Featured

We’re Launching our Patreon!

Today we are excited to announce that we are launching our Patreon site! This comes just after hitting 100K downloads, and just prior to our 1st Birthday! Visit https://www.patreon.com/artofneteng to get started!

When we launched this podcast on July 24th 2020 with our first two episodes we had no idea we would be celebrating 100K downloads less than a year later. The community reaction has been amazing. The outpouring of appreciation for our podcast and other content has been positively overwhelming.

After being encouraged by much of our fan base to launch the Patreon we finally decided to do it. So, you might be asking, “What does that mean exactly?”

From the very beginning we made a commitment that we would never produce content behind a pay wall. So, even if you don’t subscribe to our Patreon you will still get every bit of content that we produce. So, now you might be asking “Well then what do I get for subscribing?”

There are 3 Levels of AONE Patreon Supporters. The first is Official Patron and that’s a $3/month donation. At that level you’ll receive a shoutout on the Podcast and know that your funds will go to covering the very minimal operating costs of the Podcast and YouTube channel, and we’ll be putting the rest back into the community.

The next level is our All-Access Pass at $5/month. At this tier you’ll get all the benefits of an Official Patron, plus:
– You’ll get access to live stream as we record our episodes. You’ll get to watch in real time as we are creating new episodes.
– You’ll also get to chat with the co-hosts and guests as we record. There may even be time for Live Q&A sessions with our guests.

The last level is the VIP Patron, at $10/month. In addition to the Official Patron and All-Access pass, as a VIP you’ll also get:
– A 15% discount in our merch store as long as you’re a VIP
– Early access to new content. We’ll make new content available to our VIPs ASAP, before we post it publicly.
– Early access to new merch! We are currently working on new designs and you’ll get early access to them!

Whether you decide to become a Patron or not, please know that all of us at The Art of Network Engineering sincerely appreciate your support of our content! The biggest things you can do to help, that don’t cost you anything, is to listen, subscribe, like, comment and don’t forget to SMASH that bell icon to be notified of all of our future content!

Ep 55 – Change Management

This week we discuss every IT Pro’s most hated, yet most helpful, thing – change management. What is it? Why does it exist? Why is such a pain? But, yet, why is it so helpful to us? We get to the bottom of these answers and more!

Special shoutout to our Patreon members for making this episode extra fun! We had a last minute change in scheduling and the Patreons recommended the topic and were there asking questions a long the way. If you’re interested in being an AONE Patron go to patreon.com/artofneteng.

NEW! Check out our Patreon – https://www.patreon.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Like us on Facebook https://www.facebook.com/artofneteng
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey – https://artofneteng.com/IAATJ

Cumulus in the Cloud Just Got Real

So I was just checking the Cumulus Docs as you do to see if they finished this feature I was really excited about and guess what, it looks to be up! The big thing I’d been waiting for was the ability to build your own topology on their ‘Cumulus in the Cloud‘ platform. This will also be my first post, of which I’m somewhere up to 15, that will be primarily image driven so that I can show the true beauty of the platform.

You’ll have to create an account but accessing and using their platform comes with zero out of pocket, at worst, you may receive an email from time to time. Once you login you’ll wind up on this screen, where you can choose between building a prebuilt simulation or creating your own.

Alright, this is where I was getting a bit excited, my pupils began to dilate and a slight rush of euphoria began to run throughout my body. Let’s click on ‘Create your own’ and check out this awesome UI!

Alright, once you drag and drop your devices and connect them, which is very intuitive I might add, you’ll be able to either save your simulation in a multitude of ways and/or simply start your simulation by clicking the button in the top right. Options you have of each node are host name, OS, Memory, CPUs and hardware model. All hardware model seems to do is map the correct amount of ports to the chosen model. If you wanted to, save this simulation for later use. You’d want to save this as a .dot file. I’m a leave it at default kind of guy when first trying something out.

Once you are all loaded up, you’ll be able to console your devices right from the browser and all of your devices can be nicely tabbed in the same window, as shown below, for pretty gosh darn easy access.

One thing you may want to consider when building a configuration is creating a ZTP file or just know that no configuration will be completed when your simulation comes online. Even devices you have connected in your prebuild beautiful UI will need to be administratively turned on once you are all booted up.

Another cool thing to check out, after you have fun connecting up and running all your little devices is cumulus netq, which is fun to check out from the gui or the command line.

The only thing that I tried to do, but couldn’t get to work on the custom build as opposed to their prebuilt simulations was the ability to enable ssh. I kept getting an error, whereas, when I use the prebuilt configurations I’m able to upload a key and get a IP and port number so that I can connect to my simulation from my laptop instead of using the console through the website like I showed above. Perhaps I have to do a bit more configuration but adding a service isn’t outlined in the docs as of this writing. One other thing I’ll have to further investigate is what the minimum configuration needed to get my nodes connected to the internet like the prebuilt simulations are.

What is cool is that you can, in perpetuity, run your network simulations on someone else’s CPU cycles which I think is pretty darn cool. It lowers the barrier of what you need to build a multi-node simulation. You don’t need your own server, just an internet connection. If time is running out on your current lab you can bring down your configuration and relaunch the same exact simulation. It’s got to be possible to connect to your devices from your local machine and have the devices in your simulation connected to the internet which pretty much means the possibilities are endless.

Ep 54 – eiddoR

This week we talk to CCIE, Technical Solutions Architect, Cisco Press Author, Pilot, and Blogger – Roddie Hasan. Roddie has over 30 years of experience in networking, and today focuses on Cisco Software-Defined Access, among other technologies. We’ll hear how Roddie got into IT and what ultimately influenced him to choose networking. Roddie also shares his experience on obtaining his CCIE and becoming a published Author.

Get the book:
Cisco Software-Defined Access – https://amzn.to/3ydIvRK

You can find Roddie:
Twitter: https://twitter.com/eiddor
Blog: https://ccie.tv/
YouTube: https://www.youtube.com/channel/UCr99uMkkIbWE8LW5PqYd1zw

NEW! Check out our Patreon – https://www.patreon.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Like us on Facebook https://www.facebook.com/artofneteng
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey – https://artofneteng.com/IAATJ

Transcript (Beta)

This is the art of network engineering podcast. In this podcast to sportiness technologies and talented people, we aim to bring you information to expand your skill sets and toolbox and share the stories of fellow network engineers.

We’ve all seen the stories, heard the tales. For years now, local networks have been flirting with packets demanding Internet access. Depletion of IPV for addresses is continuing rapidly. Of course, IPv6 is the ultimate answer. But adoption is slow.

We live in the age of the Internet of things in there were oh, so many. I’m pretty sure you can even connect your toilet directly to the Internet now. I mean, seriously, what the heck? Why would you do that?

Luckily, all these years there has been a service working tirelessly to keep the lights on, bridging that gap until IPv6 saves us all in that gap. Bridger. It’s me. I am that man in this is the R2 network engineering that mad dash.

All right. Thank you, NAT-man. I am AJ Murray @noBlinkyBlinky NAT-man is Tim Bertino @TimBertino. NAT-man, how are you doing?

Not too shabby. Nathman is an extremely low budget film,

but

it is unrated so anything can happen. Hmm.

Can we expect multiple sequels of Nathman like we have other popular. Oh, I hope not rhyme with that. I don’t know, I think I think we need. I don’t want to do that when I’m in or at least other characters that we might find in that

man, that man versus

animal. I’m just dyslexic battle.

Dan, Dan made it home from Vermont. Dan, how are you doing?

Well, I’m I’m a little bit sadder, but I made it home safely. So that’s all that matters, I guess.

I know my wife had to keep checking with me. She’s like, oh, you’re sad. You know, I miss my friend. I miss my buddy. We had so much fun. We did. He got really drunk, too. No, he didn’t.

No, we really didn’t. We have a lot to drink, we think.

We did. Yes, we did. Lots of beer was was consumed.

Andy, how are you? I’m good, A.J..

Not too much to report. I had some ice cream tonight.

Hey, that’s a good night.

I’m mad at you, by the way. Yeah. Because the time I had gone a fairly decent amount of time without without hitting the ice cream bucket and you started talking about it a few weeks ago. You’re welcome. Yeah, I appreciate that.

You can afford it. You look like all of 90 pounds soaking wet.

So have you got it just for you, Andy? Thanks, brother.

All right, guys, we do have a guest this evening, but before we introduce our guests, we’ll get through our normal playlist here. So Andy, can I get a goat scream for the winning? Grabbing out

what? Your battery in the battery area? Hey, look, there it is. Was that yours or mine? It sounds like you

have to ask Andy if you have to ask.

Wait a minute. My goats failing. Hold on.

That’s a failure, reply Cornetto.

Time for Mattocks. Word out. But we learned the

winning this week is Bill Murray. He passed his VCP seven. Oh, congratulations, Bill. Eric Smith passed the security plus exam. OK. This is my favorite win this week. The underscore EOC accepted a position as a network deployment engineer at Red River graduation night.

Did he know who works there?

Yeah.

Yes. He knows who works there. Thank you, Tim. You’re welcome. At your coworker, the underscore EOC.

We need to get him on, by the way. I know a little bit about him and he’s got a great story.

Yeah, I agree. I’m sure we will.

So he started or when does he start?

I believe he starts mid-August. Okay. Acceptance of position. And is working through that process, so we’ll expect to see him here in mid-August. Mick, Manny McMahon and me, if I can pronounce that right, Nicholas passed his definite associate and the MS1.

Are you familiar with the ECMs? No, no. That is engineering Cissoko Meraki Solutions. Oh, OK. So did they change the two parter? There’s part one and part two. And he’s completed part one and moving on to part two.

But more importantly, they passed the definite associate. That’s that’s a big one.

Yeah, that’s nice.

Yeah, we talked through that in the happy hour last week. That was really cool.

Yeah. Now, is that the. I’m not even trying to pronounce it. Ah, say the alphabet there. But is that the see him in a like 2.0?

Sure. So the the CMA is a partner related. I think it’s like partner only like partner and Cisco employee only kind of thing. And then the ECMs is the customer side. So I forget what it used to be called.

There was like a Cisco, there’s this and a which is the partner side. And then there was the C and O, which is the Cisco Meraki network operator.

Okay, Samone, it’s just a course you attend for a day. Yeah, I got you. Right.

Right. Gotcha. Yeah, Mike T got another security plus win, so congratulations, Mike. D.J., Ninja and Z, which I can only imagine stands for New Zealand, accepted their first network focused role at an MSB, of course, in New Zealand.

So congratulations menja awesome hard reset the screen name hard reset. Got their first IT job offer. So congratulations. Hard reset. Yeah, nice. Got some new patriots. The words Get the Patriot. So welcome aboard, Josh. Jordan. Manny and I got to say their last names because they’re both get the same first name and the same last initials.

So welcome. Bill Murray and Bill Maskey, Ethan and Javier, who joined moments ago just before we started recording. So I had to slide that on there. So welcome. Welcome. Thank you, Caitríona. Yes. Thank you very much. Appreciate that.

We really appreciate your support. Andy, can I get another goat screen?

I’ll try.

There we go. Got him warmed up.

Don’t stop. Be quiet. Your goat. Yeah. Once you get my good started, Ajja. Oh, boy. What kind of podcast is this? I don’t know.

My editing this one. This is going to be a yeah. Slice and dice. This one. Yep. OK. Very excited for our guests this evening. They are a Cissoko press author and sieci, i.e. 74 72. Everybody, please welcome Arati to the show.

Thank you so much for joining us.

Thanks for having me.

Everybody really appreciate you taking the time to be with us this evening.

Appreciate it. Thank you.

So, Randi, what do you do?

It’s in my bio.

So I that’s nice. Yeah, I’m a

technical solutions architect at Cisco Systems. Been there for 13 years, 13.

Wow. All right. Yeah.

So what does the day to day look like

of a of a TSA? So I’m at the

the worldwide level focused on DNA center software, defined access ice. So TSA is generally TSA is an overlay to the community generally, right. OK, Nancy would have a direct customer relationship with TSA or technical solutions architect would be brought in for as an SME, for a focus either of enterprise networks focus or away in focus or data

center focus. And then that’s that’s usually kind of at the area level. And then at the worldwide level, we’re kind of hyper focused on technology. So my focus is did a center software defined? So I haven’t had to really think too much about when beyond connecting it to sday or DNA center or data center.

I haven’t had to do much of that at most most the last three years and spent just doing DNA center and software client access.

So Vanessa is working with a potential client, and then they need like an s the access guru.

They’ll bring me in the bring me in to do a park or to do a demo or to help them in their lab or to answer to have architecture, discussions, that kind of stuff. So it’s pretty.

Are you the guy like your your build that stuff?

I will. If it’s on

site, I’ll help you build it on site or on the customer site, rather. We don’t have port facilities at Cisco, but I don’t. And then we’ll do demos, anything kind of presales are we kind of elite usually leave once the architecture and migration discussion is done.

Move on. It’s kind of a small group within this because we don’t scale that long.

So did you get in on the ground floor of SD access?

I did.

I was I was a TSA, an enterprise networks, TSA in the federal space at Cisco when DNA Center in SD Access came out. So my focus was included, that kind of stuff. So soon as SGA started the prerelease stuff and the demos and giving those, that’s when I started learning.

So you have been around since day one.

So speaking of you being like a TSA and you’re talking about SD access, what else have you done?

So, Ben, do networking for the 30 years, OK, believe it or not. So before you go before being Izzet, I was in SC, so I covered everything. For that, I was I was in the federal space as a network engineer.

The network design engineer at a federal entity for a few years. Did again mostly land and win stuff when it was called SD win. For that, I was with Sprint, did a lot of us a lot of wind stuff at Sprint as well, Cisco stuff.

And then so now networking goes back almost 30 years. But I also did Microsoft stuff and that where stuff at the same time is Solaris stuff. Auclair certified way back then as well. And then before I did everything I could.

How far are we going back then?

Doing great. Yeah, it’s origin stories are concerned.

I did everything I could to avoid getting into it. I was I was really I got started and I think I got my first computer in eighty four. And so I got started really early. I was really good at it.

Everybody called. I was the kid that would help them fix their printer or whatever. But I never wanted to do it as a lesson. You know, just just I did everything I could to avoid it. So I went I majored in music in college.

I drove a taxi for a couple of years.

Wait, what instrument? I play drums. You have to pickiness, drums,

drums, piano, drums was my main one. And then I play piano and moved back there. Which is a hobby, too.

Yeah, yeah, yeah. Yeah, that’s yeah. Do you have a kid at home?

I do. Yeah. Yeah. What do you

have? A Gretsch Maple that I rarely ever play.

Oh, nice. Yeah. Is that going to be the next episode? Yeah.

We’re going to have a jam session. Oh, me too. Many drummers.

Yeah. Yeah. If I start playing probably around the same time, I got a computer around 12 or 13 years old. So.

So I did everything in the music. Whatever you wanted to go in the music? I did. I did well. I didn’t want to go into it.

And of course, I was in bands in the eighties in high school and loved doing that kind of stuff and thought to get big hair.

I, I had

big Robert Smith, the cure hair. Yes, I did.

I guess I’m just discovering that right now. I still got a good head of hair,

but it was pretty big and most was the thing back then. So I just finished it with Hairspray and my mom would get mad because I would use all our hairspray.

So, you know, I tried I

tried everything, got it in music, drove a taxi for a couple of years. So cars sold insurance and mutual funds just did all kinds of crazy stuff. Wow.

You did have it. You had a diverse background there.

I did, yeah. And got married. Fairly young and had a kid and realized I actually needed to make some money and pay, you know, pay for things, so here we go, I’ll start doing Kinsolving. So I started doing consulting it, consulting officially in 92, 93.

OK, based on what skills?

So back then it was just pieces are just learning IPX and SBX back then. And then eventually at ninety three, five, one and four into.

Were you self-taught because you didn’t go to school with South Korea?

No, I was completely. So I had a knack.

You taught you?

I did, yeah. I had the MSDOS three point two manual, and I just read manuals. I literally would read vendor manuals. That’s all we had. We didn’t have the first book I bought was in ninety six. It was the Unix System Administrators Handbook.

So you could get an interview and a job based on like, yeah, I read the manual and I know how to answer your questions, like is that how you say.

Yeah, I would just break stuff. I just, you know, decide I took

a part with the computer that my parents spent so much money on, and I broke it and then figured out how to fix it. And it’s really

nice. Yeah. Yeah. Because, you know, I think back, you know, back in the 90s and whatnot, like, you know, the Internet was just booming at that time. Right. And so, you

know, late, late 90s, it was. Yeah. Yeah.

What I’m getting at is that’s impressive that you were able to, you know, teach yourself this, because, you know, nowadays, I mean, we’ve got a plethora of things to learn from. We have, you know, online video courses. You can you can go to online, you know, regular college courses now.

It’s just insane. Like we’ve got all these manuals, we’ve got all these, you know, Fisher Cert guides, all that stuff. And you guys didn’t have all that back in the day. And and so that’s very impressive. I like hearing that.

Yet I still complain, Dan. Yeah, I know, right?

Yeah. We we didn’t have YouTube.

We didn’t

have. Right. There you

go to the library and use the Dewey Decimal

System. I absolutely used to do it at school systems.

And Andy and I

know Andy for our listeners that don’t know what that is. Can you please

put a link in the show notes?

So don’t do that. How do you transition from I am fixing the PCs to to networking.

So I started

working at a computer store in

ninety five, I think ninety

four right before Windows ninety five came out and I was building PCs and fixing and assembling PCs. And then it was a service called This Company Wants to Buy Five Pieces. We need to figure out how to connect them together.

And back then it was B and C Connectors and IPX. So I learned NetWare on my own to do that. And then he came out and I put IP and IPX on the same network with those cards and just kind of taught myself and figured it out at the shop and then kind of like the networking piece

I opened up. I helped start one of the first commercial ISPs in Canada. OK. And through that, I learned Unix and IP. I think I opened a tap case in like ninety three, 92, 93, and the tac engineer taught me subnet.

And that’s how I learned subediting. This attack engineer taught me a subnet

and then that was it. I’m not sure they do that anymore. So they probably don’t. I looked him up the other day

because I can look him up in the directory. He’s long gone. But I found the email. Here’s here’s what a network Maska is. And everything was still class will back then. And here’s why you can’t use this this mass with this IP address and

that a P one or a P two

is it’s OK.

So remember the case, man? It was a courier connecting a T a frame relay T one to twenty five hundred router to get this ISP up and running. And again,

that’s very cool. Like, did you print that email out? Because I print that out and like, you know,

Frank, should I do have I do have the email somewhere.

I looked it up a couple of months ago because I wanted to look up this guy just to thank them. Right. Because that was it. Like I did a lot of it stuff and I was good at computers and fixing computers.

And I was the guy that would call. But actual IP networking and networking in general was really because of this. I mean, I was doing Unix stuff at the ISP.

Yeah. Did you find networking as easy as you found working with hardware? I did.

I did. I was a they say math music folks that are good at music are also good at math. So I was always a good math guy. And so that was that was the easy part. And it was fun.

Yeah. Yeah. I just found it enjoyable to do. So I kept on. Now.

OK, so why did you go for your first Cisco, sir?

That would have been two thousand. So I got. I moved it from the Canada, the U.S. I had had my Mxi and I had my network certifications that the U.S. got my S.K in in late 99, early 2000.

Now, were

you were you still doing the consulting gig during all

this? Yeah, I was with a

company called Paraná. Andy might remember them. They were they were bought by Sprint, but they were one of the big consulting firms.

And that was before my time.

You did say decade? Yeah. I’m sorry. I’m just I’m just kidding.

And you could you could tell me to pound sand if it’s too personal. But why did you move from Canada to the states? Was it for job opportunities,

job or mostly job opportunities?

I was tired of the cold. I was tired of the snow. You know, it’s now it’s the opposite now. I’m tired of the heat. Right. I would give anything if it would snow right now because I could get a good night’s sleep.

So. So back then, you know, it was 98. The economy was booming down here, especially in Dallas. And the cost of living is really low. And your companies were throwing money left, right, center at you. They were flying you wherever for your just for an interview.

They would fly just to do a you just to do it. And they paid for the move and all that kind of stuff. So I just decided to go for it. And it’s just a good change. Different different cultures, different food down here.

So I, I was mainly with Paramatta that I was doing Cissoko stuff, Solara stuff and Microsoft stuff. And they wanted they really encourage certain stations back then at Sprint bottom. And so I got my I think in ninety I think it was early two thousand.

And then within six weeks I went to see a CD, a C CNPC CD. So I did an exam a week for like, oh, wow, seven or eight weeks. All three of those knocked out. Yeah. It was just

like, I don’t know how I do it. My fifth. Wait a minute.

What what exam’s

ACDA copycatted in five weeks?

Can grief. Oh, did you did you have a wife at that point or.

I did. I had a wife and I now know a life. A life for the wife. No, no, no, no. I mean, it’s the same thing, Daniel. I would I would work.

I would come home and read the book whenever the book was for that exam. Yeah. And I would just go and do the exam.

I, I don’t know how I did it, to be honest. Where the 800 page books.

Yeah. Yeah, they’re the big thick system guides. Yeah. Yeah. I don’t know how I honestly I mean, I’m almost fifty right now and I don’t know how I was able to do that back then. How? I can’t read a brief page right now without falling asleep.

On the same way. Yeah. So so obviously,

you know, then the kind of next step in the progression of the CCRA and back then Sprint would pay for the lab. OK. But you had to use your own time to study. So I went to my. So I was like I think I was seven exams in for all those Cissoko exams.

In my eighth exam was the written.

So did you fail any of those seven, not one.

I have I have never failed a Cissoko exam in my life.

Casada like you.

Yeah.

So I think it’s honestly I think I’m just stubborn. It’s like I think my my mindset is if I fail

is I’m not going to do it again. So I’ll just go. Which is really a bad attitude, especially for your listeners, don’t you?

It’s OK.

I, I have an idyllic memory, so I’m able to retain stuff really easily. So what does eidetic mean? It’s like a photographic memory, but it’s more associative.

And how do we get one of those?

Yeah, it’s it’s a curse. It’s a curse, because

I can still tell AJ how how bad I felt when he tried to get me that dude podcast a few months ago. And I completely forgot about me because I still remember those feelings,

because I find out. So. So it’s

a curse. It’s a blessing and a curse.

What do you remember everything that’s ever happened to you? I can recall pretty much everything.

Yeah, it’s I might need a

reminder here and there, but as soon as I get

the reminder, it just pops

into my head. What’s your face from taxi? You remember that woman? I forget her name, the pretty woman from Taxi, one of the actress.

I mean, I think she has whatever

she remembers, everything that’s ever happened to her. She’s been on all these shows and like you can ask her anything she said today, the date, the weather like.

Yeah, it sounds awful. Yeah. Yeah, it’s good for exams, though.

It’s it’s good for exams and it’s good. It’s good for work. It really is good for because I can have a conversation with the customer and six months later they call me and say, remember this? And I’ll be like, oh, yeah, that’s right.

And then I can talk to you. You don’t have to take notes.

Probably.

I can’t take notes. If I take notes, I actually forget.

I said, you’re not paying attention, right. Because you’re trying to say, yeah, yeah.

My my the part of my brain that remembers is focused on figuring out how to use a pen.

So. All right. He’s never going to

forget about Nathman.

Yeah. And that picture stuck. I won’t forget about Nathman or all

the jokes he made about Andy before he joined

up. Yeah. Yeah, I’m used to it. I’m a beat man. So.

So, CCRA, you were studying on your own.

Sprent was going to pay. I was going to pay for it. So I went did the written pass that first time. And so.

So what was the written like? Because if you’re to compare that to today, because terrible today, if you take the copy, you’re also taking these i.e. written. Oh, yeah, yeah, yeah. No, no. Then, you know, there was probably multiple exams to do the copy and then you still had to do this essay written and then you still

had to do the CCI lab.

Correct. Yeah. So they the Q&A was the one exam day was one exam. PE was four more and then the other one in addition to C, C and. Yeah, and as you got higher, this the the certs were newer and they had been around for a few years by then.

