Archives For Steve Rossen

Nick Weaver explains the VCE model: http://nickapedia.com/2011/01/22/the-vce-model-yes-it-is-different/ I like the of VCE. If I was building out a new data center you can bet one of my first calls would be about Vblocks.

Bruno van de Werve (CCIE R&S program manager) posts a video at https://learningnetwork.cisco.com/thread/22306 Worth watching if you are worried about what you might see on the lab. If you are worried stop it. Does not matter what terminal program, what diagram or what size monitor you have if you know what you are dong. Hope this video puts you at ease a little bit more.

That is all I have worth posting. Been slacking too much on the blog so baby stepping back into it.

A Picture Worth Sharing

17 January 2011 — 1 Comment

I took this picture when we went to the Computer History Museum in Mountain View, CA and just had to share it.

Terry and Ivan

This is Terry Slattery and Ivan Pepenljak looking at an old CIsco AGS that both of them are very familiar with. I would guess a model very similar that both had on their CCIE labs. It was funny as they where pointing out what cards this one had what they linked and did not like about that model. Quite entertaining discussion from two guys who have been there and done that.

F5′s iHealth

16 January 2011 — Leave a comment

Back in October at a F5 user group meeting I first heard about F5′s new user tool to aid in supporting BigIP devices. It is designed to be a proactive tool that users can use to resolve issues themselves or identify issues before they become a problem. Lets go through the process of checking this tool out. As with most vendors they have a command that generates everything someone from support would want to see. F5 is no exception, what they have is called a QKView. To generate one login into the GUI of a BigIP device and go to System > Support and this is page that generates a new one. Simply click start with QKview boxed checked (no need for TCPDump in this case) and a few minutes later you have your freshly generated support file. If you have an old one already generated it will instead be prompting you to download it. When the new one is done download it and head on over to iHealth.f5.com. Since this is a support tool you will need a valid support contract to access this site. Once you login you will be presented with a simple screen to upload the new QKview file. Go ahead and upload your file.

screen-capture-1.png

After time you will have a number of files listed on the front page. You also notice you can enter F5 case numbers and internal help desk ticket numbers for better tracking of what was going on with that QKview.

screen-capture-2.png

As you can see I have files going back to October. Not sure if they have a space limit but so far this is a great archive of your support files so bonus there. Now select the report you want to view and it takes you to a main info page. This is a summary of pretty much everything you would like to know at a glance. At the top it tells you how many issues it has found and classifies them into high, medium and informational. You also can see if a upgrade is recommended or not. The rest of the page is filled with general info such a hardware info, number of servers, nodes, etc configured, the current software running and the license status.

Overview

Continue Reading…

If you worked for any amount of time supporting networks you most likely have had to tell someone the network is fine immediately after they told you it was down. In fact this has been said some much that Solarwinds even included the phrase on a number of their marketing materials. But how many times have you verified this the case before telling the user definitely? You should. I was on the reverse end of a quick dismissal recently and it got me thinking. Here is the story

A few weeks ago I decided to signup to get the Groupon emails and something odd happened. I got a different email then mine on the confirmation page. So I tried it again and it was mine. Hit refresh and it changed to someone else’s email. Repeated that a few times with different browsers and sure enough I was able grab a number of different email addresses. So I mention this on Twitter but did not give any details. Just said they where leaking emails. I then go open up a helpdesk ticket with them. A few minutes later I get a response from one of Groupon’s social media people saying that “this is definitely not true” but she did not know the details.

groupon.JPG

 

She just assumed it was not problem. But in fact it was very true, can even watch the video that someone else made after hearing about it from me. I did email her directly and explained in detail how to get the email addresses. (That was hours before that blog posted the video.) She must have reproduced it because she quickly changed are tune and while would not admit the problem said she forwarded it to her technical staff.

While that was going on I exchanged several emails back and forth on the original helpdesk ticket I opened up. And guess what? They denied that they where having a problem. Said a few weeks ago they had a problem with a 3rd party email that went out. That of course had nothing to do with it. He then sent me two more emails denying that anything was wrong and became very condescending. Since I had better things to do I told him how felt which was next time someone submits a problem liking mine next time he may want to ask how to reproduce the issue before denying it because it really makes him look lazy.

Well a few hours later julie_mo emailed and said it was fixed. I went to the site and tested it and sure enough it was. I was actually impressed a major website like Groupon could get a flaw in their website fixed so fast. However I was not impressed at how long it took for them to even ask how to reproduce the problem and how they denied it without even testing.

Now back to our jobs on the network side of things. When a user comes and says that the network is down what are you going to do? Sometimes the network is down. Usually it is not but it is always worth checking as not every outage will show up with your monitoring tools. Check out the problem from the users perspectivem they will appreciate it and without users you have no need for the network.

Juniper Networks

On day 2 we started the day off with a visit to Juniper’s Sunnyvale HQ. The day was organized by Abner at Juniper and he lined up some great speakers for us. We had three good presentations but I am only going talk on two of them. The 3rd was a good discussion with Dogu Arin and I may have a post down the road as a result of that talk on MAC-VPN. But now on to today’s post.

Junos

First up was Mike Bushong who is the Product Manager Core OS, which is of course Junos. This was a great session. Mike busted out the white board and asked what we wanted to know then started going to town.

