Networking Podcasts

I have a long commute and I like to make good use of this time. I used to listen to a lot of audiobooks (Audible.com was great!), but now I listen mostly to podcasts. Here are some podcasts I recommend:

Packet Pushers LogoPacket Pushers

 “The Packet Pushers Podcast is an audio program published multiple times per month covering the data networking industry. Co-hosts Greg Ferro and Ethan Banks are professional network architects and writers with many years of network engineering and design experience in a variety of industries, as well as being Cisco Certified Internetwork Experts.”

This is a highly technical podcast. I listen to the “Fat Pipe” feed, which is all their podcasts. If that’s too much content for you, there’s several feeds that you can use to limit the content. There’s a great back catalog of episodes here. Really good stuff!

iTunes LinkRSS Link

Wireless LAN Weekly LogoWireless LAN Weekly

“A weekly audio podcast designed to educate, inform, entertain, and inspire Wireless LAN Professionals. Those folks dedicated to the craft of designing, installing, configuring, maintaining, securing, troubleshooting and managing Wireless Networks.”

This is another podcast that has a great back catalog. If you are into wireless, you might want to listen to the whole back catalog. You’ll learn a lot! You might also want to check out the videos recorded at the WLAN Pros Summit.

iTunes LinkRSS Link

No Strings Attached Show LogoNo Strings Attached

Another WLAN focussed podcast. They do a combination of news/discussion episodes and sponsored episodes covering new equipment and software from leading vendors.

iTunes LinkRSS Link

Cisco TAC Security Podcast LogoCisco TAC Security Podcast

“The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.”

iTunes LinkRSS Link

Cisco Champion LogoCisco Champions Radio

“#CiscoChampion Radio is a podcast series by Cisco Champions as technologists and I.T. professionals, hosted by Cisco’s Amy Lewis (@CommsNinja).”

This podcast covers a variety of Cisco-centric networking topics.

iTunes LinkRSS Link

Class-C Block LogoThe Class-C Block

“The Class-C Block is a show dedicated to all things networking and nerdy. It is the most awesomest place – it is where you want to be. It is the brain child of Matthew Stone and CJ Infantino. The show discusses a variety of networking topics, and occasionally drifts into other nerdy topics.”

iTunes LinkRSS Link

Other IT Podcasts
These podcasts are not necessarily networking related, but they are IT related.

AdaptingIT Logo AdaptingIT

“The idea for this podcast came about when Mike Laverick, Jane Rimmer, and Lauren Malhoit, were discussing how to encourage more women to get involved in the technical community.  This podcast is not necessarily about women in tech, but rather women talking about tech.”

I often don’t listen to the entire show, but I normally listen to at least the beginning and end. Often the middle talks about areas that I either don’t grok or don’t have much interest in.

iTunes Link - RSS Link

Geek Whisperers Logo Geek Whisperers

“The Geek Whisperers came to be in 2013 based on one too many good conversations we could no longer keep private. Focused on Social Media and Community for Enterprise, our home base is High Tech, but we all look far beyond our field and current communities for inspiration.”

This podcast is more about social media and marketing-ish topics. I find it valuable (it’s full of unicorns and bacon), but it might be a bit too inside baseball for those not active in social media.

iTunes LinkRSS Link

FIN

Networking Vendor Heartbleed Security Notices

In case you’ve been under a rock, there’s a new security vulnerability in town that impacts OpenSSL, which is the defacto standard implementation for SSL/TLS support. It’s called Heartbleed and it impacts anything using OpenSSL 1.0.1 – 1.0.1f or the 1.0.2 beta (though nothing really should be using the beta).

This is a list of networking vendor notices or statements I have found regarding the vulnerability of their products to Heartbleed. I was originally going to put this into a tweet, but it got too long really quick…

Aerohive Networks: Aerohive not vulnerable to Heartbleed

APC: They say nothing is vulnerable. Their KB defies links to it. Search for document “FA228282″ at APC Support.

Aruba Networks: OpenSSL 1.0.1 library (Heartbleed) vulnerability

Bluecoat: OpenSSL heartbeat information disclosure (CVE-2014-0160)

Cisco: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Citrix: Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability

F5: SOL15159: OpenSSL vulnerability CVE-2014-0160

HP: HP Networking Communication: OpenSSL HeartBleed Vulnerability

Juniper: 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL “Heartbleed” issue (CVE-2014-0160)

Meraki: OPENSSL AND THE HEARTBLEED VULNERABILITY

VMware: Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: “Heartbleed” (2076225)

Hope this helps you out!