So the exams were pretty good and pretty solid. But as you got further into up the chain of certifications, those exams got a lot sloppier, is not as many people were doing them or proofing them or giving each other.

OK, so by the time you got to the IEEE, so my numbers. Seventy four. Seventy two. So there were six thousand by then, right? Right.

And for anybody else, because no one was like one thousand twenty four. Not one. Yeah. Right.

Okay. Thank you. So so by the time I got to that exam is one hundred question Multiple-Choice, just like all the rest. But it was very rough. Very sloppy. I mean. But by then I was used to it because I had done the DPI was pretty rough as well.

And then got the got the CCI written out of the way, and I kind of made. And for those that are going to go for the CCI, I know it’s different now than it was when I did it back then.

But I kind of I wouldn’t let myself Labbe use lab equipment until I passed the written exam. Because the written exams. The MP, the that we’re all theory, you were you could learn on equipment and you can type OSPF 16 and configure and OSPF network, but that’s not going to help you in a multiple choice questions just

church, just not you need to know the timers. You need to know the default. You need to know this man versus this command as written, but not at the root of especially. And I think what I’ve seen happen with people I’ve mentored in the past is they’ll learn how to do it on the device and think they’re

going to face the exam, that the exam is wrong, because, you know, the old the old saying is that there’s the right answer to the wrong answer and then the Cissoko answer. So the Cissoko answer on the exam is doesn’t necessarily have to be the one that matches what you did on your router or switches the one

that you read in the book. The books are written for a reason. The blueprints are written for a reason. So I kind of band myself from touching network here on work related until I got the CCRA written out of the way.

And then once that was out of the way, I went on eBay and bought one rather at a time and built my own lab at home and spent six months, used all my vacation time in that six months and passed the exam on May twenty third.

Twenty one.

Wow. Your first shot? My first shot, it was a two day exam, so two

day and it had high p ipx apple to that boUi Adobe you Atim Lane. It had all the non IP protocols. One day was a IP, the other day was not IP. So it was a two day exam.

You you didn’t find out if you made it to the second day until the next morning. So you do your first hour should stress.

That’s brutal. I allowed to curse on this podcast because so lots of fun. So I,

I went I did the first day. And you sit down, you do the exam and you know, you’re stressed. Everybody’s talking about this. This is so difficult. You’re never going to pass first time. And there is me like I’m not going to do this again if I don’t understand that.

So I did it got through the first eight stressed out. And you go back to the hotel. I did it in San Jose. I woke up at three in the morning and in my head was shit. I forgot to send communities like that.

Was this that was like. And for those listening, is it the same communities as the

BGP command you need to actually pass the communities on to to the neighbors. So I woke up remembering that I forgot to type me because I had practiced every scenario leading up to the exam and I knew what to type.

And so you get into the lab the next day to the lab room the next day. And if there’s a booklet on your desk, you sit and you start day two. And if there’s not, you wait for the doctor to call you up so they can review what goes wrong.

Everything was done in person. Back in the lab, you had a rack beside your your your table and you had the cable at cabling, gave you points the way you cabled your equipment, because they would for troubleshooting, they would bend the pin.

So you had to straighten the pins out to figure things out. Wow. So you got points for the way you cabled your network. You got points for a network diagram. You had a big sheet of construction paper on your desk that you had to color in with pencils to do your routing protocols and your ass numbers.

And redistributing Mark where you research points were was it was a grind?

Was that the first version of Visio right there? Yeah, the sixty four parts of what

they gave caveman visio. Man five, five, five pencil

crayons that a sheet of construction paper. Nice.

So pardon pardon my ignorance here Roddy but. Was were there concentrations for the CIA back then or was it just route switch that there was one,

i.e. there were

three there was a sky blue, which was based on the mainframe delice w IBM stock. You’re saying trigger

words for me right now, which might be IBM or Adobe LSW.

Yeah, I that was I was. But when I was working in federal deals, w was my thing.

So I know who the CIA blew. That was I

think there was a security one now. There wasn’t a security one. There was a when ESP one. So CXP sky blue and CIA roots, which I think those were the three. And then later came the voice in the security.

Gotcha. Yeah. And they aspe one resol employee and it was all strata come ATM stuff.

And did you say that was in 2001, right?

  1. I got my. I just hit my twenty year anniversary just a couple of months ago.

Nice. Yeah. Congrats on that. Thank you.

Did you get your plaque and all that stuff?

Yeah. Long story. No, not yet. I’m still

working. OK, I have my my original plaque. I have my

10 year plaque, but they haven’t sent me my 10 year.

I got you. I got you. Yeah.

So before the IEEE, you mentioned doing the KNP or the CDP. Did you just want to get into design or was it just something to do?

It was just something to do. You back then you only needed the CNA to be able to write the CCI written. But it had been told I talked to a couple of guys that were at Sprint at the time, and they said, get get all of the certifications on your way up, even if you think you’re not

going to use it or it’s not something you want to do. It’s DPE was one extra exam on top of the N.P. or two extra exams because

just a week, right? Yeah. Well, we do. Yeah. Yeah, that’s true. Yeah. Yeah, maybe I’m oversimplifying it, but because back then it was. Yes, you are.

Yeah. It was just product knowledge, right? It was, it was six hundred rueter. What model of this router has this kind of interface that kind of OK? At the time, though, I was in pre-sales with Sprint, Paraná, they were called back then.

And so that’s not helped. So, you know, it did help me get into I didn’t really have an idea of what exactly I wanted to do in networking. We just did know I was a consulting engineer back then.

So that’s what we did. I sold network stuff and I implemented network stuff and everything counted. Right.

Gotcha. So you’re saying while you were at Sprint, you were actually consulting doing that?

OK, gotcha. Yeah, I was a kid.

The thing I can’t remember my exact title, but yeah, my title at Sprint, I was a consultant, a network consultant. No, I didn’t actually work for Sprint proper running their network. I was a salesman. Yeah.

Okay. Gotcha. So it sounds like because we’re in 2001 right now. Right. That that’s where we’re at and on this timeline. And so you were in consulting from 92, 93 ish all the way up to 2001. Pretty much.

Okay. Yeah, it’s interesting. I don’t think we’ve heard that yet. So when starting their first gig is consulting. So. So is that the same as a contractor or consultant?

Yeah, in a way, it wasn’t we didn’t we weren’t a body shop, so it wasn’t like you would get somebody in for six months just to be a network engineer. It was more presale stuff. I did a lot of pre sales during that time.

Yeah. Which, you know, is good and bad, I guess. I mean, that’s what I’m doing again now. So it kind of came around for of full circle. Yeah.

Yeah. So like SC is a pre sales

position or not? It is. SC is a preacher at

Cisco as high as a pre sales position? Yeah.

Yeah. Right. So you kind of went from did you go from consulting to SC like like formally?

No. So I went from

consulting and I got on to a project at a federal entity and got home from the project. And the guy guy there just actually recently passed away. He called me up and said, hey, we really like the work you did here.

You want to come to our lead network design engineer. Oh, OK. So that was it. So I went there. I was there for six years. And then so I was you by then. Obviously see it better than you.

OK. And so so yeah, this story ended. So I passed past. Got it, got the number and went back to doing whatever I was doing and ended up as a network design engineer network. Yeah, network design engineer. I think it was my formal title for this federal entity for six years

that the CCI, you change your life. Did you get better jobs?

More money? Yeah. Back then. Yeah, yeah. Okay. Back then, absolutely. I mean, Sprint had the deal. If I passed, they would pay for everything. And then if I passed, I would get this bonus or this pay increase at the time when jobs when consulting gigs would come up.

Customers were asking for cecilians. So it opened up a lot of consulting jobs within Sprint on behalf of Sprint. While I was there. Right. So there were no society needed for to do this, that I qualified for that.

Once I got my say, yeah, it was almost immediate. It was like the day after I got back, I started getting, hey, do you want to go do this gig somewhere else or do you want to go to this?

Yeah, absolutely. Yeah.

Yeah, it was worthwhile. And you did it in less than a year, right?

I did it in six months.

Yeah. So why do you only have one?

It’s so easy. Yeah, that’s a good question. Yeah, I only like Eipe.

I don’t like IPv6.

Let’s beat up on Piecyk now. You know, I

was never a security guy. I was never a real voice. The voice focused words. I probably could have done the service vider one because I did do a lot of emplace while I was at Sprint. Yeah. And the blue one may have been handy, but the blue one had retired, I think, by about 2004.

2005.

Yeah. So. So how long were you there at Sprint then? Because we were at two chiasm one. That’s when you passed your I.D.. So how long were you still at Sprint for then?

I was at Sprint for three years, from ninety three to ninety eight to twenty one.

OK, so after you get your ideas.

Yeah, 98 to 22. So she

doesn’t bounce

for some. I stayed my mandatory one. So funny story. So the other agreement was. But they would they would move me down from Canada and they would sponsor me for all the stuff. And I had to stay a year after my Sikhi and a year after the sponsorship was done.

Well, they decided to get out of the consulting business and they were going to start laying folks off that were in my division and that I wasn’t going to be one of them. So I went to my. So this this customer called me and said, hey, we want you over here.

This was in 2002. We want you at this federal entity. Love the job you did. What do you say? So I called my bosses for it and say, can you lay me off?

That is a funny story. I it’s something we’ve heard that either. What are you talking about?

I said, yeah, I got a lot of stories. They said, what are you talking about? I said I said, it’ll save you have to layoff so-and-so. I’ve got a job lined up. They’re going to close the division eventually, anyway, I got to find something else within Sprint or find something else, it’s done.

So it did. I got my severance. I got all my stuff covered and fast to the next job a week later. So that was I was at the federal entity for six years.

For six years. Yeah. Yeah. And where did you say your title was some sort of like a design network?

Design engineer. OK. But I did.

Some operations as well, implementations, but overall, I was responsible for. I can’t. I can’t tell you who it is, but it

was yeah, you know, that’s a

very large, important national network and it covers all areas of the U.S. And so I, I was kind of at the top of the food chain at that point. So I could I was in charge of network, the land designs, the land designs, connecting all the sites together, making sure everything talked to the mainframes with the.

That’s where my deal is. W stuff came in and then eventually Internet connectivity and orders and that kind of stuff.

Did did they let you see the aliens?

No. No, because remember, I am Canadian, so I was technically he was a walking one. Yeah. It’s not a

sacred place, but it’s just not one that I talk about. Yeah. Yeah.

So so in your six years there, did you did you gain over a lot of experience in that six years or so? So what I’m what I’m getting to is did you ever feel like you were starting to.

There’s a there’s a term going around our discord thanks to river and discord arrest out. Right. Like do you feel like you you were not not being challenged at this job or did did you do a lot of growing in this job?

What I did a lot of growing probably for the

first four

years. First for, you know, until I

got the network to a point where it was modern and stable. So we converted from twenty five links to four, and that was project one. Right. So that we did get through that kind of stuff and then get rid of we we started taking out mainframes and places and replacing them with servers.

OK. Right. And then virtualization, virtualization started to come in. So we had to get rid of now we get rid of the Solaris servers and bring in Linux servers so that they could run virtualization and then the Windows stuff.

And so getting that stuff connected, the network getting lips to move between data centers. But this was all new. Right. So once I think once I got to that point, I think I kind of peaked from a technical perspective, at least from what not that I knew everything, but for what my employer needed.

I got it. I got it all done. And that’s my last thing, was getting the win stuff off of frame relay, because I had put the frame relay in initially. And then a few years later, we’re yanking out the Premiere and putting a lesser distance, getting Jerry and IP sec working over that, using Internet as a backup

, getting everything connected, virtually overtops using overlays. Can you know? Yeah.

Yeah. Can you also hit on. So you said something that that I don’t know if you wanna say triggered me or not, but so I’ve been at my job for about nine years or nine years. Like last month.

And you said that you got the network to where you were wanting it. Right. And you said in about four years, like, how does that feel? Because I haven’t gotten mine to where I want yet.

So it’s like, did did you

get over that mountain? You were just like, oh, finally, it’s the way I wanted it designed.

Yeah, it’s it’s a good feeling. I mean, it I’ve been fortunate.

I’ll tell this to anybody this I’ve been really lucky. I’ve had some really solid managers that trusted me and that knew what I was good at and knew that if I wasn’t good at something, I would say I wasn’t good at it or I wouldn’t pretend to be something like something I don’t want to do in this

industry is tell people, you know, something that you don’t know because it shows. So my managers, I’ve been really lucky with managers throughout my career, honestly, from day one. And he trusted me. And he he would come to me and say, this customer wants this.

Our internal customers, this application has this requirement. So we figure out how to get this done. I would say this is how it’s done. They would come back and say, well, I met so-and-so on an airplane and he said not to do this.

And I would say, don’t listen to that crap. My boss, my boss would go back to them and say, no, we’re not going to do it that way. So I didn’t get a lot of pushback. OK. Not that I was always right, because I was still growing and still learning, but I was I was given a lot

of flexibility to do things the right way because I kind of had a methodology. I knew I knew the concepts between behind and availability and redundancy and all that kind of stuff. I wasn’t as very methodical in my approach what configuring it as a network or designing a network.

So I was given a lot of freedom, flexibility. Not everybody has that I can appreciate. So it can be tough. But yeah, I felt it felt good. It. It freed me up to once I was done. It freed me up for some of the silly things that customers would ask for, and that’s kind of where it started

wearing thin a little bit. And it’s like, you know what, maybe I need to get back into consulting, but, you know, working. The difference for me, at least, because I started off consulting and then I went into an actual network position where I owned the network.

I got an appreciation for outages. What those cost in terms of money and reputation. Right. I got an appreciation for being on call all the time. I got an appreciation for what that takes and being careful when you’re considering something and planning something properly before you can figure it so you don’t cause an outage.

And then and this is something to help me and my skyy checking your work after you do it, no matter how good you are and how smart and how many times you’ve done it. Everybody makes mistakes. And if you know those verification commands or you know what to test and what to look for when you’re done, you’re

going to save yourself so much time down the road. Especially if you don’t answer your phone and somebody else has to troubleshoot it, right, so.

We’ve been there solid advice, they’re very leery.

So you left there. You climb that mountain, you left there and you went to Cisco.

Yeah. My ultimate goal once I started getting my keanna and stuff was to work at Cisco. I was just I just that was just where I wanted to be. And honestly, it was that Ptak engineer that inspired me.

And I just like I said, you know what? I want to work there. And so. Twenty eight. So 15 years later, 15 years after I had that encounter or the interaction with the tech engineer, I was at Cisco 2008, ajoint Cisco.

And I’ve been here ever since.

Nice. What was that first job? Cisco.

Yes, it was hard only because they have a pretty involved interview process. Right. My first job was as a network consulting engineer covering large financial accounts at Cisco. And in that time, that’s presales that was post sales. And I did post sales for four, five years at Cisco.

And still consulting, but sales consultant. So I would help them when they would add to their network. But I was still kind of having the same discussions, the architecture, discussions and design discussions that I was having when I was doing pre-sales evidence was I didn’t have a number.

And I would also be the one that they would call if something went wrong.

So this might be a dumb question. I call tech when something goes wrong. So what what is post sales, exactly how they differ from support.

So if if you have if you’re a large customer. And you’ve got a global network that needs so so TAC is great, but Ptak doesn’t necessarily know your network and the time it takes to open a case. Tell them your problem.

Figure out the solution. The problem they don’t have time to remember or to learn your network. So advanced services exists for customers that want to buy a block of ours.

Well, you’re a dedicated architect to certain clients, right?

Yeah, yeah, yeah. You’re dedicating certain clients.

So you have familiarity with their staff, with their processes and also processes for the Canadian people, their staff, their processes, their their network. You’re engaged with them throughout your contract, not your your contract with their contract with Cisco.

You can be a dedicated resource. You can cover three or four accounts. Kind of like an Etsy, right. As he’s would generally know their account. So nces that as they recall back then, I don’t know what they’re called something else now, but Networx consulting engineers knew their accounts and so they would still call Tilk.

So they called me and said, hey, we’re having this issue. I would say open Takase. I’ll have a look at it in the morning. But if they needed help moving the case along or getting bug scrubs done or researching code or Ptak tells them to do something, they would run it by me.

That’s the kind of stuff we weren’t Ptak. And we were very careful to position ourselves not being tapped, because I don’t have a lab where I can test every scenario.

So now. So if you pay enough, you get one of you.

Yes, that’s it.

Yeah, that’s exactly it. You get one to me or five of me. Yeah.

In my work as a partner during deployments and stuff, I’ve worked with advance services and talk about sharp.

Yeah. Yeah, it’s it’s

I, I didn’t I had fun because I was doing peer networking, but what I found when I was in advanced services, I did learn, but I didn’t I only learned what my customer. I had no opportunity to learn what I didn’t know that Cisco made servers until I got out of advanced services because my customer didn’t use

UCS. Yeah, I knew what they bought and because I would only see it when I would show up and I’d have to go help them install it or put it in. But it was the ease and the TSA that we’re ahead of the game in that new Cisco products.

I didn’t learn about I didn’t know a product or an OS until I actually the customer needed it. I didn’t have time to go learn. I didn’t get to go see the announcements and all that kind of stuff.

So in that way, I kind of feel like I lost a couple of years. I mean, it wasn’t a waste. I did get better at networking and I got really, really good at Nexus seven thousand sixty five hundred, but I didn’t know some of the other stuff that Cisco was doing.

So you said when you were just starting out into networking that you wanted to work at Cisco. Did you have an ultimate goal of what you wanted your role to be or you just wanted to get in the door and see what happened?

I just wanted to get in the door and see what happened. I would I was I would have gone to task. I would have gone to as I would have gone to be able to go gone today. OK, I just wanted to be at Cisco.

Yeah.

So how did you pick your position? Like, was it the first that came up? Or you’re like, well, I’ve been a consultant before. I’ll do that for Cisco.

Yeah, it was the first

the first that came up. They offered me a job and I took it. Yeah.

Is the culture as good as I hear?

Yeah, it is. And that’s to to answer Tim’s

question, I know I had a question like I, I was an important question. I don’t want to forget it. But everything you’ve heard about Cisco, I mean, of course, it depends on your manager and your team, but it’s a really good place to work.

I mean, they don’t have the startup mentality that a lot of startups still have. And a lot of companies do think we don’t. You don’t get the free sodas in the in the break rooms anymore. But they they they they are very good at empowering employees and trusting employees.

We don’t. One of the things that drove me nuts about being in federal. And when I worked at the federal entity was our laptops were so locked down to a point of being almost useless. So we had to be patient.

So, you know this story.

So, you know, we can’t tell you

where I work. But you’re preaching to the choir there.

It was it actually got as bad as we had to carry two laptops. I can have a laptop that I can access my network devices with and I can have a laptop that I could do my emails with.

Right. And it was just very slow. So you know what I’m talking about, right. So at Cisco, I did one of the

first first things I get is I get this packet with my laptop and its cover sheet saying, OK, it’s got windows wherever we are up to back then XP or something on it. If you want to install your own ass or OS, you’re on your own.

But go for it. Here’s how you access the network.

You actually have admin privileges on your work, but

I still do are still even in 2021. I do. I mean, we have they’ll still make sure my screensaver

set to 10 minutes and that I have a password that changes every six months. But at the federal place, we had to change our stupid password every month and we didn’t have single sign on. So I was changing 20 passwords every month and they had different password requirements up trash.

And my old employer, I

realized they had to describe a different password requirements. And then they would lock the laptop

down and lock. You can install security because we don’t have this. And I have a license. No, you can’t install it. You don’t have admin rights. So I have to open a ticket to get them to install a piece of software for me that I need to do my job right.

And it was just so frightening. You know, we can laugh about it and complain about it, but it actually was stressful because I would. Those laptops are so bad, they would take like 10 minutes to boot up.

Right. And I was sitting there, my pagers going off,

and there’s an outage in Philadelphia. Some guy named Andy did something wrong. Yeah, I got it.

I’m waiting for a very plausible I’m waiting for my laptop to boot up. And it because it’s sitting

there doing the decrypt process that some goofball engineer put on there. Right. So anyway, they’re very empowering. They’re very trusting. So even today, we get control over you. But, you know, who knows? Of course, depends on your manager.

But it’s a fun place to work. There’s the cool part, and this is why I don’t know that I’ll ever leave, as there’s always someone smarter than you. Hmm. And that’s the way you learn. Right. And and honestly, to to a person at Cisco, I’ve never once gone to somebody for help and had them say, I’m too

busy, I can help you go somewhere. And I’ve been here 13 years. I’ve never want to come across that mentality. Every TSA or see or as you see or AM is always willing to help you on your customer, whether they get paid on it or not.

Right. I could go to attack guy and not have to open a case to get a question answered. I could go. They don’t sit there and say, oh, open the package and I’ll answer the question. Just hit them up on our chat program is the answer.

Right. So, yeah, it’s a great it’s a great place to work, honestly. I mean, you know, if they don’t pay startup money, it’s a big company. We have sixty thousand employees, but. I like it here. I do like it.

It’s awesome.

Yeah, A.J., what did you want? Yeah, I know you guys, you

have a question? Yeah.

Yeah, I was just going to, you know, kind of prompt you. How did you get from that post sales into pre-sales?

So so would that be the systems engineer job?

That was

my job. Yeah. So funny. There’s another funny story.

So I was in L.A. for

five years covering a large financial account and the. See that covered?

The place I used to work, the federal entity,

was moving to another account.

Hmm. So my boss, my ex boss at this federal entity asked Cisco,

can we move Roddie over to the RC

South?

So nobody asked Rotty if that’s what he wanted.

Nobody asked. Right. So they had this conversation. This is that’s a good point, Tim. So they had this conversation.

I had no idea. I hadn’t talked to any of these folks five years. And I get a call from the account manager and he says, hey, I was just talking to so-and-so at the customer. And I was like, oh, how’s he doing?

He’s like, he’s good, but there he is leaving and they want you to be dressing.

So full circle again,

I end up moving from advanced services to the sales organization and federal to cover to be the for my old employer.

So I built I had built that network.

So I knew the network. Yeah, I knew the funkiness. The government places, the federal institutions do. I knew the processes. I knew the politics. I knew the staff. I knew all the people there. So I didn’t that was a cool again, I’ve been so lucky I didn’t have to learn that stuff as well as learn how to

be an SC. I got you right. I got to learn how to be Annecy in an environment that I was 100 percent Premiere Pro. That’s pretty. I didn’t have to introduce myself to anybody, I didn’t have to go and say, OK, here’s how I do things.

They knew how I did things. They knew how to talk.

They knew what to expect. Basically.

Yeah. Yeah. So it’s, again, very, very, very lucky. I mean, I don’t yeah, I don’t I’ve been really lucky in my career. Those kinds of things I was there for as. Yes. On that account for three years.

And then what does it do?

What does it you do? So I’m not trying to be. No, that’s a good question.

It’s it seems like a really great gig. We’ve talked to a couple. Yeah, I’ve never talked to a Cisco SC, but. You know, you’re a very technical guy. You built the network. What does that SC role look like for you, like what do you have to learn and do differently that you were doing in your engineering job

? Yeah, it’s it’s a different it’s a different.

So Cissoko now calls are eskies. They call them essays. And I have to correct myself sometimes. So now it’s system architects instead of system Virginia Junior Seau. And he is the. So an account team at Cisco is made up of an account manager and an essay.

So the account manager does the number of sales, these type stuff, and the essay does the technical sales. So the AI is responsible for recommending a platform to fit a requirement or recommending a solution to fit a requirement.

Learning the customer network, learning how what they need, anticipating what they might need in the future. You’ve got a bunch of these routers that are going to be end of sale in a year. Let’s start planning to migrate away.

Here’s the new platform. Essay will go on and do tech talks to tell them about new platforms and new software features.

It’s a hard it’s

I would say that the SC position or as a position at Cisco is a hard decision. Hmm. And it’s mostly because you are responsible for all things Cisco.

Was going to ask you, do you only have a narrow set of products? No.

