Looking forward to Networking Field Day

nfd-logo-400x400There’s nothing quite like a Field Day event and I have the privilege of being invited to Networking Field Day on Nov 17th and 18th. At Field Day events, you have the opportunity to hear deep in the weeds technical content from several presenting companies. We can have conversations about how their technology really works and how it works in our environments. While it’s great to be there, they are also very useful to attend virtually through the live stream and Twitter. Twitter is great because you can send the delegates your questions and they can ask the presenters right then! If you can’t watch live, it’s all recorded and posted to YouTube for later perusal. Even if I attend an event, I often end up watching the YouTube videos to help make sure my blog posts are accurate.
This week is a unique one in that two Field Day events are taking place back to back! Tech Field Day 12 is running on the 15th and 16th, so there’s an opportunity to really take in a lot of content! Enough about Field Day in general, let’s look at what’s coming up at Networking Field Day, November 2016 edition!

apstra
Apstra is all about network automation. I’ve heard some high level talk about them, but haven’t looked into them before. Their website says they are intent-driven vendor-neutral data center network automation. I’ll be interested to hear if they are going to move beyond the data center. I like the concept of the intent-driven network, which is telling the network what you want to accomplish and letting it figure out how to configure it instead of you having to specify all the details. This kind of automation is good and should make networks more reliable, so I’m looking forward to learning more about their solution.

solarwinds
I’m a big fan of Solarwinds products. They usually work well and do 80-90% of what vendor and other big name management products do for a fraction of the price. Most of the time that’s still more features than you actually will use in a given deployment. Reasonably priced and easy to use, Solarwinds is my go-to for network management. It’s always great to hear what they’ve been up to and see what new features they have in store.

forward-networks
This is exciting! From their website: “Forward Networks is bringing the best ideas in Computer Science to networking. Our mission is to dramatically improve networking for companies of all sizes.” Doesn’t tell us much, but it sounds like they are working on ways to make network configurations testable and to detect misconfigurations. I’m certain that’s a gross oversimplification, but they are exiting stealth mode and telling everyone what they have up their sleeve at Networking Field Day! Be sure to catch this, it should be interesting. [Update] They exited stealth mode on Nov 14, so their website has more information now. Read about it here.

velocloud
Who doesn’t want a good SD-WAN solution? I think I first heard about VeloCloud on Packet Pushers episode 257. There’s an ever growing number of SD-WAN vendors and solutions out there and the claims are so similar, it’s hard to differentiate between them. It’ll be great to deep dive into this one!

ixia
Ixia has one of my favorite ad graphics:
mostly-watertight
I’m OK with Mostly Networks, but not so much with the mostly watertight. :) Ixia makes a number of tools for network testing, security, and visibility. I’m not sure what they’ll be talking about; perhaps a bit of everything. I’m familiar with Ixia by name and am aware mostly of their very well regarding network testing equipment, however I really don’t know much more about them or their products. I’m eager to learn more about them.

viptela
More SD-WAN! I’m eager to see their presentation and I’m pretty sure Packet Pushers episode 223 introduced me to Viptela, as well. SD-WAN is the future of WAN connections, so the more you know about the solutions available the better. Knowing is half the battle!

nec-networking
I presume NEC will be talking about SDN and OpenFlow. I’ll be honest, this isn’t an area I’ve been paying much of attention to. OpenFlow just hasn’t really been on my radar for a while. Time to up my game, get reacquainted with OpenFlow, and find out what NEC is doing with it. I’m sure this one will be educational.

There’s your quick overview of the presenters for Networking Field Day 13. Be sure to tune in live on November 17th and 18th for Networking Field Day and on the 15th and 16th if virtualization, containers, and the like up your alley. All the live streams will be playing at http://techfieldday.com/. Participate by watching the stream and submitting your questions via Twitter using the hashtag #NFD13. You can ask your questions ahead of time, too, especially if you can’t watch live. The delegates will try to make sure your question is asked. It’s going to be a great week for Field Day content!

FIN

Fixing macOS Sierra/OpenSSH 7.x Compatibility

aaa cliI’ve seen this question come up several times from users of macOS Sierra who use SSH after upgrading. It usually goes something like, “Has anyone seen this since upgrading to Sierra?”

Unable to negotiate with 192.0.2.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Another issue you might come across is your public key ceasing to work. If you connect with the verbose option (ssh -v hostname), you might catch a bit like this in the output:

Skipping ssh-dss key /Users/scottm/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes

These aren’t a Sierra issue per-se, but is more specifically related to the upgrade from OpenSSH 6.9 in El Capitan to OpenSSH 7.2 in Sierra. OpenSSH deprecated a number of methods and algorithms in 7.0. They are still supported, but are disabled by default. For more information, check out OpenSSH: Legacy Options.