[Edits: 4/11 - Added Bluecoat, Corrected Meraki link]

FIN

No More VLANs Jumping on the Trunk

ThinkGeek Cable MonkeyNo more VLANs jumping on the trunk. That’s what I wanted. Instead, I got all the VLANs and a nice supervisor debilitating loop in the process… From my after action report: “the issue was a configuration error that caused the CPU to peg at 99%, which caused a variety of issues.”

Due to a legacy design that we have been working to retire, we have a layer 2 Ethernet WAN that can’t run STP. Yep, it’s a loop waiting to happen.

We were migrating sites to a new WAN. The circuits come in over a trunk with each site getting a VLAN tag. I was moving the last site from an interface. The procedure I wrote had the VLAN being removed from the interface with “switchport trunk allowed vlan remove ###”. Worked great until we hit the last VLAN on the trunk. When the last VLAN is removed from an interface, you might expect no VLANs to be allowed. If that’s what you expected, you are wrong. When you remove the last VLAN with “switchport trunk allowed vlan”, the port reverts to allowing ALL VLANs.

Unfortunately, since all VLANs were suddenly available on that port, it allowed a bridging loop to be created through the sites that were still connected to both the old and new WANs. This caused a variety of different bits of havoc that resulted in connectivity issues. Yeah, something of an understatement.

So, here’s some lessons I took from this:

  • Dual connected sites should have their legacy WAN ports shut down once they are stable. (This shouldn’t be a problem in a proper L3 design, but is important with our broken L2 design.)
  • Designs that prevent you from using STP to prevent loops need to be fixed sooner rather than later.
  • Entering explicit commands is better than implicit. In this case, “switchport trunk allowed vlan none” would have been better than “switchport trunk allowed vlan remove <last vlan>” and assuming the result will be what you expect.
  • Don’t make assumptions on how a device will behave. Lab it and know.
  • Always verify that changes had the desired effect. Had I verified the interface was configured as expected, the problem would have been discovered immediately and had little or no impact.

FIN

2014 Cisco Live Bag

Cisco Live 2014 Bag
It’s getting close to Cisco Live and this year’s bag has been revealed. This is the official photo from Cisco and a couple of spy photos that I’ve been able to obtain from a source close to the project.

Joking aside, it looks like it might be a bit smaller than the recent bags and is one of the convertible messenger/backpack styles. I’m looking forward to getting mine and seeing if it’s going to replace my bag from 2013. which hasn’t quite made it through the last year unscathed…

Cisco Live 2014 Bag Spy PhotoCisco Live 2014 Inside

VMware VCA (x3) and SolarWinds SCP

One week last December, I picked up four certifications. It’s not as impressive as it may initially sound. The certifications were the three VMware Certified Associate certifications (that were available at the time) and the other was the SolarWinds Certified Professional.

VMware Certified Associate

VCA DCV LogoLast year VMware (re-)introduced a new entry level certification called the VMware Certified Associate. There are three flavors of this certification available and one planned. The current specializations are Data Center Virtualization (DCV), Workforce Mobility (WM, apparently the new name for desktop virtualization), and Cloud. The planned certification is Network Virtualization (NV), which will cover VMware NSX.

Now, you may be wondering how this new cert fits into the hierarchy of VMware certifications. This is the best description I’ve seen:

At least as far as the VCA goes, I’d say this is accurate. These certifications do not test your technical hands on skills with the products, but it does test if you understand what components are available and what they do at a high level. For example, do you understand the difference between VMware Fault Tolerance and VMware High Availability? Do you know anything about what VMware Horizon View does, beyond “it does VDI?” Can you describe what the vCloud Connector does?

Unlike the VCP certification, there is no requirement to take a class to achieve this certification. However, VMware does provide free online training for these certs. The courses are about 3 hours long and are exactly what you need to know to pass the exams. I didn’t have to pay a lot of attention for the DCV course, but I did find it useful for filling in some gaps. The WM and Cloud exams did require more attention to be paid to them, since I didn’t have any experience with either. By the way, if you are playing CloudCred, you can also pick up a bunch of points while you study by completing tasks for the VCA badge.

The exams are delivered as online tests through Pearson Vue. You will need to create a new profile for VMware at http://www.pearsonvue.com/vmware/ and then you will need to get each exam authorized through https://mylearn.vmware.com/portals/certification/. If you’ve taken any other Cisco or VMware exams, the web interface should be familiar and it’s like taking any other exam, except you can do it anywhere and there is no proctor.