At all? No. An essay is a generalist, so you have to know routers, switches, data center, enterprise security, collaboration, storage servers. What else do we do? Whatever cloud stuff, all the stuff that we do and say, Hachemi, you can’t you can you can’t know everything about everything, unfortunately.

But that’s what makes it hard, as you have to know at least a little bit about everything. So so you can at least have the first conversation and then know who to call to bring it. So then you would bring in T.S.A..

Right. So a lot of essays have a Calabro background. So their focus is collapse of the really strong collab, but they’re not so strong on routing and switching. So they’ll bring it T.S.A. and sooner than a regular essay.

Right. But that’s what makes the job hard, is you have to keep on top of all of those solutions and technologies and know what Cisco is bringing out, because you’re responsible for making sure those solutions get in front of customers.

So how did you personally gauge how deep you had to go in any given discipline?

I don’t know that I thought about

it too much, Tim, I and my career, I was a route switch guy, so that was the no brainer for me. I mean, so when when we would come out with the Nexus stuff, I would learn I wasn’t a.

You mean when I was working at the federal entity, we didn’t have access right. To cats. About a hundred was the switch of the data center and the switch. The campus didn’t. There was no distinction between data center technology.

So when I became by the time I became an essay, there were the data center was its own world and had its own product line. So I guess I wanted to just using data centers, example, I wanted to get as good a data center as I was at campus and Branch Technologies.

OK. But I didn’t want to get into being really good at firewalls and really good at telepresence or really good at sort of just I didn’t have an interest. Now, is that true?

Yeah, I do want to say I appreciate your pun. You said that at your core, your about switchgear.

Appreciate it. Okay. I that was intentional. Yeah, absolutely not intentional.

Thank you, Tim, for pointing out my bias.

So we spent a lot of time on your story and how you got to where you were, which is amazing just before we run out of time. I have no idea what SD access or DNA center are. Oh, so I don’t know when we want to pivot to that.

But if you could just do like a high level because they’re your areas, right? They are, yes. The book UROD. And so can you teach a dummy like what is this stuff really quick and like?

Well, yeah, right

before you get into that, though, but why why SD access? Because there’s a certain book in a. Oh, yeah. Like how did you get into that, you know.

So she didn’t.

For some reason, I thought we just finished the intro. It’s just the whole podcast

because it goes by myself. I’ve caught myself like I’m

you proud of you’re talking way too much about

yourself, but I guess.

Well, you’re an interesting cat who’s done a lot. And I’m really learning a lot from this. So that’s you know, now we’re at the part for me. We’re like, well,

what is this? Who’s an expert at? And I just I thought I was just

supposed to introduce myself. I didn’t realize that the podcast would actually be my story, which is kind of cool. I just.

OK, so. Yeah, so Dan

wants to know why I got into ASTIA or why a customer should get into

it. So there’s a book out there.

There is a book out there. Yeah, I’m trying to get to your book. I wrote a book. Yeah, that’s all right. Yes. So OK. So Andy, I’ll come back to your

question after I talk about my book that I really don’t publicize whole. You don’t know. I’m just not comfortable doing it.

But I guess so. We fast forward

a little bit. So I was an essay for three years, and then I was a TSA still in federal covering just enterprise technology. So land and when and then I had this opportunity come up about three and a half years ago, focused on DNA center a.D.A.

So about a year and a half, two years ago, a friend of mine had written a couple of books for Cissoko Press, we were just kind of talking back and forth. And I said, you know, one of my kind of bucket list items was to write a book.

That’s what I got started reading when I started to do my certification. So. And he said, yeah, you said when I talked to the to the the publishing house once in a while, there’s a topic that comes up that I think would be good at.

We’ll do it. So a couple of months later gives me a call and said they want an e-book. Are you in? I said, sure,

let’s do it. Oh, yeah. Do you have a writing background? No, I mean, are we counting blogs and trolling people on Twitter? I was like six guys, man. I should have been trolling. I guess I should

write a book on trolling people on Twitter.

No, I had

I’d never written anything beyond. I mean, I’ve written white papers and written kind of architecture documents and stuff like that. But I’d never written anything like a book and.

I do want to talk about the book experience a little bit,

because it’s yeah, people a lot of people ask me, and so he said, yeah, let’s write a book on Sa’dah. So I was like, OK, it’s been on my list. I always wanted to have my name on a Cissoko press book because I knew a lot of authors and they were always really sharp and always helpful.

I want to be one of those people,

so I’ll never do it again. Just wait. That’s that’s the entire experience that I did it and I’ll never do it again.

It’s I’ll tell you, man, it’s a mine. It is it is a different experience, and I can write I can write an email, I can write tiar, I can go back and forth with A.J. I could write a blog post about food and networking and talk about it, but I’m going to write the way I speak.

Hmm. When you’re writing a book. First of all, you you have deadlines, right? I’m writing a blog post, I have like 15 posts and drafts right now

that have been there for like two and a half years. I know that’s not his right. So, I mean,

I have posts on like IPv6, so like I’ll never get to them. Right, because I believe this is never going to be a thing.

So I, I

should get at it that way to

it. Oh, no. I really mean every bit. So we’ve got that right. Yes. So you get this

this you know, here’s your milestone’s, right? You want to get one fifth of the way through by this day, one, two fifths, three, 350, four, etc..

And, you know, I kind of got in my head

what I want to talk about. But I sat down to do this damn book and I started writing it like a lab guide. And I thought, this isn’t going to fill a book. This is like 15 pages at best.

Right. And so I called the my

buddy who coauthored it, Jason Goule. And I said, and I’m writing this, and it just doesn’t feel right. I’m writing a lab guide and I know we don’t want a lab. And so we kind of gave me some ideas because he had written a couple of books before and I started doing it, but I just kept running

out of words. And you hear authors, tactical, not tactical, talk about sitting in front of a blank word document, not knowing what to type. I was like that every damn day.

I mean, I know my shit.

I know Sa’dah at this point. I know how to talk about SDI. I know how to sell S.J I know how to help people test you. How do you how do you write about it in a book? So I started and I went into the oh, here’s the history of automation, I think, OK, I’ll start historical and

maybe that’ll kind of give me some ideas. And so I did a little bit of that and talked about Ansible and all that kind of stuff. So I sent some drafts to the publisher and they came it was marked to hell.

So you can’t use you. You can’t use wi you can’t use my you to use has to be impersonal.

How many how many passwords that they have to cut out to you? Yeah. Just curious. Personal. The impersonal, you know, way of writing is intentional.

It is. It it’s like so, you know, again, I would if I read on my

blog post right now, I would say, you know, next thing you’re going to do is do this and then we’re going to see what happens. Right. You can’t write something like that in an official book. Be more engaged, and that’s not well, you think.

I don’t know why. Right. I don’t get it. But it’s that’s the rule.

And it’s just I’m not saying people shouldn’t do it. There are some fantastic to suppress authors, authors out there. And I’ve learned a lot from those books.

I’m just beating up on the you know, because it’s in fashion.

Yeah, but.

But it just wasn’t for me. Like I couldn’t I can write in my natural language in the way I speak and. Because maybe it’s just maybe I’m weird, right, because but because of the way my brain works, communicating that stuff has to be communicated in my style.

I’m sitting there and you tell me to write this, but write it in this way. I really struggle. And it took me I missed deadline after I felt so bad for Jason. And he was getting crap from the publisher because I was the deadline and we got it done.

We have done at two coauthors and we got the book done. And it’s been out, I think, since August. So it’s been out for almost a year. Just got a couple of copies there, I believe. I do believe he’s going to probably steal one and be helping the others.

So the book is about software,

Cissoko software to find access. And so answered to get to your question, Andy. You want to hold it up there

and there it is. I say,

listeners to the people actually get to watch these videos.

Oh, yeah, yeah, yeah, absolutely. Oh, you did your hair. I like this one. But you’re blue for some reason, Mr. Poppets. Very, very, very. Yoho’s very bad. His new nickname. Wait, wait.

How does how does it feel to hold that book like when it’s done and you suffered through it and now you’re on a Cissoko press book? I mean, that’s got to be a high watermark, right?

Like, yeah, I’ll never do it again. Right. But I was it felt good. No, that’s a good question. It really is. That’s a great

question.

I and I’ve

had people ask me, it feels great. I have my name on Cisco. You can I have an author page on Amazon. Hmm. Right. You Google my name now with software defined access or Cissoko. Now you’re getting hits for my book, not shitty blog posts that I wrote down

or tweets where I’m trolling IPV six people. You’re actually getting a legitimate

author page on Google and an author page on Amazon. So that’s pretty cool. That is really cool. Yeah, it was. I think I was I think I was so anxious to get it done because I was so it took a lot of me just it was so stressful because of the whole language thing and being able to

talk. I don’t know that I enjoyed it as much as I should have. I wish I had I wish I had it. Yeah, it’s a big deal and it’s a big deal. And it kind of opens up things people can introduce me as author.

I don’t consider myself an author. I wrote some pages for a book, but but yeah, it is you know, I can sit there and say, look, I you know, I probably read my first Cissoko press book in ninety eight.

Ninety nine. And, you know, here we are twenty three years later. And I have my name on one now.

So, yes, I’d have them all over my

house and be given to people like, look what I did. That’s I. Yeah, yeah, yeah. That’s what I’ve been doing. And it came out kind of

during the pandemic. So I wasn’t able to we didn’t have a book signing this bill. And that was all right. Yeah. We were supposed to have a book signing. It’s just a lot of us and it’s just a lot of Europe.

But those got called off.

Well, well, next year what we can do that. Twenty twenty two in Vegas. I’ll be able to get your book signed by you. Is that if

they if they’re going to do. Yeah. Regardless whether or not there’s a book signing, Andy, I’ll go and I’ll sign

the book for Alison. Yeah.

You can finally figure out what the access is.

Yeah. And have a

conversation. Breakout session. Yeah.

There you go. Meet the engineer.

So you talked about timelines. Were you getting to write this is part of your Tsay job or was this all on your own time?

It’s all my own time.

Oh, yeah. It’s it just prid like saying you got to be on a book or like the Cissoko, say, hey, we’re going to give you a bonus because you’re on up now. There’s only 10 percent of sales. Sounds like a

program you get.

It’s a separate it’s yeah. It’s writing for Cissoko. Press has nothing to do with working at Cisco. I don’t know which you

and the publisher and

the publisher. Yeah. Yeah, my my boss knows because I told him that I was writing it. Other than that, there’s absolutely no tie and I get paid from the publisher. Okay. You know, again, you don’t I didn’t do it for the money.

I don’t. Yeah. Yeah. Right. You don’t write. There is writing books to make money is don’t do it because you don’t like it.

But I did it. I mean, I did it because I love the technology. Right. I didn’t do it.

It was it wasn’t an ego thing. It was there was some pride there. I did want to have my name on it. And, of course, Cisco Press. But that was just more of a cool not because I want my name out there.

I plan on a different career, man. I’m fifty years old. I’m at where I’m at and I’m happy where I’m at.

But isn’t it interesting how difficult it is to put into words or like to take the technical stuff that you know how to do and how it works? Like I remember when we were starting out and then we played around with some YouTube stuff.

And like like it’s it’s so difficult. Like, I know how to do this. I do it for a living. I do it every day. But then to try to explain it and put it into words and have it make sense and bring somebody along, it’s just really, really difficult.

It’s tough.

And I can do it so.

So I could do it talking to you interactively. No problem. I can give a Cisco Live presentation and talk about SD access. Right? I’ve done lots of those those.

But putting it in a form is a different thing, putting

it in a form, especially

in something where a certain amount of content or words are expected.

Yeah, right. That’s pressure, too. It is.

And not every technology is conducive to a book. And I’ll say that about FDA, right? It’s matured and changed. The gooi has changed drastically since we did the book and the books. Only a year old, so. Mhm. Yeah, it is.

It’s tough. And I, I was like I said, I’m proud, proud that I got my name on it. Proud that I got it done. I’m glad I got it done. I don’t regret it one single bit, but one of the draft blog posts.

In my on my blog is why I wrote a book and why I’ll never do it again.

I want to read that post. Spoiler alert. Just listen to this episode. Yeah. Are you a Patriot member and you should join the Patriot. Yeah, that’s nice.

So, Cerutty, let’s answer Andys in these questions now. What? At a high level, what is as the access.

So. I’m going to try not to be sales on purpose, because, again, I’m

I’m really not if you want, I’m really not sales.

And so software to find access is I modify my language. So we’re supposed to say Cisco software to find.

Right, right.

We’re not allowed to say USTDA or just so Cisco software defined access.

Andrew is is is an overlay

as a fabric technology for the campus and branch. And what it that so if you’re familiar with Asiye, it’s kind of like aiki. But for the fabric, for the campus and branch where you have users and Iot devices versus servers and applications,

can I ask you an embarrassing question? We’re in the trust tree. Right.

And it depends on who’s editing this episode.

Yeah, that’s a question.

What the hell’s the fabric, OK.

Yeah, I don’t like that word.

I shouldn’t use it.

I don’t either. People keep explaining it to me. And I think it’s a bunch of damn switches tied together somehow. But I don’t get it.

It’s it’s a it’s a. I don’t know who can explain it better than me, so.

Well, the way I look at it is it’s a bunch of virtual people. You know, if you want. But I just. Yeah, I don’t know when. As soon as you said Fabrica Mike, I still don’t know. Do you use like which brand of fabric fabric softener do you have to use, you know, cynically make it act right

and all that.

Yeah. So now is an abstraction. Is it the fabric? I would I would

call it an abstraction. You’re basically you’re glomming a whole bunch of network devices together to perform one to look cohesive so that you can plug anything into that. Glam of NOWER devices in and have it be the same,

but of all these disparate pieces.

Yeah. Instead of necessarily having an object.

Yeah, it’s a it’s logical, right? Exactly right. So if they don’t have to be directly connected together. Right. Your fabric could ride over a whole bunch of infrastructure. But so technically, your employees network is a fabric. Right, you’re rippin from side to side, B is a fabric fed ramp.

It’s an overlay. Right. It’s an overlay

with those with those be considered threads.

Are you getting

mad at this? I’m sorry. I didn’t mean to pull you off and distract. So, OK, so I think I got fabric at my core.

I’m a distribution guy.

That’s how you do upon Dan. So to answer that, that, too.

And you just you said it would get weird. So software defined access is an overlay technology. I prefer that word. Thanks, A.J.. And so what did what? I’ll get into the features in a minute. But what it allows you to do is basically set up this overlay between your floors, buildings, sites, department departments, the departments, more biological

. Yeah, absolutely. And wear anything that wherever you plug in your your your laptop or your Iot device. It and a better way to say this.

It doesn’t matter which port you can connect to any any

port on this fabric’s which will behave on a

specific port. Right. Right.

You don’t have to statically assigned the VLAN or make sure that that beeland has access to this defo gateway, because this is where the router is with this layer three. Right. Everything’s kind of overlaid on top. So it’s software and software defined, and that’s where we get into the data center part in a minute, but it’s an

overlay technology using the land and list to accomplish this. Right. So you have a bunch of layer three capable switches that are set up as routed access. Right. That’s your underlay. OK. And if you remember the way Cisco used to recommend to do networks probably eight years ago is we wanted layer three on every switch and every

switch is the default gateway. So NZDF access fabric, that’s how you configure your underlaid, because the underlays role is to forward layer three packets as quickly as possible wherever they need to go. OK. Those packets. Are the FDA overlay package.

OK, so when you send a ping to Dan, regardless of where Dan’s laptop is plugged in, that package is going to get encapsulated by your access switch. And it will be sent directly to the lookback address of the switch, the ban is connected to it.

Hmm. Right. So it’s not going to go through the network natively. It’s not going to have the same disbands destination IP address all the way through the network, the destination IP address. As soon as that packet leaves, your switch is going to be the loopback address of the switch that Dan is connected to.

And then that could be excellent tunnel. The excellent tolit. It’s exactly the excellent uses Lisp as the control plane and find out where Dan lives. Right. So it’ll say, OK, this pack, it’s going to 10 one or sorry, f, e, a B colon a

one four seven colon.

Oh, wait a minute. We’re not using that technology.

So it’s going to go to 10 one, one,

one, and it’ll do a list lookup, say, hey, where is 10, one on one list build the control plan will say it’s on this switch. Here’s the loopback address to the switch. The switch will then encapsulate it and be excellent and send it directly to that switch.

So the beauty is there can be anything in between those switches. OK. It’s layer three all the way through the network. So you can use SCMP to load balance between your lines. So you’re no longer there’s no spanning tree.

Right. Which is. So that’s when I want to be the sales guy that started when when I when I want to be the sales guy, I

find the oldest person in the room

and tell them that they’re going to get rid of Andy. You’re going to get rid of Sansho. You’re never going to have to worry about a

spanning tree loop or root bridges or priorities or any of that stuff ever again, because I love every switch. Is layer three connected to every other switch? Every link is a point to point slash thirty or slash 31, depending on how weird you are.

And then I’m going to throw the statement, I’m going to troll the slash.

Thirty one people next. So.

Hey, listen, it should be slash thirty one. It’s a point the point. There’s no reason to waste time. Oh, my gosh.

There we go. Look at my my serenity. Now, my opinion. You just want to live in a lower body in any

broadcast address or gateway and a

point to point, because that’s what the guy that invented IP said to do. Yes, but he was wrong then. You know what? Why send a broadcast but also point them off when we standardize on IPV? Andy, you can do whatever you want with whatever technology.

Right now, I’m changing

the phrase it’s now get off Andys overlay.

Yeah.

Listen, if a slash 31 didn’t work, he should have wrote the protocol so that a slash thirty one wouldn’t. All right. Well, we found out who the weirdo of our group is.

So anyways, I thought the point to point connections, obviously, like the ad thing was bad, but

man, nothing matches

the answer you want. So so anyway, so talking about. Oh, so you get rid of fantasy.

That’s that’s what I do. I find the oldest guy in in the room named Andy, and I tell him, hey, you get rid of spanning tree because everything is layer three. We’re going to use it to bounce across these layer three.

So we’re going to use your links efficiently. You can, even if you’re really weird, have non Cisco devices in between. If you if your mandate, because you work at a federal agency, says you have to have other devices and you want to put a.

Juniper Rueter in between your two fabrics, which is you can do that, did it juniper out or can brute layer three packets between the two? It’s good.

Did did that hurt to say that

it looked a little painful? I was just wondering how to use the F word before I said it.

So it’s not a magical feature in a Cissoko image.

It’s standards based.

It’s OK.

Yeah, it’s naturally whatever it is.

Yeah, it’s based on. And you just have to

be able to root on your

switch and your good. Yeah, you. Well, the nonsense Cisco switch doesn’t even know that it’s Sa’dah, right? It’s just routing a layer through packet from point to point. He doesn’t care. He’s not part of that conversation. He doesn’t know about the Zoolander list.

So where’s that magic happening on the

edge to these two end point switches? Right, that the axis

has to be Cissoko. Yes, that’s the members of your fabrica.

You’re going to have a border, which is how traffic gets in and out of the fabric, the control plane, which is like the dnes server for the stuff and an edge switch, which is your axis. So all of those functions have to be Cissoko, Catalist ninety three hundred ninety five hundred ninety four.

Does it have to match the the the 9000 series? Because I know like in Asia, you have to have the Nexus nine, like the ninety three hundred nine, so.

Yeah. So it’s Cesc for Catullus 9000 series. All of them. And the catalyst thirty eight fifty in the Catullus thirty five sixty all support SDI the ISR for case support the border function. Because you might want to have a router’s a border instead of a switch.

And then there are some other different models that are.

Well now, now you’ve piqued my interest here. I’m curious why the thirty five sixty legacy.

It’s it was a learson when we came out with

this nine K hadn’t come out yet. So as came out about eight months before the ninety three. Probably a year before the cat. OK, so we were we had already designed it, but we we came out with kind of just after each other.

So the cat thirty eight fifty and the thirty six fifty the layer three people on licensable support.

OK. Now, so let me ask this. Do you have to have a certain OS for that?

I mean, it’s going to be current anything now. So he has to has been out for five years old.

So like on the ECI side, you know, you have to have the inex OS, the Asai mode kind of thing. So you don’t have to have.

No, it’s asexually.

OK, it’s just your plane asexually. And so the other things that before I forget, the other things that it gives you, so you get the fabric. And so that’s the fabric piece and being able to plug in. But it also has the excellent implementation we’re using supports scalable group tags for seats or secure group tags, depending on

what you want to call them, which allow you to mark your traffic. Based on the authentication and authorization process. So when you log in, your port is enabled for anyone to say you’re going to log in username and password.

IPv6 thinks ice is going to that

have a policy. I got to stop. I said I ice ice has a policy

that says, OK, you’re allowed in. I’m going to look at my ID and that password matches. And it’s I’m going to put them on this VLAN and I’m going to assign them this to you because using group engineers.

And then Dan loggin, same process happened, but Dan might be ingroup accounts. Right. So all of your traffic and issues, it hits a network is going to be marked in the engineering group, all dance traffic is going to be marked in the accounts all the way through.

That will stay in the Beachland header is the.

The policy is

that it’s just a

tag. That’s the market. Right.

And then and then you can write policies that say permit based on the tax permit, engineering to accounting Dinni ingenuity, accounting. They’re written as standard or standard ACLs, almost, right? They’re not stateful. It’s not a firewall. But you can have what they call micro segmentation within the fabric very easily.

So am I writing these policies? In DNA center or in ICE?

Yeah, so I’m going to. So that’s that’ll get me to the day center topic. So DNA center orchestrates. The state configuration. So when you when you want to build your network, you either discover or onboard your devices in the center so they can be preexisting if you manually configured your underlain or you can pull them out of

the box and put them and do what we call LAN automation, which will build the underlay automatically for you based on whatever parameters you give it. So it’ll go into a brand new factory out of the box switch and the switches come and play it plug and play mode.

Now they have four, six, six, seven years. Right. It’ll discover it. It’ll push the appropriate underlying configuration to it. It’ll give it a name and IP address. It’ll onboard it into the center and then indignation or you pick your fabric rules.

I want this switch to be an an edge switch. I want this switch to be my board or I want this switch to be the control plane. I want this these authentication policies, dot one, X map, whatever it will orchestrate all the configuration on the switch, as well as some of the configuration in ice.

So you start to build your authorization authentication policies in ice. But you’re. Security policies, so the permitting accounting to engineering you actually do in DNA center and DNA sender will push them to ice. There’s no magic. This is trussing, right?

This is Cisco Kossak. So all the policies are still live in ice, and ice is the one that pushes the policies down to the edge, which is whenever you log in. But the orchestration and the configuration is done in Indianness.

Did you have a wind question? So if you’re doing. Veselin, across the network, you’re doing Veselin across the way, and you got to have jumbo frames enable that, correct?

You should have jumbo frames, and so we tell you to have jumbo frames in it. So how does that. One hundred and fifty bytes. I think you need so you you got to get up to six fifty somehow.

OK, so how would that work with like SD win if you’re leveraging diey that maybe the carrier doesn’t support that. How do you make Sa’dah function? Sorry, Cisco software defined access. How could you make that function? Does it fragment or do you just say, no, sorry, it’s not going to work?

No. So.

St. Cisco software defined access is a is a campus branch technology, it’s not a wind technology, so we don’t actually support stretching of fabric across a.

OK, so you just treat it as separate sites. I’m just trying to piece together.

So what will happen is if if

one is the host at one side is on state fabric in the house, on the other side is not all of the excellent stuff gets stripped as soon as it leaves the border. So, again, you don’t have your empty wissam’s if you’re running a technology called multisite, which allows you to do and end SGA or end to

end segmentation. I think right now at. I don’t want to say this without knowing for sure. I think right now we still require six hundred MTU across the way, and if you want to do multisite. OK, but I have to confirm that yet.

Yeah, because you have to allow for the overhead. I mean, obviously the. The old solution for us old folks is to adjust the PM to you on the end hose or to use it. That seems to be a just mess on the edge, which will work, but it won’t work with Euterpe.

So if you’ve got Euterpe traffic that’s 50 underbite, it’s going to get it’s going to get dropped or fragmented, which is worse. Right.