That’s all fine and dandy, but what you really want is a solution. You probably have some security appliance, router, or similar that doesn’t support any other methods and you just need it to work. Perhaps like me, you have an older private key that isn’t up to the new requirements, but you still need to use it. The options to fix these issues are KexAlgorithms +diffie-hellman-group1-sha1 and PubkeyAcceptedKeyTypes=+ssh-dss. You can add these at the command line (ssh -o PubkeyAcceptedKeyTypes=+ssh-dss hostname), but that’s kind of a pain.

A more convenient way to use them is to add these options to your ~/.ssh/config file. If you don’t already have this config file, it’s a plain text file you can create with your text editor of choice. At the top of the file, add:

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Now your public key and the key exchange algorithm will work anywhere you connect. Perhaps you’d like a bit more granularity?

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss

# Host specific settings
Host *.net.mydomain.net
 KexAlgorithms +diffie-hellman-group1-sha1
 User username

This allows the public key for all hosts, but only allows the diffie-hellman-group1-sha1 algorithm to be used with hosts matching the wildcard. Additionally, this example shows using a different username than your login on your local machine. There are a lot of options available, but these are the ones I use most. You might also find Compression yes to be useful if you connect to hosts with low bandwidth links.

As an aside, if you are a macOS user using Terminal, I highly recommend checking out iTerm2. It’s far superior to Terminal and has many features to improve the experience of using the shell.

FIN

ArubaOS 8: VMC and AirMatch

As part of Mobility Field Day Live, I had the opportunity to visit Aruba, a Hewlett Packard Enterprise Company at their Executive Briefing Center in Sunnyvale to learn about their newly introduced Mobile First platform. The foundation for the platform is ArubaOS 8, which is a major new release with a long list of new features that will give you flexibility in your deployments.
Let’s start with the Virtual Mobility Controller (VMC). This is a virtual wireless controller that includes feature parity with the hardware controllers. Yes, that really does include the data plane. I’m told that the only real bottleneck is throughput and they are seeing 4-5Gbps on your average VM host, which sounds pretty reasonable. If you need more throughput, you can scale out with more VMCs or you can still go with hardware controllers. The physical controllers have hardware acceleration for the encryption processes, which is why a big controller like a 7240 can push as much as 40Gbps.

The way Aruba has chosen to license the VMC makes scaling with it easy, at least assuming you have the VM hosts around to accommodate them. The Virtual Mobility Controller is licensed by the number of APs managed by the Mobility Master, not the APs managed by individual controllers. You can license the VMC in groups of 50, 250, or 1000 APs, but if you install a VMC in standalone mode you must apply the license directly to the controller and lose the ability to share the licenses. This means that if you have 1000 AP licenses attached to your Mobility Master, you can attach any number of VMCs to the Mobility Master so long as your total AP count does not exceed the license. This gives you the flexibility to add additional controllers when and where you need them. Currently, only VMware is supported, but KVM support will be coming with ArubaOS 8.0.1.

Since I mentioned the Mobility Master, let’s look into that a bit more closely. The Mobility Master is the next generation of the Master Controller. The Mobility Master can be an x86 hardware appliance or a VM. The Mobility Master gives you the ability to move services out of the wireless controller so that these services do not impact network performance. In fact, some services are only available when you have a Mobility Master available. AirMatch is Aruba’s new RF optimization technology aimed at improving spectrum reuse in high density WLANs. Due to the processing power required, you only get it if you are using a Mobility Master. AirMatch looks at groups of 50 APs and use statistics from the last 24 hours to determine the best AP power levels, channel plan, and channel width for the network. This is a much more powerful than ARM. Here’s a quick side by side comparison:

AirMatch and ARM Comparison

So how does this actually work? Every half hour, each AP will measure the RF environment for 5 minutes. During the day, these measurements are collected by the Mobility Master. At 5am every morning, the Mobility Master will churn through the numbers from the last 24 hours to determine the optimal channel plan for all the APs and deploy those changes to the network. There are two exceptions to this. First, when an AP is first detected by the Mobility Master, it will recalculate that APs channel and power settings every 30 minutes for the first eight hours. After that, the new AP is on the same schedule as the rest of the network. The second exception is in the case of a DFS event or significant interference. In either of these cases, the AP can change channels on its own. If you want to see the changes that the Mobility Master is making, you can view some of the details in the AirWave Network Management console.

