nothing like Flo.

In the end, an upgrade is really only as good as the support for behind it. I’m not gonna say; “Wow! I agree! Cisco Voice Team, you convinced me! Everyone upgrade to 9.1!!” That would be a fake and phony as an infomercial for spray on hair for baldness.  Here’s the thing, the fact that the Cisco Voice folks went back and took a serious look at their internal processes then owned up to the fact that they were cumbersome, complex and just flat out prohibitive on customers takes a lot of moxie in my opinion.

For example, actually funding Level III engineers to be on standby and bypassing normal TAC processes exclusively for 9.1 upgrades: Awesome! On the licensing team they switched from an automated process to a manual process. Now that sounds backwards right? Here’s the thing though, licensing is so important and can be a real pain in the butt, they want to ensure folks get the right license and don’t over buy or under buy, heck we all got kids in college. Very cool!!! The Voice team really planned for this so much, that other than going on site and doing the upgrade for you physically, I honestly do not know what more they could do to help make this as seamless as possible. This is like Cray Research level support on a XC30. White glove daddy-o!

Now to be honest I was not too pleased with the video story. Adding more hardware is not a good thing to solve a problem to me, so I’m gonna dig my heels in a little bit. Mo’ hardware…Mo’ problems… After thinking about it, I like it and here’s why. It plays into my design philosophy of NOT being tied to a vendor. I know I work for Cisco and honestly we make some good stuff for “The Greater Good” (anyone else pumped to see Pegg-Frost team up again for World’s End?).  I’m an Engineer first and foremost. I recommend the best solutions per customer need. If we added some “video tunneling” feature thingy to an ASA then we would lock customers into a firewall position (or having to upgrade a firewall ALSO to take advantage of the 9.1 upgrade…) AND add more workload on an already busy bottleneck in the network. Having two Expressway products gives the Network Engineer more design options, the customer more flexibility and balances the load out to be more localized to specialized hardware. It also avoids involving the security team to manage video sessions, stats and troubleshooting. Hey security teams are great but speaking as a Sec-Team member, we can be like dealing with a group of Lawyers over a bill. Avoid if possible.

My hat’s off to the Voice folks. They really should be proud of their planning and processes they have accomplished. They really did a fantastic job getting ready to get the world to upgrade their CUCM’s to 9.1. Trust me; I do not endorse products lightly. I know that one day; I could be the engineer out supporting that product. Based on everything I tested, witnessed and the commitments from this team, I would absolutely recommend that CUCM folks take advantage of these resources and strongly consider an upgrade if it fits in your planning and budget.

Although, Laura’s goal about making me a “Voice Dude”…yeah that didn’t happen. One thing that did happen was I really developed a huge amount of respect for this team. Check out the TechWiseTV episode 132; “Unified Communications; I’m I Missing Something?” To see some good stuff on CUCM 9.1. Gotta run folks, Robb is calling my event in Flonggerton….

Jimmy Ray Purser

Trivia File Transfer Protocol

Jen Taylor, who has voiced Princess Peach and Toad in several Mario games is also Halo’s female lead, Cortana.

Working Around IT Departments

Since you’re reading this chances are that you are either in IT, wanna be in IT or you think this is some motivation “You Can Do It!” kinda post. Weird starting a blog out about telling folks how to work around our incredibility well thought out information technology policies. This is certainly not a Eric Snowden type of outing but really more of how we as the IT Crowd have to work with other IT departments that, hey let’s face it man; are just not as good as us right?! Can I get a witness up in here!!!

We’ve all made silly IT policies that at the time really seemed like a great idea…you know like password types so complicated that they had to be wrote down?? Heck at my first crack at LAN Administration way back in the Johnson Administration, I required; Unknown letter combo, numbers, mixed case, special character, map to hidden Amber Room and you best possible guess to the Riemann Hypothesis. Oh it was secure for sure…of course it was over a proprietary protocol network type called ScaNET…so that was a resume generating event.

Anyway…

How many times as an IT geek do you just get fire ant angry when a company blocks PINGs!!??! Or turning off rights inheritance; heck I’m still seeing a therapist over that event. Well, that and troubleshooting a system trust issue with over 10K user accounts…thru NAT…internal NAT!!…Yeah I know right!! oh the horror!!! Eli Roth’s next movie…

Here’s a few tricks I’ve picked up along the way to help…solve problems…

Workaround 00x01: No PING!!! Turning off antivirus and violating RFC’s 792 and 4443 should be punished by having to play the video game Desert Bus until you get high score. When I need to test a connection with ICMP blocked, I just use HPing3  http://wiki.hping.org/ It’s small  lightweight (wrote in TCL) and works great! For example;

techwisetvNIX#hping3 –S <target IP address> -p80 –c 4

This will send SYN packets (-S flag)  to port 80 (-p80 flag) four time (-c flag) instead of ICMP to test connections or even run a speed test to determine bandwidth. HPing3 has a TON of options. I use it to test firewalls too…but I’ll save that for another blog…

Workaround 00x02: “We disabled robots so hackers can’t GoogleDork us!” Aw! That’s so cute! However, if you’ve been around networking awhile you know the answer to all questions is not 42 but; “it depends” Certainly GoogleDorking is fun and an OK way to scare the crap out of analyst who think an IP address is where they go to the bathroom. Practically speaking, when I need that kinda vuln info; I’mheadin’ on over to Shodan.  http://www.shodanhq.com/  and letting my fingers do the walking. It’s a search engine that searches on metadata about machines. So the idea isn’t to search about content that’s available on the Internet like GoogleDorking can be.  For example; let say I’m looking for a vuln in IOS 15.1, well, I just type ‘er in the search bar and KA-ZOW! Global results! SHODAN uses a variety of techniques to actually determine the version. These may be through SNMP, fingerprinting, SSH, telnet, etc… But either way, it returns what it found as far as devices that are running that version of code. Very cool tool…and oh by the way…there’s a Shodan iPhone app for the; “geek on the go” I use as another tool for security auditing to tell folks to update  your code goobers…especially the SCADA folks… Why do I need to us this? It’s another great way to find info and see our network as the world sees it, other then thru Google lens… Honorable mention: Duck Duck Go.