Gotcha.

OK, so A.J., I don’t think we want to go too much further in SD access because I think we want to actually do an episode just on access, right?

Oh, yeah.

We were getting fired up.

So these are the questions. We should certainly get questions. Yeah, I love it.

I love them. Back to the great.

So, yeah. So I just want to go like a little bit deeper into the DNA center as being like the central hub of it. And then and then we can put a bow on it.

Sure. So to do center will orchestrate

software to find access so that software defined access. Oresteia is one of the applications in DNA center. DNA Center also does software image management. So you can I’m going to start to sound like a salesperson now, but you can upgrade each define your golden image per site, per building, per floor, per platform, per model, and automatically upgrade

those devices to that version of code. Download it from Cisco automatically. You can schedule it to stage it ahead of time. You could schedule to reboot it later. You could scheduled to happen right away. Software image management is another one.

Hold on. Yes. How do you deal with the licensing?

So you hesitated, rotty? I did, because it sounds stuff has changed.

Yeah, well, it sounds magical. It’s about it is magic how to deal with. But then you got to deal with the licensing. You can’t just push stuff without buying licenses.

It’s magical now. You know, so so we have now. That’s a good question. So we we have changed

things a little bit recently. However, we don’t distribute images based on license features. We’ve had one image philosophy now for a few years. So there is one ninety three, 48 eight. That’s forty eight image out there for. Seventy six three.

There’s not one for services, there’s not one for enterprise, you don’t we don’t have different images for different lights and more. So the licensing is actually in the configuration. Oh, OK. Right. So you enable your license on your switch.

You can have a talk to smart licensing to validate online, or you can download a path and then enable it locally. So image distribution, upgrading your router license doesn’t matter. It’s the configuration will hold the license information. OK, OK.

Sweet. I hated that answer so much.

He’s done, he’s gone, Adoree, he’s anti rage quited once again. He’s got that stance, which

is now because he knows he doesn’t have to worry about losing anyone, which is great. So Swim is the name of that feature and DNA center software image management. It does templates. So you can again, based on your config, you can type in configuration templates in DNA center and have it roll those templates out to different platforms

, different buildings, different sites. You can standardize based on any of those parameters or criteria that it has assurance, which is like a monitoring platform that will it’s the strength right now are very wireless centric. So it can look at the onboarding process.

It’ll tell you all your Sanaa’s and all your wireless stuff, know wireless parts. And all these words don’t mean anything to me, but I’ve seen them on screens. So I know they’re I know they’re legit. So I don’t tell you what the scenario is.

And if there’s any interference and rogue apps and all that kind of stuff, it allow you to place apps based on strength. It doesn’t have all of the features that Cisco Prime has found of Cisco prime is the big thing right now with wireless, with Cisco Wireless.

But most of those features are being copied into Cisco DNA. So. It lets you see the usage on your devices, usage on your links. We have application assurance which will actually get down to Office 365, is having issues in this building.

This router is part of that conversation. This is how many users are affected because we’re getting all the user information from ICE. Right. This is how many users are affected. Here’s this device, it’s unhealthy. This is probably the cause of the problem.

So that’s kind of things that insurance will do. It’s based on. It takes information from S&P syslog, NetFlow streaming telemetry. And correlates it all together and matches it against a known set of issues that it’s in the database, that database comes from 30 odd years of packages.

So they basically said, what are what of our customers? What are the most common issues our customers have run into over the last 30 odd years? Let’s put those into insurance and let’s get it. Sure. Let’s teach decenter insurance how to recognize these issues based on this specific message and syslog or this message is in a trap

or this message in that or this kind of pattern in that. So it will do that. It’ll give you it’ll tell you what the issue is. It’ll give you a list of suggested actions. If the suggested action is something you can do on a switch that’s in the or a router, you can click perform action now and

it will actually go through that action. It’ll say open attack case and send them a show IP, SPF, neighbor, click here to get that command. So you click the button that pops up to show IP. Hmm. OK. I’m I really I know I sound like a sales guy now because

I know you do some magic so. Well, some of that stuff is good. Some of that stuff works most of the time. It’s not it’s not magical yet, but I think it will get there.

I like the direction they’re going. I really do. Otherwise I wouldn’t be as passionate about it when I talk.

Does it make anybody else like weirded out that, you know, we spend all this time learning Seelie and now everything’s getting pushed to like Gooi and just.

Yeah, it’s weird, right? It took me took me six

months to be on board with this because I went through the experience of Asai, like Dan mentioned, where you have to run a different code base or a different image or different mode on the switch where you didn’t have access to the sea a lot.

And that really that really pissed me off.

I, I

was so furious. And then so I get into Asda and we’re doing the same thing. It’s like, no, stay away from sealife, because if you type of command, there’s a chance of DNA change going to reverse. And so honestly, it took me six months to JUSTMENT.

So it really did. I really had a lot

to let a lot of things go. And I run into this when talking to people about this whole time. It’s again, it’s usually the oldest person in the room, and it’s like, I’m not going to give up Mights

and Avel password and and that’s

true and that’s not where I’m going with it, because it seems like the benefits and the magic of I mean, it’s totally worth it if I’d be fine never touching it. So I figure if I could get all the benefits that you’re spelling out.

Yeah, that I think the

the the caveat I give is that that assumes that we that we Cissoko got everything right.

Right.

Yeah, right. Which if you could do in this lifetime, you know that there are always going to be. So now are things are getting better? Where do I trust automation? More absolute. I started doing stuff about four and a half, five years ago, and there were a lot of times where I needed to get into the Seelie

to verify things. I never jump on the Seelie right now other than to reset around it.

So that’s what’s scary is you’re handing over the keys to the kingdom to this.

Yeah.

You trust this total ecosystem in the. Okay, here you go. Don’t don’t destroy me. But companies

have I mean, I worked I

did a good job with that stuff, Miraki. Right. Right. You’ve never seen a Muraki Seelie. It does. It doesn’t exist.

So it can be done. I think that

I’m not going to criticize Cisco at this point. But what we’re kind of trying to do this on a platform that has a history of the Seelie first and now iOS sexy. But previous to that, it was Ilson.

We got folks that have been in this industry for a long time that have always done it this way. And we’re still calling it Catalyst’s, right? If you had said Catalist OS when I was getting my Skype, it was it was Catto’s.

It was the SEC commands like the stuff has been around for a long time. And people are are used to using it and it’s ingrained in them. First thing you want to do is know your enable password so they can go in and can take things right.

So, yeah, if we can get it right, it is it’s it’s great. And I think honestly, it is better now. It is a lot better now. We have six months to stop. Hesitating with the automation.

Wow. Amazing. Also sounds expensive.

Well, that’s a conversation for another day.

Yeah, there are a lot of other things that DNA center does. So if we ever

if we do another one of these and I can screen share, I can demo DNA to go through, the

100 percent want to do this. Absolutely. For sure.

I would love to do that. Yeah. OK, I’ll cut down on the puns in the jokes.

Oh, no, don’t do that. This Covid. So this has been great. Oh, I fly airplanes. I am a pilot. Oh, yeah, yeah, yeah. Oh, yes. I forgot about that.

I did forget your copious free time when you’re not getting every certification there is.

I haven’t flown in like eight years, but I did get it just to get it. That was a bucket list. Cissoko pressing and getting my pilot’s license and with your bucket list.

Nice stuff

for you. I do want to bring one thing back up from. Yeah, towards the beginning of the show, because I think we cut you off. You were telling a story about your secret lab and you got through the first day.

You walked self up in the middle of the night because you forgot the Sun community or you thought you did. What did the second day, the morning you walked in, what happened?

So second day. So you really have no idea

how you did. Right. You get in there because it’s it’s it was a nine hour day. Your Dossett from traveling in a couple of days before. So you’re already tired. You go and you do that full day. You’re overwhelmed, even though you’ve done practice labs and you really have no idea.

So I go to the hotel, wake up 3:00 in the morning, say, oh, shit, I forgot to send communities, walk in. I see the booklet on my desk.

And I realize

I bought myself another three hours of this, so the first half of the second day is all of the non Eppie stuff that I talked about so that we IPX will talk to you as an audience member. So you get again.

So there’s a new booklet now with new exercises and new scenarios that you have to do, that you have to configure, and that takes you to lunch time. So same process you go for lunch, and when you come back, if there’s a book put on your desk, you sit down

and you

complete the lab. If there isn’t, you’ve failed. You’ve got to sit and wait for the profit. So I go to line to come back. There’s a book under my desk, so now is the troubleshooting. So I don’t know how it’s done now.

So I know that the lab is just a one day lab now back then. And I mentioned earlier we had the physical equipment was all there. And they wouldn’t just mess with your configurations, they would mess with your cables, they would take a T1 cable and they would jam it in upside down, well, if you’ve ever used

it to one cable, it doesn’t go upside down. They do it upside. So the pins would bend. So you’d have to look and identify event. Chuck the cable and grab another cable. And so this was the troubleshooting.

So I, I got.

Got there. Got the troublesome section that was that was the part I was looking forward to the most. Once I once I got to that part, I was I was like, I love television because I had all my config memorized.

So first thing I did was do a show run.

And I did well, I didn’t type that got rid of that command.

Oh, that’s that’s different that I don’t get rid of that Covid. Oh, I that photographic. There was a different line between

these two commands. I got to add that command back in so that that part was easy. Got the physical stuff that my connectivity up and running and I passed. And the only thing I got wrong in the two days was that stupid sent me in.

And you woke up, he said like 3:00 in the morning.

And and I was like, yeah, I knew I got it wrong. Yeah, it was I you know, I’ve been lucky. I was I was prepared.

I, I really did burn up all of my. All of my vacation time to do things. Mm hmm. And that’s not easy to do when you got shoes for at the time at a four year old daughter. So I would take I would spend the day with her and then I would be up all night, literally.

She went to bed. I would be up all night in my lab. And I had a stack of six, twenty five hundred, a bunch of back to back T1 cables. And I had an Estienne emulator and I had.

A terminal server that I would have to catalist switch and I would just go through scenario after saying back then you had to buy these scenarios online and then they’d send them to you and big stacks of paper and reams of paper scenarios.

So I basically went through every scenario every night, all night until I had them all memorized. But I was still trying to this is the comment I made earlier about verifying thing I would even though I had to memorize and exactly what to do for every single one of them, I got more practice doing the show commands

in the verification commands, know what to look for, to know that it worked, because that would still make a typo. Right. But at that point, I knew if I made a typo, I knew exactly what. But it’s just because I looked at that output so many times and it was repetitive, repetitive, so the repetition helped me a

lot.

And your lab instead of sleeping, is

that what you said? Yeah, I

would I would maybe sleep. I drop Robert school in the morning at eight o’clock, eight thirty. I’d sleep for like three hours and then I’d get up and start working again. And I let’s start doing other stuff.

So like three hours a day. Sleep more? Yeah, for six months.

That was the vacation time was. No, that was

like five weeks of vacation where I was really hardcore. But the six months per area was still. Yeah, I was still doing a minimum of six, seven hours a night. So I was working. And then I come home and then spend some time with my kids.

It didn’t mess with your retention or your mental health or anything, just guessing yourself.

I was now I was 30. I had plenty of energy

just last week. I’m 31. There’s there’s no way I could do it. Yeah. I mean, I think the that was tough.

It was tough. But I don’t know. I honestly don’t know how it is. I really don’t know. I won’t say it was easy. It was tough. I just I don’t know that I could do it now. But part of it was I really I really loved the technology.

Like it’s like today I’ll go mess with I don’t do any docker’s part of my day job. But I’m I’m trash and containers all day long. It’s just stuff I like doing. It’s interesting. So, um, so that stuff you networking has always been interesting to me.

So it was fun for me to do that. It wasn’t it didn’t feel like work or it was a challenge for sure, because I was learning a lot about the protocols. But it’s just fun. No, but you do.

Oh.

Oh, excellent. Well, he is rotty, he has never failed a Cissoko exam. He is CCRA 74 72. He is a Cissoko press author. The book is Cisco Software Defined Access. We will drop a link to our show notes and you can pick it up there and wherever books are sold, I’m sure.

Rodney, where can people find you? Twitter. Back.

What you got

today? I’m going to lock my Twitter after this.

You know,

I’m just I’m just thinking, A.J., I may have failed one of the research for that six years ago, but it’s a different story for another time.

But they said that I was like, oh, that helped.

And that no, that is exactly what the listeners needed to hear, that you got to fail.

Yeah, that’s correct. Yes. Yes. Don’t don’t

don’t do anything that I’ve done in the last 30

years that don’t have the attitude

that I’ve had in the last three years now. Yeah, I think so. The question was, where can you find me? You can find me on Twitter, usually trolling people. My handle is doesn’t have a pronunciation. I don’t know.

This is for you on here. You guys know my handle. Do you know what it means? No idea.

The squirrely

no, no Arabic, that’s

Arabic, that’s my name in Arabic, but what is my hair? What is my my Twitter ID?

Hmm. Eido?

Yeah. Do you know

what it is?

No, I do not. Come on. All right, so it’s literally my first name backwards. Oh, that’s so. And it’s right here. It’s right in front of my face. So we automatically go to acronyms. It’s just what we do.

Yeah, the squeaky the squiggly

stuff that you pointed out and is my name in Arabic. So, yeah, the squiggly stuff.

That’s what they call it. Yeah. Sorry, I, I didn’t want to

be Andy insensitive, so I just use the language

they used today by my Twitter. My handle is eEye

DDR, which is my first name backwards, which now everybody knows the secret. Yes, that’s

that’s where I hang almost. I do have a YouTube channel, actually.

The I’ve got some videos up on that YouTube channel if you want to Google me, but

you can watch your YouTube

channel. I have just Broady. I don’t know. Hassan, YouTube. Yeah. Yeah, I think I find it. Yeah.

Yeah. It’s it’s I know I’m not good at self promotion. I’m really not going to stop

trying to do it. I believe there’s a there’s a blog in there, too. Right. Oh, there’s a blog dot TV. OK, so the blog is mostly technical.

Not Cisco centric, per se. But there’s also some cooking stuff on there, because I am also I also love to cook. It’s my theory.

You’re you’re in Texas. Have you been

to Franklin Barbecue?

Have been to Franklin Barbecue? Yes. Yes. How is it if you like barbecue, it’s good.

I love barbecue. I’m reading his book. He’s my hero when I come to Texas. Definitely. Please go to Franklin Barbecue.

We can.

It’s in Austin. It’s about four and a half hours away for me. But you let me know and we’ll get down there.

It’s like an hour and a half. Wait in line, right, to get this, guys?

Yeah, yeah, yeah. No, it’s good. It’s it is. If you like barbecue.

I’m not huge on barbecue, but if you like barbecue it, it’s good barbecue for sure.

All right, man. Yeah, that’s nice. Yeah.

All right, Randi, thank you so much for joining us. Any any last minute words?

No. Thanks for coming. This is a lot of fun. Wasn’t as weird as Tim

made it out to be. I knew he was going to like that. And I had now. And I honestly, again, if I if I,

I would have thought there’s no way he came up with that, just based on my tweet. So I feel better that you already had that plan. Yeah.

No, it was a good

time, guys. I’m glad we finally got to do this. You know, I give you guys I give you shit about forgetting about me, but

well, much, much deserved shit.

I feel lucky to be here and hopefully have come back and do a demo for you.

Yeah. Yeah, definitely. Absolutely.

Anytime, guys.

It’s actually. Well. Yeah. Join us again next week for another episode. Thanks again, Ronnie, and have a good night. Everyone, this is A.J. If you like what you heard today, then make sure you subscribe to our podcast on your favorite pod catcher, smash that bell icon.

You get notified of all of our future episodes. Also, follow us on Twitter and Instagram. We are at are of net, and that’s part of an AT&T. You can also find us on the Web at Art of Network Engineering dot com, or we post all of our show notes.

You can read the blog articles from the co-hosts and guests and also a lot more news and info from the networking world. Thanks for listening.

What are you t-awk-ing about?

Today I’d like to talk to you a bit about studying in public, how I go about it and some of the benefits it has given me the last few years. Studying in public, which I’ve mostly done on Twitter until I started writing for this blog is something I’d recommend everyone trying to learn something new do. In the following I’ll give two examples of me ‘studying in public’ and then give insight along the way and conclude with it’s benefits.

As weird as this may sound, my favorite thing to do lately as it relates to tech is parsing logs and pcaps. I’ve enjoyed getting introduced to tools like editcap, tcpdump, tshark, jq, cut, uniq, and sort and piping them all into each other to extract just the right information and display them in a pleasing way. The past few months I often see people on my timeline getting acquainted with python and if it has anything to do with reading in a file and doing some parsing then printing I’m often running through my mind ‘how would I do that in bash…’

One tool I’ve yet to touch, which I feel may level up my log and pcap ninja slicing is awk. One coworker of mine, and now my current FOR572 instructor casually use this tool to do some amazing things. So perhaps it’s time for me to dip my toe in the awk waters?!

As I’m writing this very sentence, I’ve still not used awk, I’m literally going to try it out right here for the first time. What we need though, is a task, so let’s look at Kirk Byers first set of exercises for his free Python for Network Engineers course. To be clear, I’m not saying you shouldn’t learn python or that doing everything from bash is ‘better’ but I think it’s fun to learn how to do things using multiple tools, and also, you may find yourself on a Linux server that isn’t connected to the internet, may not have a certain version of python installed or you are missing the python packages to get your script to run but chances are you will have common bash tools at your disposal. We move.

The first exercise in lesson one asks us to:

Create a Python script that has three variables: ip_addr1, ip_addr2, ip_addr3 (representing three corresponding IP addresses). Print these three variables to standard output using a single print statement.

Well we won’t be using python to do this, let’s try this with awk in bash. [15 min passes while I went to the google and tried a few things out]. I’m back and we do have ourselves a bash one-liner that will solve the first prompt:

$ echo | awk -v ip_addr1='192.168.16.1' -v ip_addr2='10.10.1.1' -v ip_addr3='172.16.31.17' '{print ip_addr1, ip_addr2, ip_addr3}'
192.168.16.1 10.10.1.1 172.16.31.17

What did I learn doing this first exercise? Well, first off, to set a variable with awk you use the ‘-v’ option. Furthermore, their is no syntax I could find to do multiple variables with one ‘-v’ option, instead, as shown above you have to do a ‘-v’ for each variable. With print we are able to print all three of our variables separated by a ‘,’ within brackets and a quotation. I am left with one question though:

I don’t understand why the command works with echo and doesn’t run the same way without it…what magic is echo doing here is the real question OR what is possibly missing syntax wise without echo. One cool thing about twitter is that people much smarter than me are willing to offer their time and provide insight, as Roddie and Quinn do here. I’m very thankful for having so many people out there helping me along 🙂

A quick aside, I often do learning in public, that was this blog post is and I think it’s helping me grow more than anything else. By posting what I’m doing, even if it’s the most trivial newbie thing it starts a lot of conversations. From other people learning at the same level as me or from more senior people showing best practices or alternative or faster ways to accomplish a task. I definitely recommend sharing what you are learning in some capacity on a platform where others can interject. You’ll learn a lot and make a few good connections along the way!

If you were curious how Kirk solved his prompt with python:

from __future__ import print_function

ip_addr1 = "192.168.16.1"
ip_addr2 = "10.10.1.1"
ip_addr3 = "172.16.31.17"

print(ip_addr1, ip_addr2, ip_addr3)

Another person who’s quick to help anyone learning is Kirk himself. This is yet another example of how studying in public can help open your eyes and give insight you’d otherwise be left in the dark about. For me, I’ve been doing a bit of tech stuff since the early 2000s. When I first started there wasn’t an online forum with people interacting. I thought I was doing ok, as compared to people in my office and those I interacted with, but today, with a bunch of people on line, I’m continually pushing myself and my boundaries of knowledge with people way smarter than me. So, even if I’m not being pushed were I’m at I have a whole world to help guide and help me grow now.

Looking a bit into awk it looks like I got a lot to learn, and once I get back into my bigger data sets at work I’ll dive deeper into it’s search and printing functionalities. I’ll also reference ‘Effective awk Programming’ Arnold Robbins on Oreilly Books. Did we learn a lot from this one example? Maybe not, but sometimes the first step is the hardest and I hadn’t written a post here on the Art of Network Engineering recently and I wanted to try and get back on the horse so to speak. If I’m able to break through in the next few months on the awk train, be sure to check back in for a more extensive awk walkthrough.

This was just one example of ‘learning in public’ and I found myself writing a script later the same night. Another thing I’m trying to navigate and get better at. I got help again when I was stuck and ended up finding out I could do my whole script in one line. I found out all these things in a matter of minutes and a good nights rest. If I wasn’t learning in public who knows how long it would of taken me to gain these insights.

If you are interested in the script you can follow this thread, or see the final version below:

for i in {0..599}; do
    echo -n "Status Code ${i} seen: " >> ./statuscode.txt
    tshark -n -r lab-1.2_capture.pcap -Y "http.response.code == ${i}" | wc -l >> ./statuscode.txt
done

sed -i '/seen: 0/d' ./statuscode.txt

This will give you the output:

$ cat statuscode.txt 
Status Code 200 seen: 1138
Status Code 204 seen: 28
Status Code 301 seen: 2
Status Code 302 seen: 44
Status Code 304 seen: 21
Status Code 307 seen: 1
Status Code 403 seen: 1
Status Code 408 seen: 6

But, after a good night’s sleep I realized you can get this all done in one line much more efficiently:

$ tshark -n -r lab-1.2_capture.pcap -Y 'http.response.code' -T fields -e http.response.code | sort | uniq -c
   1138 200
     28 204
      2 301
     44 302
     21 304
      1 307
      1 403
      6 408

So while I didn’t dive all the way in and provide a step by step tutorial I hope I was able to give you insight to another aspect of my learning style and perhaps it can help you when you are starting out on a new learning venture. I remember at first being a little nervous of putting myself out there or ‘sounding dumb’ and I soon realized everyone is out here beginning or everyone has at one time been a beginner. Will, that’s all today, happy learning!

Bert’s Brief (by @TimBertino)

Andre was gracious enough to let me give my thoughts on the “learning in public” concept. I share the same sentiment about getting started with writing publicly as you are learning something knew. I had the thoughts like:

  • If I’m new to this, what’s the point of writing a blog post? Nobody is going to get anything out of this this, right?
  • Do I really want to show the world that I’m a beginner in X, Y, or Z?

I’ve learned to throw those thoughts to side and I agree 100% with Andre. There are great benefits to learning in public, such as:

  • Writing a blog post about something you are learning forces you to explain what you learned. You become a teacher, if you will. This can really help you better understand concepts. You do NOT have to wait until you are an “expert” in something to write a post or teach it to someone else. This was a hurdle that I had to get over.
  • As far a blogs go as a method of learning in public; writing is a skill. Writing about what you are learning about allows you to practice the art and find your own style.
  • You never know when you might bring inspiration to others. You could be greatly helping other people who are at similar points in their journeys.
  • As Andre mentioned, just by posting a question on a social media platform like Twitter, you can make some awesome connections.

So, I encourage you; write that post, ask that question, practice your craft, and help others along the way. And if you need a platform to write blogs, connect with us here at the Art of Network Engineering!

Ep 53 – Manny

In today’s episode we talk to Emmanuel Pimentel, aka Manny! Manny is a prominent member of our community. He joins us and shares his journey on breaking into Enterprise Networking via retail! He has that perfect balance of positivity, drive, determination, and compassion. When someone has a win or achievement posted within Discord or Twitter, Manny is always one of the first people with a “congratulations” comment. He is not only working hard to help himself to succeed, but he wants to see others succeed as well. Enjoy this episode with Manny!