That said, I’m not sure how valuable these certifications really are. They may be useful for those involved in sales, or maybe for those who are just getting started. I don’t expect to see employers looking for engineers with these certifications. They just don’t say anything about someone’s technical prowess. So, you might wonder why I took them? I took them because VMware was offering a promotion to take the exam at no charge to promote the certification. Currently these exams are $120 each.

SolarWinds Certified Professional

SCP LogoThe Solarwinds Certified Professional (SCP) is a certification that I had considered for a while. While I was working on the VCA exams, I looked into the SCP and decided to register for the exam. I was pleasantly surprised to find that Solarwinds is working to integrate the certification into their thwack community site, but while they are working to integrate it, they are allowing the exam to be taken for free. Another free cert! (As far as I know, it is still free as of this writing.) This is exam is also delivered online and is not a proctored exam.

Solarwinds also provides some study materials in the form of a study guide and some videos. If you have experience with network monitoring, this exam shouldn’t be a problem, especially since I believe you get three attempts. The exam is mostly about network monitoring, so you should expect questions about ping, SNMP, OIDs, and topics along those lines. The exam isn’t focussed on Solarwinds products, but it does expect you to know something of Solarwinds Orion.

I started to read the study guide, but quickly realized that maybe I should just take the exam, which I did, and I passed on the first attempt. The only thing that I found surprising was that some of the questions were pretty dated. For example, asking questions related to Windows Server 2003. There were a few questions that I didn’t care for their wording, but overall, I thought the exam content was fair. It doesn’t have an emphasis on Solarwinds products and seems to have a pretty reasonable coverage of network monitoring topics.

I would say that this exam is worthwhile for the cost, and if you are experienced, should be a breeze. If you aren’t experienced, then studying for it will give you some useful knowledge.

FIN

Solarwinds, HTTPS, and FQDN

When you first configure a Solarwinds Orion-based server the default website it configures is on port 80 only. You might want to go into IIS and add server bindings for port 443. I prefer to ensure all traffic is encrypted and disable remote access to port 80, but that is subject to your local policy. Don’t disable port 80 completely because sometimes you need to access it from the server console.

Adding HTTPS Support

To add HTTPS support, open IIS Manager on your Solarwinds host, right click on the SolarWinds site and select Edit Bindings.

Edit Bindings

To add HTTPS support, right click on the SolarWinds site in IIS Manager and select Edit Bindings…

Now click the Add… button. Change the type dropdown to https, make sure your port changes to 443, and select the appropriate SSL certificate for your server. I usually use the certificate that the machine already has from Active Directory, but your needs may vary. SSL certificate details are outside the scope of this article. :)

Adding an https binding

Choose add, select https from the type dropdown, and select the approriate SSL certificate.

Click OK and you should now have https available.

I Like FQDN, I Cannot Lie

Something that bugs me about Solarwinds is that out of the box it only uses the hostname for the URL. This isn’t the hostname configured in IIS (which normally doesn’t matter, since most Solarwinds installations won’t be using virtual hosts) but it is the hostname used internally for notifications. If you add the URL to a notification, it’ll only include the hostname. Something like this:

From: solarwinds@example.com
To: admin@example.com
Subject: router.example.com rebooted at 3/18/2014 6:43 AM

Lastboot: Tuesday, March 18, 2014 6:38 AM
Device:   Catalyst 37xx Stack
IOS:      15.0(1)SE3, RELEASE SOFTWARE (fc1)
Image:  C3750E-UNIVERSALK9-MAcknowledge: http://solarwinds:80/Orion/Netperfmon/AckAlert.aspx

Note the URL at the end there with “solarwinds” as the hostname. Now, that might be acceptable if you are in your office. However, that can cause problems for VPN users and for people who it just plain bugs when they don’t see an FQDN. Fortunately, we can correct this URL problem pretty easily. This is also important if you want to use https, because it allows you to change the URL used in notifications to a secure one.

Change to FQDN

WARNING! Beware that you are editing the database live. You should know what you are doing here and be careful. If you break stuff, it’s not my fault. You have been warned.

To change this behavior you need to launch Database Manager and switch to the Websites table. To edit the fields, you’ll need to click Enable table editing. Now you can change the ServerName field to the FQDN. You also need to set the Port to “443″ and SSLEnabled to “1″ if you want the system to create proper https URLs. Here’s what mine looks like:

Solarwinds Database Manager

My opinion of a properly configured Solarwinds installation.

 

Enjoy your secure FQDN URLs in your notifications!

FIN