This really only scratches the surface of what’s happening with the Aruba’s Mobile First Platform launch. Updates to Aruba Central to manage ArubaOS switches, Aruba Clarity for proactive monitoring, ClearPass Extensions that enable third party development, APIs for developers to create detailed analytics and much more. Aruba has released a lot of exciting enhancements that will be the foundation of your networks for years to come.

FIN

Disclosure: As a delegate for MFD Live with Aruba, Aruba indirectly paid for my travel and meals during the event and also compensated me for my time to write this post. This post is still my opinion and only I have editorial control of the contents. This stuff genuinely is exciting! Aruba did request I use their tracking links, which seemed like a reasonable request.

Ventev Keeps Antennas Interesting at #MFD1

In case you missed it, Wireless Field Day is now Mobility Field Day, and day one of the inaugural MFD is complete. I am not a delegate this time, but there’s a great group of delegates with a number of new people who really added to the discussions. The day ended with a great roundtable session that you really should go watch. Check the Mobility Field Day 1 Playlist for that and the other sessions from MFD1. In particular, they have an excellent conversation about RRM, which has been a hot topic as of late. This, however, is not what I wanted to write about.


You probably see Ventev gear all the time and don’t notice it. They don’t make radios, but they do make antennas, mounts, enclosures and other tools and hardware useful in the WLAN space. That may not sound like a very interesting topic, but the 2 hour session flew by because they had so many great ideas to share.

I really like the innovation that stadium deployments are driving. From enclosures that have a slight slant to them so rain will run off, to handrail mounted enclosures and antennas. I particularly like this two AP enclosure. There’s no questioning what’s in that box!

In case you are wondering about the antennas in this confined space, they actually have you mounting the external antennas back to back with a metal backing plate between them. They had data showing sufficient RF separation in their testing, despite them being so close.

Ventev has some great new ideas for antennas designed to serve the places that have always been difficult to cover. They are putting antennas everywhere and making them hard to spot.

They also discussed their in floor antenna system, which is a unique solution designed for areas with raised floors, a nice antenna built into an old work junction box, and a number of mounting systems designed for challenging environments.

It really was a great presentation and I highly recommend watching the video. It’s full of solutions to real problems facing WLAN designers who are trying to figure out how to install more APs into areas that are not designed with that in mind!

The videos are included below so you can see it all for yourself.

FIN

Unofficial #WLPC Twitter Attendee List, PHX2016 Edition

Last year I ran an Unofficial WLPC Twitter Attendee List after Jennifer Huber (@JenniferLucille) wondered if there was a list of Twitter peeps who were attending. Obviously, I’ve decided to do it again this year. Fill out the form at the bottom of this page to be added (easiest for me), but you can also send a tweet to me at @scottm32768. This year I’ve upgraded the list by allowing notes so you can share anything of interest to the attendees. You can share your CWNE status, your podcast, that you work for a vendor, or that you really like pie.

Note: This is for attendees. Sorry, if you aren’t attending I will not add you to the list.