Manny was previously featured on The Faces of the Journey series – https://artofnetworkengineering.com/2021/04/30/faces-of-the-journey-emmanuel-pimentel/

You can follow Manny:
LinkedIn: https://www.linkedin.com/in/emmanuel-pimentel/
Twitter: https://twitter.com/MannyBytes88
Instagram: https://www.instagram.com/mannybytes/

NEW! Check out our Patreon – https://www.patreon.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Like us on Facebook https://www.facebook.com/artofneteng
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey – https://artofneteng.com/IAATJ

Ep 52 – The Cinna-man

From Collaboration to Cyber Security Engineer – this week we’re talking with Robin Canela! Robin shares his coming-up story, and how the quarantine in 2020 motivated him to make some big life changes. Hear how in this episode!

You can find Robin:
Twitter: https://twitter.com/RobinCanela
LinkedIn: https://www.linkedin.com/in/robincanela/
Blog: https://robincanela.com/

Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Like us on Facebook https://www.facebook.com/artofneteng
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com​
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 51 – SD-WAN

In this episode we’re talking about SD-WAN! We discuss the benefits of SD-WAN, over traditional WAN, and share our experiences with various SD-WAN offerings. We don’t deep dive because we were trying to keep the discussion vendor agnostic. Consider this our intro to SD-WAN as there is much, much, more to discuss on the topic, which we will in future episodes! Enjoy episode 51!

Pro tip for future podcasters – Keep the bullfrogs out of your recording studio.

Aaron’s blog is a great resource for all things SD-WAN – Check it out here:
http://aaronengineered.com/blog

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 50 – Ask us anything!

You Tweeted us, DM’d us, emailed us, sent recordings, and some of you even sent us videos! We answered every single question we got in this 2 hour ask us anything special! Thank you for your support – now on to the next 50!!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 49 – Burnout and Rustout

In this episode we are talking about Burnout and Rust out! These will two are likely to hit any professional at some point in their career so we thought we’d take some time to discuss what these look like and how to most effectively deal with them. Special thanks to our Discord members for having this discussion and Riv3r for defining “Rust out.”

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 48 – Out-of-Band Management

This episode is sponsored by OpenGear, providing secure remote management of your critical network infrastructure.

In this episode we talk to Dan Baxter, SE Manager, with OpenGear. We discuss Dan’s break into tech from Art Teacher to SE. We then answer the question “What is Out-Of-Band Management?” Then we touch on the OpenGear advantage! If you’re considering an Out-of-Band Management solution please take a look at OpenGear.

Dan Baxter
Email: dan.baxter@opengear.com
LinkedIn: https://www.linkedin.com/in/dan-baxter-5b18721/

OpenGear
website: https://opengear.com/
Twitter: https://twitter.com/Opengear

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj


Learning Linux and my First Ansible Playbook

So Linux has never been my daily driver until a few months ago. Now it’s my daily driver for work and home and with that I’m learning a lot and since you can use a lot of the applications in conjunction with each other with piping and what not. So in essence, learning one new tool or application can open up unseen possibilities in other tools.

The coolest command I learned this past week is watch. In my day job I’m often deploying tools that create logs, like Zeek, and I’d often ls or ll to see if I was having logs created or if the conn.log was getting bigger. Enter watch, simply run any command as you normally would and ‘<ctrl> a’ and add watch to the beginning of the command. Doing this, you get your normal output but it updates every two seconds and if any values change they will change within the output. I found myself using this command again when I was monitoring my kubenertes cluster, instead of ‘kube get pods’ I’m now typing watch ‘kube get pods.’ I’d have it open like a dashboard when deploying or troubleshooting pods.

Then later on in the work week I started having an issue with trying to track time on all of my devices. I surmised that when time got too far off one of my applications would begin to fail. My first attempt was a bash script that simply ssh’d to each device and ran the time command. But by the time I got to the 8th or 9th device, since I was putting in the password, I wasn’t really getting the result I was looking for. So if you got a hammer use it on everything right?! I ended having 10+ windows open, all small and organized on my desktop running ‘watch timedatect’ and I would watch the timing of my devices slowly drift and in due time, prove my hypothesis.

Then came the weekend, and I started looking into ansible. I found an example where they had used one command to connect to and check the time of all the devices in their inventory file. This really perked my interest. Could I have found a tool even cooler than watch in less than a week?!

Interlude: I installed gns3 and started a small topology of cumulus Linux devices to go on this ansible adventure. I’m not going to dive too far into the specifics of the playbook as far as indention or how to or where to put vars as the documentation is really good. Google is your friend here. I’m just here to walk through my first playbook 🙂

The first thing I did when starting this adventure into my first interaction with ansible was creating an inventory file:

[atlanta]
spine01 ansible_host=192.168.49.3
spine02 ansible_host=192.168.49.4
leaf01 ansible_host=192.168.49.5
leaf02 ansible_host=192.168.49.6
leaf03 ansible_host=192.168.49.7

[atlanta:vars]
ansible_user=cumulus
ansible_python_interpreter=/usr/bin/python

Next I used ssh-keygen and shipped a public key to all the devices in my topology so I could connect without username:password. A quick google search of ssh-keygen will get you squared away in no time. This is all what’s needed to do what I was trying to do at work earlier in the week, check the time on all my devices:

ansible all -a "date"
leaf01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf03 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC

Since I’m trying to learn automation I began to brainstorm what could my first ansible playbook do?! A playbook is simply a series of tasks rather than just running one task like illustrated above. To do this I followed along with the cumulus documentation and did one of my switches manually so I understood the steps and what was needed to accomplish this task. In short, here are the main things my ansible playbook needs to do:

  • edit two lines of a conf file
  • enable and start two services

Let’s try to go line by line-ish on what’s happening in my playbook.

---
- hosts: all

I guess the beginning of all yaml files, of which the playbook is, starts with a ‘—‘ and the second line is saying that I want to run what follows and all the things in my inventory file.

  become: yes
  vars:
    conf_path: /etc/nginx/sites-available/nginx-restapi.conf

Become with the switch to yes is saying that you want to be root and on the next line i’m declaring the value of the variable conf_path which I’ll call later in the playbook.

  tasks:
    - name: edit the nginx-restapi.conf file
      replace:
        path: "{{ conf_path }}"
        regexp: 'listen localhost:8080 ssl;'
        replace: '# listen localhost:8080 ssl;'

Here is the first task, of which you can name whatever you want. In path, I call the variable above and then I do a regex search and then replace with the last line. The goal of this task is to comment out a line.

    - name: edit another line from file
      replace:
        path: "{{ conf_path }}"
        regexp: '# listen \[::]:8080 ipv6only=off ssl;'
        replace: 'listen [::]:8080 ipv6only=off ssl;'

In this task I’m trying to uncomment a line. I also had to escape the [::] in the regex search, which tripped me up for a bit.

    - name: enable nginx service
      ansible.builtin.service:
        name: nginx
        enabled: yes
    - name: start nginx service
      ansible.builtin.service:
        name: nginx
        state: started
    - name: enable restserver
      ansible.builtin.service:
        name: restserver
        enabled: yes
    - name: start restserver
      ansible.builtin.service:
        name: restserver
        state: started

The rest of the playbook is just enabling and starting the needed services as speechified in the cumulus linux documentation. All together the playbook looks like the following, of which, with all yaml files indentation is very important.

---
- hosts: all
  become: yes
  vars:
    conf_path: /etc/nginx/sites-available/nginx-restapi.conf
  tasks:
    - name: edit the nginx-restapi.conf file
      replace:
        path: "{{ conf_path }}"
        regexp: 'listen localhost:8080 ssl;'
        replace: '# listen localhost:8080 ssl;'
    - name: edit another line from file
      replace:
        path: "{{ conf_path }}"
        regexp: '# listen \[::]:8080 ipv6only=off ssl;'
        replace: 'listen [::]:8080 ipv6only=off ssl;'
    - name: enable nginx service
      ansible.builtin.service:
        name: nginx
        enabled: yes
    - name: start nginx service
      ansible.builtin.service:
        name: nginx
        state: started
    - name: enable restserver
      ansible.builtin.service:
        name: restserver
        enabled: yes
    - name: start restserver
      ansible.builtin.service:
        name: restserver
        state: started

To further improve this playbook, while it does work, I’ll build in some checks to verify everything is working as it should so you don’t have to do it after the playbook runs. To run the playbook I use the following command:

ansible-playbook enable_RESTAPI.yml --ask-become-pass

I use the –ask-become-pass so that I can enter in the root password for the devices instead of me hard coding them as a var or something. There maybe another way but today that is where we stand.

Thanks for hanging out with me and going through my very first ansible playbook journey. I’ll leave you with the verification that the REST service is working on the cumulus device, till next time!

$ curl -X POST -k -u cumulus -d '{"cmd": "show interface json"}' https://192.168.49.4:8080/nclu/v1/rpc | jq
Enter host password for user 'cumulus':
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4373  100  4343  100    30  12268     84 --:--:-- --:--:-- --:--:-- 12353
{
  "bridge": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": [
        {
          "vlan": 10
        }
      ],
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": true,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 229,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 540,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": "10",
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "",
    "connector_type": "Unknown",
    "mode": "Bridge/L2",
    "speed": "N/A"
  },
  "vlan10": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 208,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 540,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "192.168.49.4/24"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": {
        "ipv4": [
          "02:42:b3:6f:5f:9b",
          "0c:b0:0e:07:88:01"
        ],
        "ipv6": []
      }
    },
    "linkstate": "UP",
    "summary": "IP: 192.168.49.4/24",
    "connector_type": "Unknown",
    "mode": "Interface/L3",
    "speed": "N/A"
  },
  "lo": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 65536,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "00:00:00:00:00:00",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 3393,
        "MTU": 65536,
        "Flg": "LRU",
        "TX_DRP": 0,
        "RX_OK": 3393,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "127.0.0.1/8",
          "::1/128"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "IP: 127.0.0.1/8, ::1/128",
    "connector_type": "Unknown",
    "mode": "Loopback",
    "speed": "N/A"
  },
  "mgmt": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 65536,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "8a:9d:94:9a:3f:8f",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 0,
        "MTU": 65536,
        "Flg": "OmRU",
        "TX_DRP": 13,
        "RX_OK": 0,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "127.0.0.1/8",
          "::1/128"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "IP: 127.0.0.1/8, ::1/128",
    "connector_type": "Unknown",
    "mode": "VRF",
    "speed": "N/A"
  },
  "swp1": {
    "iface_obj": {
      "lldp": [
        {
          "adj_port": "swp3",
          "adj_mac": "0c:b0:0e:07:88:00",
          "adj_mgmt_ip4": "192.168.49.2",
          "adj_mgmt_ip6": "fe80::eb0:eff:fe07:8801",
          "adj_hostname": "JumpSwitch",
          "capabilities": [
            [
              "Bridge",
              "on"
            ],
            [
              "Router",
              "on"
            ]
          ],
          "adj_ttl": "120",
          "system_descr": "Cumulus Linux version 4.3.0 running on QEMU Standard PC (i440FX + PIIX, 1996)"
        }
      ],
      "native_vlan": 10,
      "dhcp_enabled": false,
      "description": "",
      "vlan": [
        {
          "vlan": 10,
          "flags": [
            "PVID",
            "Egress Untagged"
          ]
        }
      ],
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": true,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 322,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 2318,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": "10",
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "Master: bridge(UP)",
    "connector_type": "Unknown",
    "mode": "Access/L2",
    "speed": "1G"
  },
  "eth0": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 1500,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:00",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 0,
        "MTU": 1500,
        "Flg": "BMU",
        "TX_DRP": 0,
        "RX_OK": 0,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "DN",
    "summary": "Master: mgmt(UP)",
    "connector_type": "Unknown",
    "mode": "Mgmt",
    "speed": "1G"
  }
}

Ep 47 – Get Awoken When it’s Broken!

This week we’re talking about everything on-call! What is it? What’s being “on-call” actually look like? What it means to various organizations. And most importantly – what you should look for when interviewing with a company when discussing being on call and compensation.

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 46 – Time Management

In this episode we’re talking about time management. We share tips and tactics we use to make the most of our time. What do you use to help manage your time? We’d love to hear from you! And, we’ve got some really exciting news, but you’ll have to listen to find out!

A.J.’s app recommendations:
Todoist – https://todoist.com/
Forest – https://www.forestapp.cc/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Endpoints and Servers

In this post of the CCNA Series, we will be covering endpoints and servers in the network. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > Endpoints and Servers. While studying in-depth enterprise network infrastructure topics and concepts, I think it can be easy to gloss over why the network is there in the first place. I always like to think of the network as a service that is there to support business functions. Businesses utilize technology for many reasons, for example to become efficient, scalable, and to provide excellent outcomes. Typically, they look to implement and leverage applications to achieve these goals. Well, those applications need to be able to be accessed and hosted (or served) somehow. That is where endpoints and servers enter the picture. If enterprises didn’t have endpoints and/or servers, then we wouldn’t really have a need for networks, would we?

Endpoints

Endpoints are the actual devices that connect to our networks so that we can gain access to those business critical applications that we brought up earlier in the post. In the last post around L2 and L3 switches, we introduced the concept of the three-tier architecture with the core, distribution, and access layers. As depicted in the image above, endpoints can be thought of as being at the edge of the network, so naturally, they connect to our access layer switches that provide initial connectivity or entry into the network at the edge. Endpoints can connect to the network either wired via directly connecting to a switch, or wirelessly, leveraging radio waves to connect to a wireless access point. Examples of common endpoints at the access layer are desktop and laptop computers, printers, phones, tablets, and scanners. Some endpoints, such as desktops and laptops are used to access applications and services, while other endpoints, such as printers, provide a service. For example, a laptop can communicate with a network attached printer to print documents. Endpoints in the network are used to gain access to services, as well as provide services themselves.

Servers

At a basic level, servers can be thought of as endpoints as well. They connect at the edge of the network just as end user endpoints do. The difference is that servers typically connect to the data center access layer versus the end user access layer such as a switch in a small data room on a floor of a building. It was stated earlier that businesses rely on the network to provide access to critical applications. Well, those applications are hosted on devices called servers. Servers can be physical (meaning typically one application per box), or virtual (meaning multiple apps/servers per physical machine). Also, servers can be hosted in on-premises data centers, external co-location facilities, as well as “in the cloud”. Examples of applications or services hosted on servers are email, websites, ecommerce systems, and media servers. To round this out, in our enterprise business example, servers house the applications that provide value to the business.

But Why?

Conclusion

I think it is important to remember that the network is a service (or potentially even a utility, if you want to take it that far). In an enterprise setting, the network is necessary because access to applications and information drives a business forward. Client or user endpoints are leveraged to gain access to those business critical applications, and servers house or host those applications and information. The network is there to provide the connectivity from the client endpoints to the servers that host the applications.

Ep 45 – Softskillz

In this episode, Dan, A.J., guest host Tim Bertino, and returning episode guest Tim McC talk about soft skills, their importance, how to sharpen them, and more. Join us as we share our experience with our own soft skills and were we see their importance shine the most.

Cisco config rollback documentation – https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-rollback-confirmed-change.html

Follow Tim Bertino:
blog: https://netication.com/
Twitter: https://twitter.com/TimBertino

Follow Tim McC:
blog: https://carpe-dmvpn.com/
Twitter: https://twitter.com/juangolbez
YouTube: https://www.youtube.com/channel/UC60oFllzMzQQmlhIQMkMa8g

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Faces of the Journey – Teneyia Wilson

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Teneyia Wilson is a Network Engineer originally from Denver, Colorado, who recently found herself back home. In 2004, Teneyia and her family moved away from Colorado. Being part of a military family, she and her family have lived in many cities in the last sixteen years. Teneyia currently holds two network engineering positions (yes, you read that correctly, two), one of which as a Network Engineer III with the ISP, Spectrum. If you thought that holding two network engineering positions was impressive, get this, IT/network engineering is not Teneyia’s first profession. Before getting into IT professionally, she ran a personal training studio from 2012 to 2019, while also managing a retail store with GNC. Teneyia has been fascinated with technology since middle school and knew then that she wanted a degree in IT, but took a different path for a while. Then, in 2018, she decided to quit her retail job to become a Network Engineer. She went to Barnes and Noble to purchase the CompTIA Network+ book and the Cisco CCNA 200-125 book set. At that time she was not working, so she spent five to eight hours a day reading, taking notes, and watching videos to catch up on the technology that she had missed out on over that nine year window. Teneyia found quickly that getting certifications made sense to her to be able to break into IT so that she could build experience and grow on a technical level (but she has not stopped the certification study by any means). After achieving both the Network+ and CCNA certifications, Teneyia got a help desk position at a managed service provider (MSP). A year later, she earned the CCNP Routing and Switching certification, and accepted a position as a Network Administrator with DXC Technology. In August of 2020, Teneyia moved back to Colorado and is now a Network Engineer with a 911 dispatch center and Spectrum. Teneyia’s fascination with technology started early in life by taking apart a Nintendo NES, computers, and phones to see how they worked. Teneyia is always striving to be a great engineer, who is highly skilled at troubleshooting and design, while helping others along the way. She is currently studying for the CCIE certification and will one day become a Principal Engineer or Solutions Architect.

Follow Teneyia:

Twitter

LinkedIn

Alright Teneyia, We’ve Got Some Questions

What did you want to be when you “grew up”? A multi-business owner. I had plans/ideas for restaurants and clothing lines. I use to love cooking and making clothes. I created a whole clothing line/brand between 2003-2009.

What advice do you have for aspiring IT professionals? Like anything else, don’t rush the process. Take your time to fully understand the technologies. Know how and when to use them. Ignore the imposter syndrome, no one knows everything. Take risks and never stop learning.

What is something you enjoy to do outside of work? Outside of work, I love lifting weights and competing in bodybuilding competitions. I also have a project car. I’m not in the car scene as much as I was when I was living in Los Angeles but still love fixing up and cruising in my 350z.

How do you manage your work/life balance? When studying for certs and/or training for a bodybuilding show, I create weekly schedules and stick to them. I schedule work, family time, errands, study, gym, everything. I prioritize most important to least and try not to deviate. In the off season and when I’m not preparing for a cert exam, work stays between 9am-5pm. I completely shut off computers and work thoughts to spend time doing what my family wants to do.

When learning something new, what methods work best for you? When learning something new, I like to get the information in multiple ways. I read books, watch videos, ask questions to people who have experience and get as many hands-on hours as I can. Even when I don’t have access to get hands-on practice, I find alternate ways to “do” the things I’m learning. For example, I write out or type in notepad configurations over and over when I don’t have access to physical equipment or an emulator. When I didn’t have real people to practice leading fitness classes, I setup my video camera and lead the workout like it was a gym full of people.

Bert’s Brief

“Discipline is more important than motivation!” This is the current pinned tweet on Teneyia’s Twitter profile. I guess I’ve always kind of thought that finding motivation or “the want” to do or accomplish something was the most important thing. Well, as Teneyia has shown, that’s only part of it. I’ve now shifted my thinking that motivation is really just the beginning. To achieve something that is important to you, discipline is the real secret sauce here. If you can find a way to stay consistent on your path, you will get there. Teneyia’s journey is great example of this. She decided to shift into IT just three years ago and what she has accomplished since then is really incredible. Teneyia does not keep her passion to herself, by working to help others along the way. Although she has already accomplished so much, this is really just the beginning for Teneyia and I predict that there are big things to come in the future. Check out Teneyia’s episode on the AONE podcast. One thing that I learned from that episode that I have already put in to practice is to give myself just five seconds to be scared or overwhelmed in a situation. After that five seconds, you put it behind you and focus. I have a feeling that will stick with me for a long time.

Ep 44 – IT Factor Crossover!

In this episode, two worlds collide! We chat with Frank Padikkala and the IT Factor podcast! We talk with Frank about the similarities between IT and AV professionals and how the two worlds often meet. We encourage Frank’s listeners to join us as we know a lot of the members of our own community have roots deeply embedded in AV. And we learned that Frank obtained his CCNA at just 17 years old!

Follow Frank on Twitter: https://twitter.com/frankpadikkala
Check out AV Nation and The IT Factor!
https://avnation.tv/
https://twitter.com/AVITFactor

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

GIAC Certified Intrusion Analyst (GCIA) // SANS503 Review

If you’ve been following my feed a bit, you know I’ve been going pretty strong for the last four months into SANS503. More than half the blog posts I’ve had published on this site were dedicated to a tool introduced or covered in this course. Well, I cleared the exam and it’s probably in no small part due to blogging. Not that blogging or studying in public was the only thing that amounted to a successful exam but it surely did help in my opinion. In the following I’m going to reflect a bit on the SANS503 course and GCIA exam.

I know, the major drawback to SANS courses is cost, and I get that. Each 5-6 day course runs on the plus side of seven thousand dollars and a certification attempt is no small pocket change either. That aside, if we are just here to judge content, this was the best cyber related course I’ve taken and the best certification experience I’ve ever had. To put this into a little bit of context, I’ve taken 7 Cisco exams at the associate and professional level, 4 Juniper associate level tests and 3 CompTIA exams. I’ve subscribed to INE, CBT Nuggets, Pluralsight, Linux Academy and O’Reilly Books. This course bests everything I’ve done up to this point. Perhaps this is just a hint that I need to do more focused training and less video on demand type stuff?!

SANS503 (the course)

The number one thing I liked about the course was the Virtual Machine and the Lab Workbook. Each section of the class concluded with lab exercises that we completed on our vm. We created rules, tuned rules, searched pcaps, created packets, created scripts and had a comprehensive capstone exercise to bring everything together. I went through this workbook twice. I probably spent 100 hours in the exercises alone. I went through the first time as I was following along with the course. I needed a lot of hints and had to do a lot of extra research as most of these tools were new to me. The second time through, I did almost all the exercises without using any of the hints. Really felt like I got the foundational understanding of how to use the main tools discussed during the class, namely, snort, tcpdump, tshark, scapy, wireshark and zeek.

I did the self paced version of the course. I got a recorded version of the course that I could watch at my own pace. This was perfect for me. As I mentioned before, this was the first time I’d ever used snort or wrote a snort rule. So I got to take my time with the material and really hone in on the fundamentals of using the tool. The instructor was excellent, clear and engaging even though it was not interactive. Besides just learning some tools the class also dug into major protocols. We went through ethernet, ip, tcp, udp, icmp, dns, smb, http and tls. One of the major themes of the course was being able to parse these different packets in hex. After doing this for a few months it’s not so difficult to pull out the next header field and what have you.

GCIA (the certification)

The certification exam was difficult for me. I had done one practice exam before taking the actual exam and scored an 89%. Not only that, I had more than an hour to spare. This had me feeling very confident. On the actual exam, as opposed to the practice test I took, I didn’t get any feedback per question, whether it was right or wrong. For whatever reason, perhaps just the added pressure of it ‘being an exam’ I was second guessing myself and was looking up more answers and even verifying answers I knew were right (it’s an open book exam). When I submitted the last question I had one minute remaining of my four hour allotted testing time. I scored two points lower than my practice test when all was said and done, an 87%.

What I like most about the exam is that since it is open book, there isn’t any really stump the chump kind of feeling when an obscure question about an IP option comes up. Instead, using documentation you can easily decipher what you need and come up with the answer.

Before going through the examination process I had read in other blog posts or youtube videos of people making an index. People would go through each book and index terms so that when they came across a question they could go to their index and hopefully find the answer in a reasonable amount of time. I did not do this, I used the index provided in the lab book portion of the materials and truth be told I didn’t use it that much. My thought process is that if you put in the time on the material (there are five main books), you will have a pretty good idea of where to start looking for that topic.

Lastly, one of the coolest parts of the exam is that it has a VM portion where you interact with pcaps using the tools and protocol knowledge outlined in the course to pull out answers. This was way more slick than any Cisco simulation I’ve ever done. Overall I think the exam really covered everything in a fair and balanced way and didn’t at all feel like a random trivia question extravaganza.

Conclusion

If you get the chance definitely take the opportunity to do some of their training. I’m hoping to take FOR572, Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response and the associated GNFA next. It will, I’m sure, be covering a lot of the same tools but I’m excited to get the point of view of a different instructor that will hopefully shed light on new things.

Also, I think I’m going to continue to keep blogging a bit here. I started out not knowing whether I would like it or find it useful. I think blogging and ‘studying in public’ is kind of a way to hold myself accountable even when the passion or motivation maybe lacking a bit that day. Hope you will continue this journey with me and I’ll see you on the other side on our next adventure.