Workaround 00x03: Internet access is filtered! There could be many reasons IT departments block access to certain sites. It could be security issues, it could be State/Government issues, maybe someone doesn’t like you looking at cats walking in socks wearing trucker hats. Heck man, I have no idea. I do know this, when I was in the United States Navy before we pulled into a port, the Skipper would tell everyone were not to go and places to avoid. Those were the first places we hit! It served as a tour map for some rockin’ great stories later on!  Folks are gonna find a way…

TOR (The Onion Router https://www.torproject.org/)  Is the true Magsaysay Blvd of the Internet. Tor is basically an anonymizer. Many apps will over over TOR too. Rule of thumb, if it runs on TCP it’ll work.  TOR bounces your communications around a distributed network of relays run by volunteers all around the world. This multi-branch routing prevents folks from snooping your Internet activity. Why would you want to do that? Well, if you’re traveling or a citizen of a country and you have get out info in a crisis but are being blocked; TOR is your exit.  I’ve been to 36 different countries and tested in all countries and it worked great! Oh it’s slow for sure. But if you came from; “Pshhhkkkkkkrrrrkakingkakingkakingtshchchchchchchchcch*ding*ding*ding” welcome to flashback city home slice.

As side note…man alive TOR can be the Terentatek of the Internet. Be careful messing ‘round with .onion URL extensions in this universe.

What did I miss? Share some of your IT workarounds with the TechWise Guyz community here. Hey it’s kinda like hitting a virtual off limits bar online! Kick back crank up some Daft Punk and twist the top off your fav hack! PROST!!!

Jimmy Ray Purser

Trivia File Transfer Protocol

The phone keys One and Zero do not have numbers because they are “flag” numbers and kept for special uses like emergencies or operator services.

 

VOIP….meh….

I really do not why I don’t care much for Voice Over IP. It’s certainly technical. Heck man, if you’re stuck on QoS, go ask a voice geek. Resellers are begging for more voice engineers, so it’s a great career path. You can really do some very cool things with it that your end users just will love you for. Heck, if there’s a more visible direct impact to a business other than voice, I’d like to know what it is.

But still; when funding comes thru for a voice show I’m always thinking…”meh”… Which is funny because without a doubt our best and most award winning shows have been on voice! You’d think I’d love it right? Hey ya what? when was younger growing up in the hills of Tennessee (hereby referred to as God’s One True Love from henceforth) my first experience with hacking was on our telephone system with rapid hook switch tapping to become a tandem or punching thru busy signals was a real hoot. Of course the Capt’n introduced us to blue boxing and a splendid time was guaranteed for all…

Next week is a TechWiseTV taping week for us. Right now, this show has two things going against it; first off, it’s a voice show and second (and most important) it’s also an upgrade show. Yep folks, that’s right a push to get you to upgrade your CUCM.

Now look, we all have bills to pay so there always some level of butt kissing and boot licking that has to go on any show. Video is expensive. For me, I never ever ever promote ANYTHING on TechWiseTV that I would not be happy to stand by or even support in the future. I’m grateful TechWiseTV can do that. We turn down shows because we just do not believe it’s the best for the network.  Like my Grandmother taught me all those years ago…”If ya ain’t got nuthin’ nice to say, then shut the friggen crap up goober…” Ah she was quite the wordsmith for sure.

I don’t know about y’all, but I am not a big upgrade person at all. Upgrading sucks worst then a going camping with your mother in law on Indy 500 race weekend and forgetting the beer. From and engineering view point; why fix something that isn’t broke? Upgrading means my hardware is going to be slower (if it’s compatible), my licensing is going to be really messed up, tech support is going to be worthless, major downtime, oh yeah…and this is voice? Namely Cisco voice, wholly friggen shnikasourus rex man! You need a PhD in  CUCM licensing to figure that one out, plus my dial plan, migrating my DB…and you know what…that camping trip is looking better all the time now….

Robb and I designed this show to have the voice team prove us that we need to upgrade. To be honest, they better bring their “A” game. ‘Cause I ain’t buying it yet. TechWiseTV is unscripted and we do not see the content that our guests bring on the show beforehand. We like to keep it real and spontaneous. We just ask that slides have minimal words, no marketing or vision statement crap, any quote from any analysis puts you in Aldrich Ames status and removed from the set and have the slides in 16x9 format. 

I’m bringing all of these doubts onto the set on Tuesday morning to see if they can address them. It’s still early, so if there is something you want to make sure we cover, toss in your comments before 16Jul13 and we’ll cover ‘um…then tune it see…upgrade or not?? In the meantime, anyone got a tent I can borrow?

Jimmy Ray Purser

Trivia File Transfer Protocol

A pound of feathers weighs more than a pound of gold. This is because feathers are measured in avoirdupois weight which is 16 ounces per pound and gold is weighed in troy weight which is 12 ounces per pound.

  

Tags: , , , , , ,