Name Twitter Blog Notes
Keith Parsons @KeithRParsons wlanpros.com Runs the WLPC Conferences!
Scott McDermott @scottm32768 mostlynetworks.com Creator of this list
Scott Stapleton @scottpstapleton phasedcoexistence.blogspot.nl Wi-Fi Smartass
Shaun Bender @Welles Tacos.
Matthew Norwood @matthewnorwood www.insearchoftech.com I come for all the wired sessions.
Luke Jenkins @WiFiLuke www.wifiluke.com
Nate York @dot11Nate dot11nate.blogspot.com
Adrian Granados @adriangranados www.adriangranados.com Maker of WiFi Explorer
Tom Carpenter @carpentertom tomcarpenter.net CWNP.com
Aaron Scott @wifidownunder The one with the best Aussie accent
Brian Smith @elonsmitty Here for the Free Food
Darrell DeRosia @Darrell_DeRosia 2.4 is official dead. Cisco and Apple said so…
Samuel Clements @samuel_clements www.sc-wifi.com The one, the only.
Blake Krone @blakekrone BlakeKrone.com Mr Big Deal Himself
Ryan Adzima @radzima whiskeyandwireless.com Blame Canada
Steve McKim @alfmckim www.greatwhitewifi.com/blog Polite Canadian
Kimberly Graves @KimberlyAGraves Aruba Networks
Jonathan Davis @subnetwork subnetwork.me Equal Opportunity Offender
Jim Comment @JimWifi1 First time at WLPC
David Coleman @@mistermultipath whiffie
Jake Snyder @Jsnyder81 transmitfailure.blogspot.com Peter Griffin impersonator
Trent Cutler @Firemywires
Joshua Williams @802dotMe eight02.me First timer. These are my people.
Mike Leibovitz @MikeLeibovitz Canadian who accepts no blame
Troy Martin @troymart riding the Wi-Fi fad
Nathan Wilder @Wildernets
Brian Long @blong1 blong1wifiblog.blogspot.com/ Let’s do this …
Ronald van Kleunen @Globeron www.youtube.com/wwwgloberoncom Globeron – Wireless Certification Training
Colleen Szymanik @wifi_unicorn Nothing witty to say
Eddie Forero @HeyEddie BadFi.com RRM is dead… along with 2.4GHz and Elvis. (Ok, Elvis is NOT dead…)
Joel Crane @FuelCellWiFi My Twitter handle means nothing.
Glenn Cate @grcate gcatewifi.wordpress.com
Manon Lessard @Mae149 Not always polite Canadian.
Andrew Fly4WiFiGuy vonNagy @revolutionwifi http://www.revolutionwifi.com
Jerry Olla @jolla Meow
Jonathan Finney @wifispy I like turtles
Anders Nilsson @HerrNilsson2 Part of Team Sweden and yes I’m bringing the Moose
Stephen Montgomery @steviewireless hanging with Jack and some smart people
Juan Carlos Luna @jclkanter Mad about wireless
Eddie Klaczko @EddieKlaczko I like warm weather.
Brad Weldon @bradweldon coffee, tacos, chocolate, repeat…
Trent Hurt @Wifiguy502
Martin Ericson @maer1952 Yihaa in cowboy land
Austin Godbey @austingodbey wireless == magic
Chris Young @netmanchris www.kontrolissues.net On behalf of Canada “I’m sorry”.
Robert Eubanks @eubanksrob
John Turner @wifijt “where do I plug this in?”
Ben Montour @BenMontour First time WLPC attendee.
Dan Ryan @Danryan06
John Cosgrove @rtr_man
James Garringer @jamesgarringer Apple
Daniel Dillon @Trilithic
Shaun Neal @sv_neal blog.svneal.com
Simon “Cucumber Tony” Morley @@cucumbertony
Kenneth Fernandes @wifiblogdotcom WiFiBlog.com
Andrew Campbell @wifiandrew www.syranova.com/
Mark Edwards @marke3117 Yes
Jay Botelho @jaybotelho Savvius (OmniPeek)
Van Le @Vansterzzz 1st WLPC
Timothy Otto @mage2 Wireless Noob , security guy
Joeri De Winter @joeri_Skyline

FIN

In Wi-Fi They (Don’t Really) Trust

Sometimes, the biggest problem with the network is its very existence. Anytime something breaks, the fingers start pointing at the network. Database stopped responding? It must be the network. Client can’t access the Internet? Must be the network. Never mind that what the client can’t access is just their home page and everything else is working…

The problem isn’t so much that the network exists, but that it exists and most users, and even most IT pros, don’t understand it. Now we take that complex system that people already have a difficult time understanding and replace the simple Cat5 cable with… Magic? Arthur C. Clarke once wrote that any sufficiently advanced technology is indistinguishable from magic. For many people, wireless is a magical black box. Actually, it’s usually an opaque white box, but that’s beside the point. Things happen in it, but they can’t be seen and they are not easily understood. The explanations for how it works, or more likely why it doesn’t work, generally involve lots of vague hand waving motions and end with either blaming the client or the network, depending on which side you are on.

Now when something breaks and there’s nothing obviously wrong with the device people trust, it’s logical (from their perspective) to blame the thing they don’t understand. It’s known that it needs to be working for them to do what they want, so that must be what’s broken.

You can read the rest of my thoughts on this on the Aruba Airheads Community.

FIN

How hard can it be not to install wires?

There’s a joke, “How hard can it be not to install wires?” (See this Dilbert comic) However, it’s a good question, so let’s think through this a bit.

Let’s say you are deploying a new wireless network. Maybe you had it thrown at you already purchased and delivered. You just get to implement it. What fun! Maybe it’s “just” an upgrade, so can’t you just swap things out?

Things you need to consider: What model are the APs? Do you have enough for coverage? More importantly, what about capacity?

To read the reast of this article, check it out over on the Aruba Airheads Community.

FIN