Ep 43 – You get 5 Seconds

In this episode, we talk to Teneyia! She shares her upcoming story on how she went from being a fitness trainer to Network Engineer. She shares her viewpoints on motivation vs discipline, and why one matters way more than another. She also gives great advice on handling interviews, and what to do when you are in a situation that makes you feel nervous or scared. Enjoy this episode with Teneyia!

Follow Teneyia:
Twitter: @TeneyiaW
LinkedIn: https://www.linkedin.com/in/teneyia-wilson/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – L2 and L3 Switches

In this edition of the CCNA Series, we are going to cover network switches. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > L2 and L3 switches. Before we get into the difference between Layer 2 and Layer 3 switches, let’s describe and understand what switches are and what their role is in a network. In their simplest form, switches are hardware or software devices that provide connectivity to the network. For the simplicity of this article, unless otherwise specified, we will be focusing on hardware based (physical) switches. Who and/or what do switches provide connectivity to the network? Well, that depends upon which “layer” the switch resides. In the traditional campus infrastructure model, we can look at the network as having three layers; access, distribution and core.

Traditional 3 layer campus design
  • Access Layer
    • The switches at the access layer provide endpoints, or devices their initial connectivity to the network. The access layer can be thought of as the edge of the campus network, because this is where the network begins for devices. This is where our computers, printers, phones, and much more, connect to the network. The network is providing the service of delivering data to the required destinations for the connecting devices.
  • Distribution Layer
    • While the purpose of the access layer is for switches to connect to endpoints, the distribution layer switches connect to other switches. The distribution layer bridges the gaps between access layer switches at the local site (intra-site communication), and the local site access layer and the core layer, which provides connectivity to other sites (inter-site communication). The distribution layer provides two main functions, that both stem from the concept of network scalability.
      1. Acts as an aggregation layer for the access layer switches. As the number of access layer switches grows at a site, it is not functionally or cost effective to connect each access layer switch together directly to provide connectivity between them. It makes more sense to create a layer of switches “above” the access layer to provide the intra-site connectivity.
      2. Provides connectivity to the core layer which in turn provides connectivity to other sites (inter-site connectivity).
  • Core Layer
    • The purpose of the core layer is similar to the distribution layer in that it provides the service of aggregating switches to provide scalability. However, rather than aggregating access layer switches, the core layer ties together the different distribution layer switches between sites. Configuration and service-wise, we try not to get too fancy with the core layer. The core is there primarily to move packets through the network (between sites, if you will) as quickly as possible. In depth security and authentication services are typically handled in the lower layers of this three-tier model.

Now that we have covered the very basics around the purpose of switches and their roles depending on where they live in the network, let’s now describe, compare, and contrast Layer 2 and Layer 3 switches. Back in the “old days”, switches solely provided the Layer 2 functions in the network and routers (previous post) solely handled the Layer 3 functions. Switches typically have many physical ports and as stated earlier, connect to either devices at the edge of the network, or to other switches to get up or downstream in the network. Routers, on the other hand, tend to have fewer ports and provided routed (Layer 3) connectivity between different network segments. What do we mean in the traditional sense of switches operating at Layer 2 and routers at Layer 3? At Layer 2 of the OSI Model, we forward data (called frames) through switches based on their destination MAC addresses (burned in, or hardware addresses). In contrast, at Layer 3, data (called packets) is forwarded through routers based on destination IP addresses (logical addresses).

Layer 2 Switches

As covered in the previous section, switches operate at Layer 2 of the OSI Model by default. As frames flow through a switch, the switch builds what is called the MAC address database (aka the MAC table). The MAC table is used to properly forward data frames to the correct destinations. When a frame enters a switchport, the switch takes note of the source MAC address, the port the frame entered the switch on, and the VLAN that the port belongs to, and adds that as an entry into the MAC table. Later, when a frame enters the switch with a destination address of that first MAC address that was added to the table, the switch knows which port to forward that frame out. If that original device/MAC address gets moved to another port, the MAC table will be updated to reflect the port move. At Layer 2, VLANs are used to provide network segmentation. An access port on a switch can only belong to a single data VLAN, and traffic from a VLAN should only be forwarded out ports in the same VLAN. For traffic to cross VLANs, a routing function is needed.

Layer 3 Switches

Again, traditionally, Layer 2 functions have been handled with switches, and when subnets have been needed to be defined and Layer 3 forwarding used, we had relied on separate devices, called routers. As switches developed over the years and resources could be added to them, they began to be able to handle more functions. It then became a popular question that if switches can handle handle routing functions from a resource standpoint, do we really need separate hardware routers everywhere in the network that we define a Layer 3 boundary? Enter, Layer 3 switches. Layer 3 switching is just another way to say that we are providing routing functions in a switch. This can be handled in few different ways from an interface standpoint.

  1. Routed Port
    • This is a native Layer 3 interface on a switch and most resembles a “normal” interface on a traditional router. To recap, switches operate a Layer 2 by default, so to convert a Cisco switchport to a routed port, the command no switchport is entered on the interface. After that, an IP address and subnet mask can be entered just like on a traditional router interface.
  2. SVI (Switch Virtual Interface)
    • An SVI is a virtual Layer 3 interface on a switch that corresponds to a specific VLAN. Before Layer 3 switches, to provide routing for devices on a VLAN, we would need connectivity to an external router via access or trunk ports and the router would handle the Layer 3 functions of separating routed networks and forwarding packets between networks/subnets. An SVI is initiated by entering the global config command of interface vlan vlan-id. Then, an IP address and subnet mask can be defined. Finally, the SVI needs to be enabled with the no shutdown command.
  3. Layer 3 Portchannel
    1. To provide higher bandwidth and resiliency at Layer 3 on a switch, a Layer 3 portchannel can be used. The physical member interfaces need to be configured for Layer 3 with the no switchport, added into a portchannel, then the IP and subnet mask information is configured on the portchannel interface.

But Why?

Summary

Many switches out there today can operate at both Layer 2 and 3, which can cut down on the amount of network hardware that is needed. As always, when selecting solutions, you need to determine your network requirements to make sure you are selecting the correct gear to suit your needs. You can think of a Layer 3 switch as a switch that can also act as a router.

TSHOOT – Linux Networking Style

When I got restarted in networking circa 2018-19 everyone on my timeline would always profess how much they loved Cisco’s TSHOOT exam. People had tickets to do and felt like they were showing off what they knew, their experience, rather than answering trivia questions. “I always recert my CCNP with the TSHOOT exam…” or so the story went.

Enter Cumulus Linux, the networking arm of Nvidia. They’ve had a cumulus in the cloud offering for sometime now and I logged in the other day after a long hiatus just to check things out. They are currently running Cumulus Linux version 4.3 with vim now on it’s standard image 🙂

Cumulus Linux – Where Networking Magic is Created

There was one new thing that really caught my eye. One of the ‘Demo Modes’ they have now, once you are all logged in and have your virtual 2 racks of equipment powered on, virtually cabled and spun up is called ‘Challenge Labs.’ Currently, there are 4 challenge labs. Each lab is loaded and solution validated from the oob-management-server within the topology by way of an bash script. To load the first challenge you simply run a bash script that loads the configuration to the applicable devices using an ansible playbook.

cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a load

Challange #1

Server01 is unable to ping server02 or server03. Server02 and server03 are able to ping each other.
Challenge #1 Topology

Here we go! Are your wheels spinning? Are you coming up with possible issues and areas to look? The first thing I like to do when I first encounter a problem ticket is:

  1. Check power (is it plugged in?)
  2. Check physical connections (is the ethernet cable plugged in?)
  3. Verify the documentation/topology (fix documentation if incorrect)
  4. Recreate the issue, in this case, verify the ping fails from server01 -> server[02|03]

I don’t really have to worry about power here since we are all virtual but I can verify that the IPs in the diagram and the interfaces connecting the devices are correct. Let’s take a look at server01, is it’s IP correct and is it using ‘eth1’ as specified in the diagram?

cumulus@server01:~$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 44:38:39:00:00:32 brd ff:ff:ff:ff:ff:ff
    inet 10.1.10.101/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::4638:39ff:fe00:32/64 scope link
       valid_lft forever preferred_lft forever

Now, when we look into our first cumulus switch, I can discuss one thing that’s really cool about it. You can check the port configuration the same way we did above, with ‘ip a’ or we can use more of a traditional ‘command line’ for a networking device utilizing what they call nclu (network command line utility). Let’s log into leaf01 and have a look:

cumulus@leaf01:mgmt:~$ ip a show swp49
51: swp49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9216 qdisc pfifo_fast master bridge state UP group default qlen 1000
    link/ether 44:38:39:00:00:59 brd ff:ff:ff:ff:ff:ff

So ‘ip a’ isn’t showing us everything we want here but I think it’s mighty cool that i’m on a ‘switch’ and i got native Linux commands at my disposal. We can tell we don’t have an IP address configured so we are operating at layer 2 and we are up.

A command I like to go to straight away on a Cisco device is ‘show ip int br’ and we can get a lot of the same sort of data with Cumulus’ nclu command ‘net show interface’:

cumulus@leaf01:mgmt:~$ net show interface
State  Name    Spd  MTU    Mode       LLDP                          Summary
-----  ------  ---  -----  ---------  ----------------------------  ---------------------------
UP     lo      N/A  65536  Loopback                                 IP: 127.0.0.1/8
       lo                                                           IP: ::1/128
UP     eth0    1G   1500   Mgmt       oob-mgmt-switch (swp10)       Master: mgmt(UP)
       eth0                                                         IP: 192.168.200.11/24(DHCP)
UP     swp1    1G   9216   Trunk/L2   server01 (44:38:39:00:00:32)  Master: bridge(UP)
UP     swp49   1G   9216   Trunk/L2   leaf02 (swp49)                Master: bridge(UP)
UP     bridge  N/A  9216   Bridge/L2
UP     mgmt    N/A  65536  VRF                                      IP: 127.0.0.1/8

With Cumulus, if configured, I always find myself typing ‘net show lldp’ as one of my first orientation sort of activities. LLDP (link layer discovery protocol)

cumulus@leaf01:mgmt:~$ net show lldp
LocalPort  Speed  Mode      RemoteHost       RemotePort
---------  -----  --------  ---------------  -----------------
eth0       1G     Mgmt      oob-mgmt-switch  swp10
swp1       1G     Trunk/L2  server01         44:38:39:00:00:32
swp49      1G     Trunk/L2  leaf02           swp49

OK. Now let’s verify the issue. Let’s see if server one can ping the other servers in the topology:

cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms
pipe 3
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2027ms
pipe 3

You may have seen the issue already, you may not. But let us get on the working switch, the one where both hosts can ping each other, and see if you can spot the difference:

cumulus@leaf02:mgmt:~$ net show lldp
LocalPort  Speed  Mode       RemoteHost       RemotePort
---------  -----  ---------  ---------------  -----------------
eth0       1G     Mgmt       oob-mgmt-switch  swp11
swp2       1G     Access/L2  server02         44:38:39:00:00:3a
swp3       1G     Access/L2  server03         44:38:39:00:00:3c
swp49      1G     Trunk/L2   leaf01           swp49
cumulus@leaf02:mgmt:~$

We can see that the ‘good’ switch has access ports to their servers and the ‘bad’ server is configured as a trunk. Two solutions come to mind straight away. One, we could configure the server link to the switch as a trunk. Since we are working with ‘cumulus linux’ within the challenge I’m going to assume we want to change leaf01 to have an access port to it’s server, but with what vlan? Let’s check on leaf02:

cumulus@leaf02:mgmt:~$ net show bridge vlan
Interface  VLAN  Flags
---------  ----  ---------------------
swp2         10  PVID, Egress Untagged
swp3         10  PVID, Egress Untagged
swp49         1  PVID, Egress Untagged
             10

Aright, vlan 10 it is. One last thing I need to check out before logging off of leaf02 is a hint on what the command to use, for this I’ll grep the configuration:

cumulus@leaf02:mgmt:~$ net show configuration | grep -B 4 -i access
  address dhcp
  vrf mgmt
interface swp2
  bridge-access 10
interface swp3
  bridge-access 10

Let’s jump back on leaf01 and fix this issue once and for all:

cumulus@leaf01:mgmt:~$ net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net commit
--- /etc/network/interfaces     2021-05-04 20:46:36.925028228 +0000
+++ /run/nclu/ifupdown2/interfaces.tmp  2021-05-05 00:42:00.327566444 +0000
@@ -7,20 +7,21 @@
 auto lo
 iface lo inet loopback
 # The primary network interface
 auto eth0
 iface eth0 inet dhcp
  vrf mgmt
 auto swp1
 iface swp1
+    bridge-access 10
 auto bridge
 iface bridge
     bridge-ports swp1 swp49
     bridge-vids 10
     bridge-vlan-aware yes
 auto mgmt
 iface mgmt
   address 127.0.0.1/8
net add/del commands since the last "net commit"
================================================
User     Timestamp                   Command
-------  --------------------------  ---------------------------------------
cumulus  2021-05-05 00:27:03.636686  net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net show lldp
LocalPort  Speed  Mode       RemoteHost       RemotePort
---------  -----  ---------  ---------------  -----------------
eth0       1G     Mgmt       oob-mgmt-switch  swp10
swp1       1G     Access/L2  server01         44:38:39:00:00:32
swp49      1G     Trunk/L2   leaf02           swp49
cumulus@leaf01:mgmt:~$

Last thing to do is to log into server01 and see if I can now ping server[02|03]:

cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
64 bytes from 10.1.10.102: icmp_seq=1 ttl=64 time=20.8 ms
64 bytes from 10.1.10.102: icmp_seq=2 ttl=64 time=4.09 ms
64 bytes from 10.1.10.102: icmp_seq=3 ttl=64 time=3.48 ms
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.489/9.475/20.844/8.042 ms
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
64 bytes from 10.1.10.103: icmp_seq=1 ttl=64 time=5.85 ms
64 bytes from 10.1.10.103: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 10.1.10.103: icmp_seq=3 ttl=64 time=2.76 ms
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.768/6.825/11.853/3.772 ms

We’ve verified we have solved the issue, but I also want to let you know that the run script also comes with a verification option that will make sure you solved problem statement. To do this, we log back into the oob-server:

cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a validate
Validating solution for Challenge 1 ...
PLAY [server] ******************************************************************
TASK [include_tasks] ***********************************************************
Wednesday 05 May 2021  00:57:25 +0000 (0:00:00.059)       0:00:00.059 *********
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
TASK [Validate connectivity to server01] ***************************************
Wednesday 05 May 2021  00:57:25 +0000 (0:00:00.355)       0:00:00.415 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server01] ********************************************
Wednesday 05 May 2021  00:57:27 +0000 (0:00:02.523)       0:00:02.939 *********
ok: [server01] =>
  msg: 10.1.10.101 is alive
ok: [server02] =>
  msg: 10.1.10.101 is alive
ok: [server03] =>
  msg: 10.1.10.101 is alive
TASK [Validate connectivity to server02] ***************************************
Wednesday 05 May 2021  00:57:28 +0000 (0:00:00.112)       0:00:03.051 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server02] ********************************************
Wednesday 05 May 2021  00:57:30 +0000 (0:00:02.422)       0:00:05.474 *********
ok: [server01] =>
  msg: 10.1.10.102 is alive
ok: [server02] =>
  msg: 10.1.10.102 is alive
ok: [server03] =>
  msg: 10.1.10.102 is alive
TASK [Validate connectivity to server03] ***************************************
Wednesday 05 May 2021  00:57:30 +0000 (0:00:00.087)       0:00:05.561 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server03] ********************************************
Wednesday 05 May 2021  00:57:32 +0000 (0:00:02.087)       0:00:07.649 *********
ok: [server01] =>
  msg: 10.1.10.103 is alive
ok: [server02] =>
  msg: 10.1.10.103 is alive
ok: [server03] =>
  msg: 10.1.10.103 is alive
PLAY RECAP *********************************************************************
server01                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
server02                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
server03                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Wednesday 05 May 2021  00:57:32 +0000 (0:00:00.083)       0:00:07.732 *********
===============================================================================
Validate connectivity to server01 --------------------------------------- 2.52s
Validate connectivity to server02 --------------------------------------- 2.42s
Validate connectivity to server03 --------------------------------------- 2.09s
include_tasks ----------------------------------------------------------- 0.35s
Display results for server01 -------------------------------------------- 0.11s
Display results for server02 -------------------------------------------- 0.09s
Display results for server03 -------------------------------------------- 0.08s
cumulus@oob-mgmt-server:~/cumulus-challenge-labs$

So this wasn’t the most complicated ticket, and the further challenges get a bit more involved to solve. My hope is that you can see how relatable the output is from the nclu if you are coming from learning or working on Cisco, Juniper or Arista. Also, if you love Linux how cool is it to have all this functionality in a native Linux platform?!

Conclusion

Seeing how easy (and FREE and easily accessible) it was to setup a lab and a challenge from within the lab I hope that you can see the potential of Cumulus VX as a learning platform. Furthermore, this challenge script found on the oob-server within this free cumulus in the cloud offering could be a framework for future TSHOOT challenges.

If you want to run this lab locally, that’s also no issue as they have their process documented on their Gitlab repository. Once more, you’d think with all the devices you’d need some special hardware but as I mentioned in an earlier post, a single instance of Cumulus Linux needs less than 1GB of ram.

Lastly, if you need help getting along, the docs for cumulus are great and my friend Aninda Chatterjee has put together a great series of blog posts covering getting started with Cumulus Linux.

Ep 42 – A Look Back

In this episode we are joined by Tim Bertino once again! Tim, A.J., and Andy celebrate a ton of wins from our Winning channel, Tim introduces an exciting new blog series on the AONE blog that focuses on the CCNA, and we take a brief trip down memory lane recapping that last 30 or so episodes. Whether you’ve been with us from the beginning or just joining there’s a little something in this episode for everyone!

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Routers

In the first ever post of the AONE CCNA Series, we are going to start from the top. If you are following along on the CCNA exam topics, we will be covering Network Fundamentals > Explain the role and function of network components > Routers. Routers represent a critical component of network infrastructure in that they connect networks together, both physically and logically. What do we mean by logically? Well, the main purpose of a router is to receive data, find out where it needs to go, and send it out the interface (or port) in the right direction. Routers operate at Layer 3 of the OSI model, which means that they “route” or forward packets (data) based on the packets’ destination IP addresses. IP addresses can also be referred to “logical addresses”, and they signify the logical location of a device in a network. The IP address of a device can and may need to change depending on its movement in a network. MAC (or physical) addresses are a contrast to IP addresses in that they describe more of a physical location of a device in a network (at Layer 2). In fact, each device is said to have a “burned in address” or BIA, which is a device’s MAC address at Layer 2. This is a “permanent” address that the device keeps and uses no matter where it lives or moves within a network. But that’s enough about Layer 2 and MAC addressing for now, we’re here to talk about routers. Now that we know that a router’s purpose is to get data from one place in a network to another, let’s get into what routers might look like and how they perform this ever-important function of delivering our precious packets from point A to point B.

Example logical representation of routers in a network.

What do routers look like? They can come in a variety of brands, shapes, sizes, and sometimes the routers themselves are not even physical at all. Yes, we can deploy routers as virtual machines just like traditional virtual servers. And while we are focusing on enterprise networking because this is a CCNA series, routers are leveraged in residential networks as well. If you are connecting personal/home devices to the internet you are leveraging a router to provide connectivity to the internet for all of the devices on your home network. Think of the router as bridging a gap between your local network and the internet.

Finally, let’s go over how routers provide the functionality of transporting data across networks. As stated earlier, routers make their packet forwarding decisions based on the destination IP address in the packet header. That’s all well and good, but how do routers learn about networks and how to reach them so that they can forward packets in the right direction and along the correct path the proper destinations? Routers learn how to reach destination IP networks from three sources.

  1. Connected networks/routes
    • When an interface is configured with an IP address and enters an “up” state, the network associated with that interface is automatically entered into the routing table. The router now knows what networks are directly connected to itself and which interfaces to use, to forward packets out toward those networks.
  2. Static routes
    • Network administrators can manually program the router with static routes for specific destination networks.
  3. Dynamic routing protocols
    • Routing protocols can be enabled and configured on routers to communicate with each other and share routing information.

Once a router has enabled a way or ways or learning routes, it has to know which proper paths to choose when it receives packets. The best path(s) for each destination network is placed into the routing table, which is a database on the router that, at a high level, lists each destination network, the next hop IP, and egress interface to reach each destination network. Here high level sequence of operations that a router goes through when selecting the best path to reach a destination network for a packet it has received.

  1. Longest prefix match
    • This can be thought of as the rule of specificity and is the first method used for path selection. The route in the table with the most leading bits in the “on” position in the subnet mask will be chosen. An example of this logic is:
      • A router receives a packet to forward with a destination IP of 192.168.1.200.
      • The router has two routes in its routing table that match this destination:
        • 192.168.1.0/24
        • 192.168.1.128/25
      • In this case, the route that matches the 192.168.1.128/25 network will be chosen because it is more specific, in that it has one more bit in the “on” position than the route with the /24 bit mask.
  2. Administrative Distance (AD)
    • Routing protocols (OSPF, EIGRP, etc.) leverage metrics when determining the route to select when there are multiple routes learned to the same destination. However, the metrics used are only understandable to the given routing protocol. So, what does a router do when it learns the same route from different routing source types (for instance, a route learned both by a static route and EIGRP). A concept called Administrative Distance is leveraged to determine which route will enter the routing table.
    • Administrative Distance is a “trustworthiness” value (from 0 to 255) assigned to different routing sources so that when a router learns about the same route from different sources, it can decide which route to install into the routing table and use. The lower AD value is preferred.
  3. Routing protocol metrics
    • When a router receives multiple routes to the same destination from the same source (for instance, OSPF), it leverages the routing protocol’s metric values to determine which route(s) should be selected for the different destination networks. Examples of routing protocol metrics that are used by different routing protocols are hop count, cost, bandwidth, and delay.

But Why?

Why do we build computer networks and need routers?

Summary

There is definitely a lot that can be covered here about routers, but we want to keep these posts in consumable chunks. We have also highlighted some topics that we can go into more depth later on down the road. I think a big takeaway to remember here is that routers are a core component of network infrastructure and are responsible for moving packets through different Layer 3, (or “routed”) networks.

Faces of the Journey – Emmanuel Pimentel

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Emmanuel Pimentel (@MannyBytes88) was born and raised in New Jersey, but currently resides in Orlando, Florida, moving there in 2006. Manny is a Network Technician, working as a contractor in the transportation and tolling industry. He has a hybrid role, in which he assists in the management of both the network and server environments. While juggling college, Manny was looking for a way to break into the IT field. He decided to apply for a sales position in the computer department at a local Best Buy, but during the interview, the hiring managers quickly picked up his interest in tech, and found that he would be a better fit in a support role with Geek Squad. That just goes to show that displaying your interests and drive can open doors that you weren’t even looking to open! While with Geek Squad, Manny held positions as an Advanced Repair Agent and Covert Fulfillment Agent (remote Geek Squad agent). His time there gained him enough confidence and experience to book and pass both exams to become CompTIA A+ certified on the same day! Manny also credits developing his soft skills to his time at Geek Squad. After Geek Squad, Manny started with his current company as a Workstation Support Technician, prior to receiving a promotion to Network Technician.

For Manny, the draw to network engineering stems from senses of challenge and curiosity. He actually changed from majoring in general Computer Information Technology to majoring in Computer Network Engineering with a Cisco specialization because he wanted more of a challenge! While initially being intimidated, Manny accepted the challenge and has been “plugged into” (shameless, bad Tim pun) network infrastructure ever since. The draw to IT in general started in childhood with the Nintendo gaming system. From there it grew when he got his first PC and found out that he could dual boot to different operating systems. Manny’s ultimate goal is to become a Network Engineer. That being said, the role means much more to him than just the title. He is striving for all of the knowledge, responsibility and experience that comes with it. This goal motivates Manny each day to keep striving.