IMG_1290.jpg

One of the first things Mike pointed out is that he does not like to do is a feature by feature comparison to Cisco’s IOS. The reason for this is today one of them may have a feature the other does not have but it will in 12-18 months most likely. When most of these boxes have a 5-7 year lifecycle so why buy for just a year or so of advantage? What he did focus on is what make Junos fundamentally better then traditional IOS.

Going into this meeting I had always felt Junos was a better thought OS then tradition IOS, leaving this meeting was I had a better understanding why. We all have heard that Junos is modular and tradition IOS is not. (I course keep saying traditional because the newer versions of IOS such as XR, XE, NX-OS and some 6500 versions are modular now.) This gives you a more stable product over all because processes are separated. For example, a crashed netflow process will not take down OSPF. This comes from them targeting the carrier space in the beginning and as the product line has grown they kept that focus on a highly reliable OS. Mike also talked about the separation of the control plane and forwarding plane. This again is a positive that all of us seemed to agree on. We also got very geeky on how the OS interacts with the CPU’s. Juniper has used custom silicone from day one but the OS is written so they could at anytime switch CPU’s. This is great to know as a customer. To me this means if they have to change hardware radically they can do that quickly and I won’t have to start over looking for new vendor halfway though a enterprise wide switch refresh.

Mike then talked about something has a been staple of Juniper marketing, the one OS for all devices concept. This of course does not mean one binary as each hardware will have specific needs resulting in separate binaries per platform. However this does lead to differences per platform. Clearly a SOHO firewall has no need for the code to configure an OC-192 module. I understand that different hardware has different software needs but if your going to preach one OS and have differences per platform that to me is not much different then the fact a Cisco 7600 runs a different IOS then the 1800. Clearly they are very different router you will configure them differently. Where one OS is an advantage is when going from a router to a firewall the config. On a Cisco 2800 vs an ASA the config is night and day different. However on a Juniper MX 960 vs SRX 240 it is not that different and it is easy to transition from one to the other. That is where the real advantage is to me. Most of is the group where not that sold on how great of a benefit one OS. Most of us feel that different devices have different purposes so they have different configs but maybe that is just the long term Cisco users in us. Overall the one OS is good idea and am glad Juniper is doing it, I just don’t see the benefit is a big as marketing tells us it is.

Data Center Switches

Switches are a fairly recent addition to the Juniper portfolio as result many people are still not very familiar with this product line. As a result Dave Hawley was there to explain the EX line of switch to us in detail. What Juniper recommending for data centers is top of rack EX4200’s (or 4500 if you need 10Gb) and in most cases uplinked to a MX router. This interesting for a couple of reasons, the first being the routed layer in the data center. The trend is going to all layer 2 in your DC thanks to VMware mainly. They do of course have designs showing the EX8200 as core but clearly MX was preferred. The second is those are the same switches that you would also deploy in the access layer to the users. These are of course powerful access layer switches which all run at wirespeed for the same cost as other vendors oversubscribed switches that makes them also work well in the data center.

IMG_1295.jpg

One of the features Juniper introduced with the EX switches is the Virtual Chassis idea. Now Juniper will tell you this is not stacking but pretty much all of the delegates agree this is stacking, just a different way to do it. I think it is better the Cisco StackWise method but still stacking which brings new concerns when you’re deploying them. I personally have had very little issue with stacking but when it goes wrong it really goes bad. However a number of benefits exists when running the switches in this config. Easy management is one. Since 10 4200’s can be grouped into a virtual chassis that is a lot of ports all managed from a single IP. No more having to guess switch the connection on, you know it will be on that virtual chassis. The next is a larger layer 2 network spread across a wider area. These switches can be stacked using dedicated cables up to 5m or using the 10Gb uplink ports for a distance of 70km. With that config you can essentially have switch that spans two data centers. That is a great benefit for those that need that but it is a double edged sword so make sure you have a good plan if you’re going to go down that road. Within a single data center the 5m option allows for placement several racks apart. This also gets rid of the tradition tree design in the data center which makes server-to-server traffic faster and failovers faster too. I like what Juniper is doing in trying to replicate a chassis with 1RU switches but I still would like to see a few improvements. The main one being ISSU upgrades or least a staged one member at a time upgrade. Overall I think Juniper has a done a good job with the EX switches and I am excited to see what is coming next from them.

Summary

I really like what Juniper has to offer with Junos being the core of that offering. It is a great OS and despite what I think marketing may over inflate as a benefit the one OS is a really good benefit to have on your side. Juniper is also really big on making customers and potential customers are knowledgeable on their products. They have number of free eLearning courses online, they offer a fast track program for certification and have a series of high quality free Day One books to help you get started with Juniper. This makes the transition from your current routers and switches to Juniper that much easier. We have a number of old Cisco 3550’s to replace and Juniper is high the list to replace them. I suggest you reach out to Juniper and learn more about them, they are very willing to help get you the info you need.

Disclosure: As a reminder this was part of Tech Field Day and the sponsors, which Juniper was one, did pay for all of the delegates flights, meals and hotels. However nothing was required or expected in return for this trip on my part. In addition Juniper gave us a 2gb flash drive and some of us got a Juniper book, I got Network Mergers and Migrations: Junos Design and Implementations.