Follow Manny:

Twitter

LinkedIn

Instagram

Alright Manny, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Never stop being hungry for learning and for your growth. Always dedicate some time to your own personal development whether it’s a half hour before or after work or a few hours or maybe even a day off. Your peers and management will take notice and it will help propel your career as IT evolves for what it seems like warp speed these days. Make sure you learn and grow your soft skills. As Aaron once said on the podcast, “Soft Skills Pay The Bills”. Believe it or not, you have no idea how important soft skills are. You can be very technical and the cream of the crop, but it creates an barrier when you’re unapproachable to work with by your peers, management, and your end-users/clients/customers.

What is something you enjoy to do outside of work? Gaming. RPGs are my favorite genre with great games like Final Fantasy but also love action games like Metal Gear Solid, Yakuza, Uncharted, etc, seriously I can go on and on. I’m a sucker for retro games so if I’m not playing a current-gen title, I’m playing an older title like Parasite Eve, Xenogears, Chrono Trigger, GoldenEye, etc. The other two would be fitness and my two rides: 2007 Suzuki GSXR 600 and 2018 Subaru WRX STi Limited. If I’m not cruising around, I’m in my garage gym.

What is the next big thing that you are working toward? The biggest thing and main focus is obtaining my Cisco CCNP Enterprise certification with either the ENARSI or ENSLD aka “En-Salad” exam as my chosen concentration. The bigger picture is gaining more knowledge in the Route and Switch and Network Security space to become are more knowledgeable and well-rounded Network Engineer. That being said, I have a list of “side quests” that will aid in that along with accumulating experience such as: Juniper Networks JNCIA-Junos, Palo Alto Networks PCNSE, Cisco CCNP SISE, and Aruba Networks ClearPass Associate. I might even tackle the CCNP Service Provider track as that’s another level in the Route & Switch realm. These certs are loaded with knowledge that I feel would help develop me into a powerful, well-knowledgeable Network Engineer plus gaining experience as I grow of course.

How do you manage your work/life balance?

This is honestly a tricky one as I’m sure it is for many, if not all of us. For starters, I’m very strict on separating work from my personal life. Unless I’m on-call for the week or the back-up person, I don’t think or deal with anything relating to my job. Biggest way I accomplish this is I have two phone lines and phones for my personal use and for work. I love what I do, love my job, and the people there but I treat it as self-care that I’m mentally checked out so I can relax. Outside of that, I try to have a schedule or a routine. I always dedicate 1-2hrs of study/lab time before bed or first thing in the morning. I plan my workout days to both the time and muscle group I’m exercising. I even get in a quick jump-rope session during my work lunches when I’m working from home. I try to plan my meals Monday-Thursday. I figure it as one less unnecessary thing on my mind. Kind of like a “set it and forget it” kind of deal. Friday-Sunday, I like to mix it up and cook something random from Breakfast all the way to Dinner. Finally, I try to get in some non-study related time to unwind. Whether I’m relaxing and watching a show, reading a book, or getting in some game time. I usually leave this for the weekend as I’m in a grind mode Monday through Friday.

What is your favorite part about working in IT? You’re always exposed to new tech. Whether you work in the Private Sector which can be bleeding edge depending on the environment or in a more reserved environment like the Public Sector and Healthcare. You’re always exposed to something new. New piece of equipment and software tends to always mean new learning opportunities whether your company provides training, or you take it upon yourself to learn on your own time and be the SME on the new tech. I don’t like the idea of coasting permanently and never changing with the times. IT gives me that constant drive to learn as environments grow, new technologies emerge, and new skills are required and desired. Finally, because there’s so much to learn, it ignites a fire in me when I see my peers or my friends genuinely curious and wanting to learn what I’m doing or showing interest in specializing. What better way to validate your knowledge than by teaching what you’ve learned while also empowering your peers, am I right?

Bert’s Brief

I’m definitely not making light of anyone else when I say this, but Manny is someone from the IAATJ community that I absolutely cannot wait to meet in person someday. He has that perfect balance of positivity, drive, determination, and compassion. When someone has a win or achievement posted within Discord or Twitter, Manny is always one of the first people with a “congratulations” comment. He is not only working hard to help himself to succeed, but he wants to see others succeed as well. I love the mentality he has around the win-win situation of teaching others to help them and yourself, it’s spot on in my opinion. Due to his curiosity and will for a challenge, Manny has had this nice, steady growth in his career thus far, and I fully expect that to continue.

Ep 41 – From Audio to Network Engineer

This week we speak with Beau, an audio engineer making a pivot to network engineering. Covid destroyed the live entertainment industry, so Beau made a decision to pursue a career in IT. Armed with his A+, Net+, home lab and CCNA study materials Beau plans to take and pass his CCNA by the end of the year and leverage his newly earned skills to get his first job in IT.

Follow Beau:
Twitter: https://twitter.com/BeauToop
LinkedIn: https://www.linkedin.com/in/beau-toop-680863202/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

My Top 5 Network Engineering Books

With so many networking books out there, someone coming into networking could find themselves asking: are any of them any good??!

This blog post, in opposition of the title, are not the 5 best. Who am I to say they are the best?! I’ve been studying pretty good for the last two years now. Just the other night I realized when someone asked if a book was good or not that I’ve read quite a few pages over that time frame. Having read quite a bit I’m going to spend a bit of time highlighting what I feel are the best of the best, the must reads. These are all books that I’ve really enjoyed and content I’ve connected with since I started my journey.

Book #1

Junos Enterprise Switching and Junos Enterprise Routing

My absolute favorite book(s) on networking covers Junos. Both books are older than 10 years or so but filled with everything you’d need to understand the fundamentals of switching and routing. The books are Junos Enterprise Switching and Junos Enterprise Routing. The number one reason why these are great books is that they allowed their personality and humor to spill out. Every other paragraph has some bit of hidden humor morsels.

These books are even highly recommended from Juniper’s best Yasmin Lara and Art of Network Engineering’s own Carl. So even though these books are a bit older, their wit really shines and makes getting through all the nitty-gritty all that much more enjoyable. If you are just getting started in networking you can’t go wrong knocking these two books out first.

Book #2

Anything by Dinesh Dutt

From earliest to latest, Mr. Dutt’s books include BGP in the Data Center, EVPN in the Data Center and Cloud Native Data Center Networking.

Even if you don’t really know BGP yet or basic Data Center concepts, do not fret. These books are still for you. Why? Because Mr. Dutt does such a great job at breaking down each technology to a simple digestible nugget before building a beautiful tapestry that ties everything together.

Book #3

Cisco Software-Defined Access – Cisco Press

This book was just a joy. It might have had a lot to do with my studying at the time. I was in multiple ENCOR study groups and I’d committed to trying to lead the SD-Access section and this book laid out everything so that I could have a somewhat successful presentation. This book broke down how everything was automated to what was going on underneath the hood of the automation. Harnessing the internet, I watched Roddie Hasan’s Cisco Live presentations (which is an amazing free resource) and followed him on the twitter (you should do the same, super cool dude). If you were only to read one chapter, read chapter 6.

Furthermore, I had won a book giveaway by another author of the SD-Access book Jason Gooley and he sent me a few Cisco Press books so I just have a lot of good vibes from this book and the connections I’ve made from it.

Book #4

The ASCII Construct

The ASCII Construct is not a book, though it should be. The author of this blog writes in such a way that that it inspired me to try and write something. He explains things in pain staking detail not normally outlined or covered. So the tidbits you get on these posts are not found in many other places on the internet. Furthermore, the author, Aninda Chatterjee, is one of the nicest people I’ve had the pleasure of interacting with. He has given his time over and over again on questions about anything. A teacher of the highest quality.

Book #5

Network Programmability with YANG: The Structure of Network Automation with YANG, NETCONF, RESTCONF, and gNMI, First Edition

The last book I’d like to highlight is Network Programmability with YANG by Joe Clarke, Jan Lindblad and Benoit Claise. Everyone’s talking about network automation and I think this is the book that really breaks down a lot of the underpinnings in ways other books simply don’t match. This book is just well put together. Great, simple explanations with subsequent code examples with each chapter ending with a cool question answer with a different ‘expert’ related to what’s covered. This was a another book that stood out as an example to me as something I’d like to aspire to if I ever ended up writing some long form stuff.

Honorable Mentions

After reading this you may be wondering to yourself, I’m studying for xxx Cisco exam or what not, and not one OCG was mentioned. Truth be told, I’ve read quite a few OCGs and simply put, I just don’t like them. I don’t like being distracted by ‘do I know this already’ and ‘key terms’ and other certification type related sections. I prefer books that just discuss the technology. If I did have to choose my favorite author of these sorts of book I’d go with Kevin Wallace. My guy spent less than a year at Walt Disney according to his LinkedIn but I feel like I’ve heard 20+ stories about it going through his training, which I enjoyed.

Other books you should check out that I didn’t explicitly outline in the top 5 are: Automating Junos Administration, Computer Networking Problems and Solutions, Network Programmability and Automation, Routing TCP/IP, Volume 1 and Routing TCP/IP, Volume II.

Bonus

Since I mentioned one blog, and we are talking about learning content, I want to highlight some video content creators out there.

Video Creator #1

Calvin Remsburg

One such creator is Calvin Remsburg. He’s been streaming on Twitch (which I can’t find a link to at this time) and Youtube a bit over the past couple of years. His posts are long and if you get in on the live stream, interactive. He shares his point of view on all sorts of networking and automation concepts as he walks through a technology. Always felt he should have many more subs than he does.

Video Creator #2

Matt Oswalt

This was a short series and only covered one topic, git. Matt Oswalt ran a little series called Labs & Latte where he begins each episode with some cool piano notes and some latte art. If you follow my twitter feed you know I’m into coffee. In any case, the content here is just great. I hope Matt picks this back up in this sort of format. I understand you can find Matt on other channels with a white doctors coat on explaining network automation but I really like this format and presentation.

Video Creator #3

Network Collective

I got into watching their Wednesday night live streams when I was in Arkansas for work a few months ago. They do a cool trivia segment segment and plenty of demos with industry pros. Their production quality of this live stream is very good. At some point, once I climb all the way out of debt, I hope to become a paid subscriber. They have so much content out that once you get a bit hooked you’ll have a mini mountain of content to binge through. Since I’ve been back home on the west coast it’s been really hard to get home and tuned in to the live stream so I’m going to have to make this more of a priority 🙂

Final Bonus

Ivan Pepelnjak

Subscribe to this gentleman’s content. You could be watching an old network field day and hear this voice that’s just firing off question after question. Turning every complex technology into a simple analogy of another technology. I was introduced to Ivan in a Youtube video interview with David Bombal. I’ve since watched all the content I could get my hands on at ipspace.net and listened to all the episodes of his podcast Software Gone Wild. I heard recently he may be taking a step back a bit from content creation but will still be blogging. Whatever the case, make sure to check out his content.

Final Final Bonus

I have a long commute. So I listen to a lot of content as well. Here is a short list of my favorite networking related podcasts: The Hedge, The Art of Network Engineering, Full Stack Journey, Network Collective, Darknet Diaries, Software Gone Wild and History of Networking.

All for now, let me know what books or anything else I’ve missed and need to check out!

Ep 40 – Automacho

This week we talk to Kevin Camacho, otherwise known as Automacho. Kevin came from the NOC and now works on Andy’s team as a Network Engineer with a focus on Automation. Kevin shares his journey and provides some advice to others on working in a NOC.

You follow Kevin on LinkedIn here: https://www.linkedin.com/in/kevin-camacho-39012812a/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

zeek-cut vs jq

Last week I wrote a quick little tutorial so that one could get started using tshark. In this post I want to look at different ways of viewing the same data using a tool called zeek. Zeek is often referred to as a packet examination ‘framework’ as it allows you to see what is happening, the whos, wheres and whats within the traffic. Zeek is often deployed along side other tools like snort, suricata and/or moloch.

Since we will be examining pcaps, not live traffic we will again be going with the ‘-r’ option as we did with previous posts covering tcpdump and tshark.

$ ls
ctf-dump-v2.pcapng  ctf.pcap  zeek.script
$ zeek -Cr ctf.pcap
$ ls
conn.log            dns.log    ftp.log    ntp.log            smtp.log  ssl.log    zeek.script
ctf-dump-v2.pcapng  dpd.log    http.log   packet_filter.log  snmp.log  weird.log
ctf.pcap            files.log  mysql.log  sip.log            ssh.log   x509.log

You can see, after we read in our pcap with zeek a bunch of *.log files were created. You can guess what kind of information is in each log based on it’s name. To view logs nativly, zeek has a tool called ‘zeek-cut’ that allows you to format and view what you’d like. If you use just zeek-cut you will get the default columns:

$ head dns.log | zeek-cut
1613159462.737544	Ci2kw63INthRjNjuae	157.230.15.223	57199	67.207.67.3	53	udp	6601	-	223.15.230.157.in-addr.arpa	1C_INTERNET	12	PTR	3	NXDOMAIN	F	F	T	F	0	-	-	F

What are these columns you ask?! Good question. We can see what are all our options are as far as data within this log by simply looking at the very beginning of the file:

$ head dns.log
#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	dns
#open	2021-04-16-17-46-03
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool

Fields we can extract/view from this log are listed after the #fields above.

An aside: A bit about source/destination vs originator/responder. In zeek the one who initiates a request, whether by a syn or what have you, is the originator and the one responding, ie, a syn-ack is the responder. They do not use the lexicon of source and destination. Which, I think, is kind of cool as one of the things you do with tcpdump a lot is filter by syns or syn-acks and here that work is already done for you.

Back to parsing this log file. Using zeek-cut, let’s pull out the id.orig_h, resp_p and the query. I only pipe it to head for brevity.

$ cat dns.log | zeek-cut id.orig_h id.resp_p query | sort | uniq | head
10.10.10.101	53	assets.msn.com
10.10.10.101	53	cdn.content.prod.cms.msn.com
10.10.10.101	53	debug.opendns.com
10.10.10.101	53	portal.mango.local
10.10.10.101	53	sw-ec.mango.local
10.10.10.101	53	sync.hydra.opendns.com
10.10.10.101	53	www.gstatic.com
10.10.10.101	53	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1	53	1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1	53	1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

This information is exactly the same information we pulled out of the file last week with tshark. Zeek is an awesome tool because the logs, once extracted from live capture or a pcap can be held onto for a long time because in relation to the hard-drive space needed for a pcap, Zeek logs take up very little space. You can refer to these artifacts later and retain for much longer/easier than trying to retain pcaps.

Another pro for zeek is that parsing through a log file is computationally super fast when compared to tshark or even tcpdump trying to look through an entire pcap every time you do a filter. So getting information out of your data, once read through zeek is FAST!

So to briefly recap, to get started with zeek-cut looking at your logs, head a log you are interested in, see the possible columns and then use zeek-cut to parse out what you are interested in. Another thing I demonstrated last week in my tshark post was pulling out all the usernames used to login with mysql. Can we quickly do the thing with zeek?

$ ls *.log
conn.log  dpd.log    ftp.log   mysql.log  packet_filter.log  smtp.log  ssh.log  weird.log
dns.log   files.log  http.log  ntp.log    sip.log            snmp.log  ssl.log  x509.log

We see we have a mysql.log and the next step is to head it and see the columns.

$ head mysql.log 
#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	mysql
#open	2021-04-16-17-46-03
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cmd	arg	success	rows	response
#types	time	string	addr	port	addr	port	string	string	bool	count	string

The three columns that stand out as possibilities that could help us reach our goal of getting all the username’s/passwords to log in would be cmd, arg, success, rows and response. One of the cmd is ‘login’ so if we grep for login and show associated arg we are able to see all the usernames:

$ cat mysql.log | zeek-cut cmd arg | grep login | sort | uniq -c
      2 login	8TmveSod
     12 login	admin
      4 login	admin@example.com
      1 login	flag
      4 login	jamfsoftware
     12 login	mysql
    140 login	root
      4 login	superdba
     12 login	test
     12 login	user
      4 login	username
      2 login	wdxhpxxK

To briefly look back, here was us last week doing the same thing with tshark:

$ tshark -r ctf.pcap -Y 'mysql' -T fields -e mysql.user | sort | uniq -c
    963 
      2 8TmveSod
     12 admin
      4 admin@example.com
      1 flag
      4 jamfsoftware
     12 mysql
    140 root
      4 superdba
     12 test
     12 user
      4 username
      2 wdxhpxxK

One more really cool thing to mention about Zeek before we shift over into looking at the same data in JSON format using jq is that of the uid. Let’s say for whatever reason, you are super interested in someone logging in with the username flag. In zeek, every single log has a UID, which is a unique identifier of traffic consisting of the same 5-tuple or source IP address/port number, destination IP address/port number and the protocol in use. So if we include the UID in the login associated with flag we could then grep all of our logs for that UID to see all the associated traffic.

$ cat mysql.log | zeek-cut cmd arg uid | grep flag 
login	flag	C4nJ2N3ksR7OfGiU9k
$ grep C4nJ2N3ksR7OfGiU9k *.log
conn.log:1613168140.809131	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	tcp	-	0.011629	443	1438	SF	-	-	0	ShAdtDTaFf	48	3446	38	4868	-
dpd.log:1613168140.809956	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	tcp	MYSQL	Binpac exception: binpac exception: out_of_bound: LengthEncodedIntegerLookahead:i4: 8 > 6
mysql.log:1613168140.809676	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	login	flag	-	-	-
mysql.log:1613168140.809750	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	unknown-167	\xb3\x12\xd815'\x07%\x814\xfeP\x9b\x1a\xfd\xae\xc85\xee	-	-	-
mysql.log:1613168140.809838	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	query	\x00\x01select @@version_comment limit 1--	-

We have easily located associated traffic with the mysql traffic with the login name of ‘flag’ very quickly.

Another very quick aside. A tool that’s like uid, but even more useful is called community-id. This is the same sort of idea as uid except you can take this ‘community-id’ and pivot to entirely different tools. Say we found something with traffic in zeek that was super interesting but wanted to look at the pcap. If we were using community-id we could copy it from our zeek log like we did with uid but this time search for this community-id within a tool like moloch (view flows and download pcap) and get greater context/viability.

Alright. So many quick asides today. Back to the lesson at hand. Zeek data can also be output in JSON format as opposed to simple text logs as outlined above. This is how zeek is configured at my work and is done so it can be easily ingested into our SIEM. Today we are just going to read in the same pcap and play around a bit with a tool called jq to parse our logs. Here is how we switch to a JSON format:

$ zeek -Cr ctf.pcap -e 'redef LogAscii::use_json=T;'

If we head our dns.log, like we did above to search for quries our data will look much different. So much so that zeek-cut no longer works with this format 🙂

$ head dns.log 
{"ts":1613159462.737544,"uid":"CyZQzA1XgYbK1dLIah","id.orig_h":"157.230.15.223","id.orig_p":57199,"id.resp_h":"67.207.67.3","id.resp_p":53,"proto":"udp","trans_id":6601,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}
{"ts":1613159462.737492,"uid":"C1n5WP2f5tNp0iBXa2","id.orig_h":"157.230.15.223","id.orig_p":56994,"id.resp_h":"67.207.67.2","id.resp_p":53,"proto":"udp","trans_id":505,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}

We now have a whole bunch of key:value pairs. Which means our log files will be slightly bigger than the plain txt ones but otherwise all the pros mentioned above still hold true here. Instead of piping to zeek-cut we are going to use jq to parse our data. To look at the first log, we will use the -s ‘.[0]’ option (which simply picks out the first thing in the index, ie the first log):

$ cat dns.log | jq -s '.[0]'
{
  "ts": 1613159462.737544,
  "uid": "CEDtgA2onmkOdbRSp",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 57199,
  "id.resp_h": "67.207.67.3",
  "id.resp_p": 53,
  "proto": "udp",
  "trans_id": 6601,
  "query": "223.15.230.157.in-addr.arpa",
  "qclass": 1,
  "qclass_name": "C_INTERNET",
  "qtype": 12,
  "qtype_name": "PTR",
  "rcode": 3,
  "rcode_name": "NXDOMAIN",
  "AA": false,
  "TC": false,
  "RD": true,
  "RA": false,
  "Z": 0,
  "rejected": false
}

I always find myself heading a log or looking at the first log before I really dive in. This is because I never remember what the key value is or the specific name of the interesting thing I’m looking for. This gives me a chance to look at an entire log and make out what each thing is referencing and I can make a better guess on what search term to use or how it should be formatted. Doing this first saves you a bit of time later in my opinion.

Every key, if you can remember back to the beginning of this post will correspond to a column header when we were using zeek-cut. With zeek-cut we used id.orig_h, id.resp_p and query. To do this we will use the -j (join option) with jq which will put the following things we select on the same line. We have to put ‘id.orig_h’ and ‘id.resp_p’ in brackets because their key value begins with a ‘.’ already and in order for jq to read them the syntax with the square brackets is needed. Since query doesn’t begin with a ‘.’ no brackets needed. “\n” simply means new line. Below we have a csv formatted version of what we did with zeek-cut above.

$ cat dns.log | jq -j '.["id.orig_h"], ", ", .["id.resp_p"], ", ", .query, "\n"' | sort | uniq |head
10.10.10.101, 53, assets.msn.com
10.10.10.101, 53, cdn.content.prod.cms.msn.com
10.10.10.101, 53, debug.opendns.com
10.10.10.101, 53, portal.mango.local
10.10.10.101, 53, sw-ec.mango.local
10.10.10.101, 53, sync.hydra.opendns.com
10.10.10.101, 53, www.gstatic.com
10.10.10.101, 53, www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1, 53, 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1, 53, 1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

If you forgot what we did with zeek-cut above i’ll spare you the work of having to scroll up:

$ cat dns.log | zeek-cut id.orig_h id.resp_p query | sort | uniq | head
10.10.10.101	53	assets.msn.com
10.10.10.101	53	cdn.content.prod.cms.msn.com
10.10.10.101	53	debug.opendns.com
10.10.10.101	53	portal.mango.local
10.10.10.101	53	sw-ec.mango.local
10.10.10.101	53	sync.hydra.opendns.com
10.10.10.101	53	www.gstatic.com
10.10.10.101	53	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1	53	1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1	53	1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

If we look at the mysql log I’m sure you can already make out how we could search for usernames used to login like we did with zeek-cut using jq:

$ cat mysql.log | jq -s '.[0]'
{
  "ts": 1613164528.211387,
  "uid": "CCk4OU1exd8KJARVSg",
  "id.orig_h": "45.55.46.240",
  "id.orig_p": 38550,
  "id.resp_h": "157.230.15.223",
  "id.resp_p": 3306,
  "cmd": "login",
  "arg": "8TmveSod"
}
$ cat mysql.log | jq -j '.cmd, ", ", .arg, "\n"' | grep login | sort | uniq -c
      2 login, 8TmveSod
     12 login, admin
      4 login, admin@example.com
      1 login, flag
      4 login, jamfsoftware
     12 login, mysql
    140 login, root
      4 login, superdba
     12 login, test
     12 login, user
      4 login, username
      2 login, wdxhpxxK

Above I used grep to do the same sort of search that we did with zeek-cut. But, we don’t have to use grep as jq has some very cool functions built in that allow us to do comparison searching within the tool itself. This is where I think jq really shines. You can use ‘<‘ ‘>’ or ‘==’ to filter your search how ever you need. Here we just want to get all the ‘cmd’ that equal login.

$ cat mysql.log | jq 'select(.cmd == "login")' | jq -j '.cmd, " ", .arg, "\n"' | sort | uniq -c
      2 login 8TmveSod
     12 login admin
      4 login admin@example.com
      1 login flag
      4 login jamfsoftware
     12 login mysql
    140 login root
      4 login superdba
     12 login test
     12 login user
      4 login username
      2 login wdxhpxxK

With zeek-cut we zeroed in on the flag login and searched all our logs for the uid to find all relevant traffic with the associated tuple. We can do the same thing with jq no problem.

$ cat mysql.log | jq 'select(.cmd == "login" and .arg == "flag")' | jq -j '.uid, " ",.cmd, " ", .arg, "\n"' | sort | uniq -c
      1 CmBHdR2a0DMQ9kfam login flag
$ cat *.log | jq 'select(.uid == "CmBHdR2a0DMQ9kfam")'
{
  "ts": 1613168140.809131,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "proto": "tcp",
  "duration": 0.011629104614257812,
  "orig_bytes": 443,
  "resp_bytes": 1438,
  "conn_state": "SF",
  "missed_bytes": 0,
  "history": "ShAdtDTaFf",
  "orig_pkts": 48,
  "orig_ip_bytes": 3446,
  "resp_pkts": 38,
  "resp_ip_bytes": 4868
}
{
  "ts": 1613168140.809956,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "proto": "tcp",
  "analyzer": "MYSQL",
  "failure_reason": "Binpac exception: binpac exception: out_of_bound: LengthEncodedIntegerLookahead:i4: 8 > 6"
}
{
  "ts": 1613168140.809676,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "login",
  "arg": "flag"
}
{
  "ts": 1613168140.80975,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "unknown-167",
  "arg": "\\xb3\\x12\\xd815'\\x07%\\x814\\xfeP\\x9b\\x1a\\xfd\\xae\\xc85\\xee"
}
{
  "ts": 1613168140.809838,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "query",
  "arg": "\\x00\\x01select @@version_comment limit 1"
}

I might have not shown the most ‘useful’ parsing within jq but I hope by showing you a few examples of how you can select based on the values of certain fields you can see how easy it is to zero in on what you are looking for. You can, for example, only display only logs that have a ip.orig_p less than 1000 in your conn.log with ease. Or, display on logs with a packet bigger than a certain size. The possibilities are endless and being able to use comparison operators in your search, I think, is just awesome.

Also, you can format your output based on whatever values in any order and to csv very easily if that’s a useful avenue for you. There is even more stuff you can do with jq, such as sorting. But I think we’ve went long enough 🙂

That’s all for today as I think I’ve rambled on long enough, with far to many asides. But i digress. Next time I’m thinking of trying to write my first zeek script. Till next time!

Faces of the Journey – Tim McConnaughy

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Tim!

Tim McConnaughy had lived in Hampton Roads, Virginia most of his life. A few years ago he left to take a position with a global company headquartered in Idaho. Tim now resides in Raleigh, North Carolina. His current role is as an Enterprise Networking Technical Solution Architect at Cisco. Specifically, Tim works in the Customer Proof of Concept labs (CPOC), and develops demonstration material for field engineers on Cisco dCloud. A while back, I had the opportunity to discuss this role with Tim, and it was very interesting to me. The responsibility is to essentially build and prove out solutions to customers that are being proposed by the pre-sales engineering team. Tim has the opportunity to learn and perfect new technologies, and work with customers directly to see how those technologies may, or may not fit in their environment. To me, that sounds like a rewarding experience. Before Cisco, Tim had gained experience in a NOC and as a network engineer in different industries. He got his professional start in IT working tech support at a local dial-up ISP, where he also built Linux web hosts for their co-lo service. IT has always been a passion of Tim’s, stemming from when he first played the Atari 2600 and Intellivision as a kid. As his career progresses, Tim is striving to become an architect who can focus on big picture network strategy, while remaining technical enough to assist in deployment. In relation to this, Tim is quoted in stating “I realize that this is not unlike wishing for more wishes, but it is at least a goal to strive toward.”

Follow Tim:

Twitter

Blog

Alright Tim, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Learn how to learn. Barbara Oakley has a great free course on Coursera by the same name. There is a firehose of data waiting for you. Start with a strong foundation in learning how to absorb it all in a way that makes it stick. In IT we can’t ‘learn it for the test’ because unlike some fringe classes in high school or college, we might actually be called to utilize what we learned. Besides learning how to learn, learn how to look things up. Learn how to ask Google the right questions. Learn how to ask your peers the right questions. Above all, learn how to research something you don’t already know and how it will fit in with what you do know.

When learning something new, what methods work best for you? I like to start learning something new by determining how it relates to what I do know well already. It becomes a bit of a bridge. I think we have all stared at something that might as well be written in some ancient elvish script and thought, “I will never understand it”. You don’t need to scale that wall directly. Find the handholds by relating it to what you know. When I teach, I try to relate to real-world examples, established technologies, etc., as a scaffold for building the understanding of how it is different and goes beyond those things.

What is your favorite part about working in IT? I think my favorite part of working as a network engineer is when all my hard work pays off. When you spend a lot of time and effort learning something, doing something, and it pays off there is not another feeling like it.

How do you manage your work/life balance? If you figure this one out, please let me know. In all seriousness, there is no secret, no trick, and in some ways that makes it even harder. It is simple willpower and ability to swallow the anxieties of work to pursue the benefits of life, to be able to push back because there will always be a project, a task, some new thing to study. Kids are only kids once, and for far shorter a time than we realize. Usually, we are only realizing it when it’s in the rear-view mirror and too late to change anything. Not just kids, though. Whatever it is that we love and for whatever reasons we live, we have a finite amount of time to prioritize it.

What is something you enjoy to do outside of work? Besides the obvious answer, spending time with my family, of course, I play videogames, though not as much these days. I have a samurai movie collection I have been meaning to watch again. I enjoy (but never have much time to play) board games and role-playing games of various depth and color. I bike when the weather is good. I used to read voraciously but I admit I have let that slide as the years have passed. I am a shameless ramen fanatic, the good stuff, not the grocery store ones. I also spend a good amount of time helping others with their journey. I review resumes, give suggestions about technical interviews, answer questions, explain networking. I am a firm proponent of the idea that you have only mastered something when you can teach it to someone else. So it’s not entirely selfless.

Bert’s Brief

I cannot say enough good things about Tim McC. He has such a down-to-earth attitude and is practically always willing to help. He can be found actively in the It’s All About the Journey Discord community, providing advice and insight. Take it from me, you can learn a lot from the experiences that Tim has documented over the years. I had no idea of the extensive interview experience he had until his AONE episode. There is a fair amount of good content from Tim, so I’ll create a list of my recommendations below. Finally, since I’m starting to become brave like Aaron, on behalf of the IAATJ community, I’d like to thank Tim for his continuous contributions to helping others.

  • Recommended reading/listening
    • “10 Pieces of Advice for Network Engineers” blog post
    • AONE Ep 34 – Technical Interviews
    • ZigBits Ep 71 – Demystifying The Role of The Network Engineer

Ep 39 – Andy’s Hard NOC Life

Andy and Aaron discuss Andy’s time working in the NOC, nicknames and how important the mental game is to success.

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

tshark the best?!

I wrote a quick intro to tcpdump some months ago as I was learning about the tool and I thought it was just the best. You only love what you know right?! Well last week I embarked on a quest to find some flags on Cisco’s CTF 2021 using tshark. I mean, I originally tried to use tcpdump but since their file was saved as a pcapng it was not compatible without a little more work. Mr. Tony E has a how-to on trace wrangler coming up on a network collective live-stream that can solve non-compatibility pcapng issues, and I digress.

The first thing people like to do when they encounter a new pcap is to get the lay of the land so to speak. If they were in Wireshark, most likely they’d venture into the Statistics tab and check out ‘Capture File Properties’ and ‘Protocol Hierarchy.’ Can we get this sort of information from the command line? You bet your bottom dollar we can! The first tool we can use is called capinfos:

$ capinfos ctf.pcap 
File name:           ctf.pcap
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  microseconds (6)
Packet size limit:   file hdr: (not set)
Number of packets:   203 k
File size:           97 MB
Data size:           88 MB
Capture duration:    330489.302412 second
First packet time:   2021-02-12 19:44:00.093265
Last packet time:    2021-02-16 15:32:09.395677
Data byte rate:      266 bytes/s
Data bit rate:       2,135 bits/s
Average packet size: 432.96 bytes
Average packet rate: 0 packets/s
SHA256:              127353c65071e00c66dd08011e9d45bc75fe8030d3134db061781e7bf97b21b0
RIPEMD160:           d3b4062292749b33aef0d6abf74bf42ee90e900d
SHA1:                9850abbf26d14f2636e1e65d6c64841047317f17
Strict time order:   False
Capture oper-sys:    64-bit Windows 10 (2004), build 19041
Capture application: Mergecap (Wireshark) 3.4.0 (v3.4.0-0-g9733f173ea5e)
Capture comment:     TraceWrangler v0.6.8 build 949 performed the following editing steps:   - Replacing Linux Cooked header with Ethernet header  
Number of interfaces in file: 2
Interface #0 info:
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = microseconds (6)
                     Time ticks per second = 1000000
                     Time resolution = 0x06
                     Number of stat entries = 0
                     Number of packets = 203528
Interface #1 info:
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = microseconds (6)
                     Time ticks per second = 1000000
                     Time resolution = 0x06
                     Number of stat entries = 0
                     Number of packets = 247

We can glean how long the trace took place, how many packets we have, among other things. Believe it or not we can also get some protocol statistics using tshark, getting the same info you would in Wireshark!

$ tshark -qz io,phs -r ctf.pcap 
===================================================================
Protocol Hierarchy Statistics
Filter: 
eth                                      frames:203775 bytes:88226987
  ip                                     frames:197880 bytes:85519998
    tcp                                  frames:174805 bytes:82885008
      vssmonitoring                      frames:9120 bytes:510720
      ssh                                frames:6410 bytes:1946553
        _ws.malformed                    frames:4 bytes:440
      http                               frames:7799 bytes:45700088
        data-text-lines                  frames:807 bytes:1001371
        urlencoded-form                  frames:34 bytes:13836
          http                           frames:6 bytes:3612
          tcp.segments                   frames:2 bytes:148
        png                              frames:62 bytes:180828
          _ws.unreassembled              frames:60 bytes:173448
        http                             frames:16 bytes:14456
          http                           frames:14 bytes:13706
            http                         frames:10 bytes:11568
              http                       frames:8 bytes:10188
                http                     frames:6 bytes:8540
                  http                   frames:4 bytes:6468
                    http                 frames:4 bytes:6468
                      http               frames:4 bytes:6468
                        http             frames:4 bytes:6468
        media                            frames:20 bytes:429928
          http                           frames:2 bytes:124660
            media                        frames:2 bytes:124660
      telnet                             frames:33006 bytes:2741153
        _ws.malformed                    frames:986 bytes:66470
        vssmonitoring                    frames:4 bytes:224
      ftp                                frames:71 bytes:6326
        ftp.current-working-directory    frames:71 bytes:6326
      mysql                              frames:1172 bytes:186711
        mysql                            frames:3 bytes:1437
          mysql                          frames:3 bytes:1437
            _ws.unreassembled            frames:3 bytes:1437
              mysql                      frames:3 bytes:1437
      data                               frames:559 bytes:60665
      tls                                frames:163 bytes:165596
        tcp.segments                     frames:18 bytes:14665
          tls                            frames:12 bytes:10517
      smtp                               frames:89 bytes:13675
        imf                              frames:1 bytes:406
      _ws.malformed                      frames:1 bytes:134
      snmp                               frames:96 bytes:12388
        snmp                             frames:3 bytes:303
          snmp                           frames:3 bytes:303
            snmp                         frames:3 bytes:303
              snmp                       frames:3 bytes:303
                snmp                     frames:3 bytes:303
                  snmp                   frames:3 bytes:303
                    snmp                 frames:3 bytes:303
                      snmp               frames:3 bytes:303
                        snmp             frames:3 bytes:303
                          snmp           frames:3 bytes:303
                            snmp         frames:3 bytes:303
                              snmp       frames:3 bytes:303
                                snmp     frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
      ftp-data                           frames:5 bytes:45402
        ftp-data.setup-frame             frames:5 bytes:45402
          ftp-data.setup-method          frames:5 bytes:45402
            ftp-data.command             frames:5 bytes:45402
              ftp-data.command-frame     frames:5 bytes:45402
                ftp-data.current-working-directory frames:5 bytes:45402
      nbss                               frames:1 bytes:55
    udp                                  frames:22101 bytes:2493199
      sip                                frames:66 bytes:29741
      rpc                                frames:5 bytes:416
        portmap                          frames:5 bytes:416
      dns                                frames:21781 bytes:2427147
      data                               frames:91 bytes:8754
        vssmonitoring                    frames:2 bytes:112
      isakmp                             frames:2 bytes:364
      tftp                               frames:3 bytes:182
      snmp                               frames:55 bytes:4714
      cldap                              frames:4 bytes:377
      openvpn                            frames:5 bytes:280
      ntp                                frames:21 bytes:2770
        vssmonitoring                    frames:7 bytes:392
        _ws.malformed                    frames:1 bytes:56
      nbns                               frames:6 bytes:552
      ssdp                               frames:8 bytes:1096
      nat-pmp                            frames:2 bytes:112
        vssmonitoring                    frames:1 bytes:56
      coap                               frames:4 bytes:238
        _ws.malformed                    frames:1 bytes:56
      dtls                               frames:1 bytes:181
      bvlc                               frames:3 bytes:177
        bacnet                           frames:3 bytes:177
          bacapp                         frames:3 bytes:177
      rmcp                               frames:3 bytes:195
        ipmi_session                     frames:3 bytes:195
          ipmb                           frames:3 bytes:195
            data                         frames:3 bytes:195
      chargen                            frames:2 bytes:112
      l2tp                               frames:1 bytes:98
      mdns                               frames:2 bytes:176
      xdmcp                              frames:1 bytes:56
      memcache                           frames:1 bytes:56
        vssmonitoring                    frames:1 bytes:56
      quake3                             frames:1 bytes:56
        _ws.malformed                    frames:1 bytes:56
      rip                                frames:1 bytes:66
      cflow                              frames:21 bytes:14530
    icmp                                 frames:974 bytes:141791
      vssmonitoring                      frames:3 bytes:168
  arp                                    frames:4698 bytes:209862
  ipv6                                   frames:1157 bytes:2493613
    icmpv6                               frames:505 bytes:38222
    udp                                  frames:78 bytes:7687
      ntp                                frames:59 bytes:6490
      data                               frames:19 bytes:1197
    tcp                                  frames:574 bytes:2447704
      http                               frames:276 bytes:2414646
        data                             frames:7 bytes:99171
        data-text-lines                  frames:3 bytes:8826
      tls                                frames:9 bytes:10612
  llc                                    frames:32 bytes:2320
    stp                                  frames:31 bytes:1860
    cdp                                  frames:1 bytes:460
  loop                                   frames:6 bytes:360
    data                                 frames:6 bytes:360
  lldp                                   frames:2 bytes:834
===================================================================

Now that we got the lay of the land, seeing what our pcap is made up of, let’s get into what we came to do! Using tshark to parse some packets 🙂

Enter tshark! Tshark is the command line tool for Wireshark. It’s core switches are very close to what you would use with tcpdump. To read in a file you would use ‘-r <filename>’ or to sniff you’d use ‘-i <int name>’

I’m going to read in the value with the -c option which stands for count, so since I’m using ‘-c 1’ I’ll just get the first packet. If you were capturing traffic with the -i option and use the -c you’ll limit how many packets you’ll capture, just like tcpdump.

$ tshark -r ctf.pcap -c 1
1   0.000000 194.147.140.98 → 157.230.15.223 TCP 52138 33895 52138 → 33895 [SYN] Seq=0 Win=1024 Len=0

Do you remember how Wireshark has three separate panes by default? The first pane is the packet list, the second is the packet details, and the third is the packet bytes. In tshark, just reading in the file would get you the packet list. If you use the -V option you’ll get everything in the packet details pane and the -x option will give you the packet bytes section.

In the following example i’ll also use the ‘-Vx’ as well as the ‘-c 1’ option which will just display the first packet in all it’s glory (frame 1).

$ tshark -r ctf.pcap -Vxc 1
Frame 1: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
        .... .... .... .... .... ...0 000. .... = FCS length: 0
        .... .... .... .... 0000 000. .... .... = Reserved: 0
        .... ...0 .... .... .... .... .... .... = CRC error: Not set
        .... ..0. .... .... .... .... .... .... = Packet too long error: Not set
        .... .0.. .... .... .... .... .... .... = Packet too short error: Not set
        .... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
        ...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
        ..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
        .0.. .... .... .... .... .... .... .... = Preamble error: Not set
        0... .... .... .... .... .... .... .... = Symbol error: Not set
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 12, 2021 19:44:00.093265000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1613159040.093265000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 56 bytes (448 bits)
    Capture Length: 56 bytes (448 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:vssmonitoring]
Ethernet II, Src: fe:00:00:00:01:01, Dst: 00:00:00:00:00:00
    Destination: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: fe:00:00:00:01:01
        Address: fe:00:00:00:01:01
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 194.147.140.98, Dst: 157.230.15.223
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 40
    Identification: 0x8079 (32889)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 244
    Protocol: TCP (6)
    Header checksum: 0x499b [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x499b]
    Source: 194.147.140.98
    Destination: 157.230.15.223
Transmission Control Protocol, Src Port: 52138, Dst Port: 33895, Seq: 0, Len: 0
    Source Port: 52138
    Destination Port: 33895
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence number: 0    (relative sequence number)
    Sequence number (raw): 3764456385
    [Next sequence number: 1    (relative sequence number)]
    Acknowledgment number: 0
    Acknowledgment number (raw): 0
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x002 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgment: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 33895]
                [Connection establish request (SYN): server port 33895]
                [Severity level: Chat]
                [Group: Sequence]
        .... .... ...0 = Fin: Not set
        [TCP Flags: ··········S·]
    Window size value: 1024
    [Calculated window size: 1024]
    Checksum: 0x72f2 [correct]
    [Checksum Status: Good]
    [Calculated Checksum: 0x72f2]
    Urgent pointer: 0
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
VSS Monitoring Ethernet trailer, Source Port: 0
    Src Port: 0
0000  00 00 00 00 00 00 fe 00 00 00 01 01 08 00 45 00   ..............E.
0010  00 28 80 79 00 00 f4 06 49 9b c2 93 8c 62 9d e6   .(.y....I....b..
0020  0f df cb aa 84 67 e0 61 0b c1 00 00 00 00 50 02   .....g.a......P.
0030  04 00 72 f2 00 00 00 00                           ..r.....

That’s pretty neat right? You can see all the way into the first packet and get a bunch of information. Well, turning back to using Wireshark, remember how you would filter packets based on DNS or ICMP or what have you in the ‘display filter’? Well you can do that, with the same exact syntax, by using the -Y ‘<search_term>’ option. It’s best practice to put your search term inside of quotes, so if you have more than one word or periods, strange bash things won’t take place. Let’s take a look:

$ tshark -r ctf.pcap -Y 'dns' | head
  312 422.644017    127.0.0.1 → 127.0.0.53   DNS 42891 53 Standard query 0xb27a PTR 223.15.230.157.in-addr.arpa OPT
  313 422.644227 157.230.15.223 → 67.207.67.2  DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa OPT
  314 422.644279 157.230.15.223 → 67.207.67.3  DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa OPT
  315 422.653585  67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
  316 422.653761 157.230.15.223 → 67.207.67.3  DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa
  317 422.656415  67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
  318 422.656588 157.230.15.223 → 67.207.67.2  DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa
  319 422.659817  67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
  320 422.662693  67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
  321 422.663035   127.0.0.53 → 127.0.0.1    DNS 53 42891 Standard query response 0xb27a PTR 223.15.230.157.in-addr.arpa PTR ubuntu-s-1vcpu-2gb-nyc1-01 PTR ubuntu-s-1vcpu-2gb-nyc1-01.local OPT

We can use our -xV options to look in the first packet displayed. If you look at the first packet you can see it’s ‘frame 312’ and we will use the -c option to look just at this packet:

$ tshark -r ctf.pcap -Y 'dns' -xVc 312
Frame 312: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
        .... .... .... .... .... ...0 000. .... = FCS length: 0
        .... .... .... .... 0000 000. .... .... = Reserved: 0
        .... ...0 .... .... .... .... .... .... = CRC error: Not set
        .... ..0. .... .... .... .... .... .... = Packet too long error: Not set
        .... .0.. .... .... .... .... .... .... = Packet too short error: Not set
        .... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
        ...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
        ..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
        .0.. .... .... .... .... .... .... .... = Preamble error: Not set
        0... .... .... .... .... .... .... .... = Symbol error: Not set
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 12, 2021 19:51:02.737282000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1613159462.737282000 seconds
    [Time delta from previous captured frame: 9.688921000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 422.644017000 seconds]
    Frame Number: 312
    Frame Length: 98 bytes (784 bits)
    Capture Length: 98 bytes (784 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:dns]
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
    Destination: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.53
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x16bf (5823)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0x25a4 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x25a4]
    Source: 127.0.0.1
    Destination: 127.0.0.53
User Datagram Protocol, Src Port: 42891, Dst Port: 53
    Source Port: 42891
    Destination Port: 53
    Length: 64
    Checksum: 0xfe87 incorrect, should be 0x1e09 (maybe caused by "UDP checksum offload"?)
        [Expert Info (Error/Checksum): Bad checksum [should be 0x1e09]]
            [Bad checksum [should be 0x1e09]]
            [Severity level: Error]
            [Group: Checksum]
        [Calculated Checksum: 0x1e09]
    [Checksum Status: Bad]
    [Stream index: 2]
    [Timestamps]
        [Time since first frame: 0.000000000 seconds]
        [Time since previous frame: 0.000000000 seconds]
Domain Name System (query)
    Transaction ID: 0xb27a
    Flags: 0x0100 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        223.15.230.157.in-addr.arpa: type PTR, class IN
            Name: 223.15.230.157.in-addr.arpa
            [Name Length: 27]
            [Label Count: 6]
            Type: PTR (domain name PoinTeR) (12)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 1200
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 0
0000  00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00   ..............E.
0010  00 54 16 bf 40 00 40 11 25 a4 7f 00 00 01 7f 00   .T..@.@.%.......
0020  00 35 a7 8b 00 35 00 40 fe 87 b2 7a 01 00 00 01   .5...5.@...z....
0030  00 00 00 00 00 01 03 32 32 33 02 31 35 03 32 33   .......223.15.23
0040  30 03 31 35 37 07 69 6e 2d 61 64 64 72 04 61 72   0.157.in-addr.ar
0050  70 61 00 00 0c 00 01 00 00 29 04 b0 00 00 00 00   pa.......)......
0060  00 00

A common thing one may want to take a look at regarding DNS is what domain names are people trying to resolve. A cool thing about tshark is that you can specify what columns you want it to display. This is where I think tshark, and it’s usability really separates itself from tcpdump. You can do the same sort of things in tcpdump, but it will take a lot more work and will be messier using cut multiple times and what not. Using the ‘-T fields’ followed by the ‘-e <field_name> you can get something very specific and usable really fast. I’m going to pipe this to head simply for brevity, I don’t want to have so many lines to distract from simply what the command is doing:

tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e ip.src -e ip.dst -e dns.qry.name | head | sort | uniq
127.0.0.1	127.0.0.53	www.internetbadguys.com
157.230.15.223	67.207.67.2	zg-1218a-214.stretchoid.com
157.230.15.223	67.207.67.3	www.internetbadguys.com
172.17.0.2	67.207.67.2	zg-1218a-214.stretchoid.com
67.207.67.2	157.230.15.223	zg-1218a-214.stretchoid.com
67.207.67.2	172.17.0.2	zg-1218a-214.stretchoid.com
67.207.67.3	157.230.15.223	www.internetbadguys.com

Look how fast that was. If we have an idea of what we are looking for we can do so very efficiently inside of tshark. We can search for very specific things and drill down very fast. We can use other Linux text applications like sort, uniq and grep with ease. Let’s continue.

From here we can see someone is trying to resolve ‘www.internetbadguys.com’ which doesn’t look good. What are all the IPs trying to resolve this name? We can use our handy Linux tool grep to help us here:

$ tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e ip.src -e ip.dst -e dns.qry.name | sort | uniq -c | grep 'www.internetbadguys.com'
      1 127.0.0.1	127.0.0.53	www.internetbadguys.com
      1 127.0.0.53	127.0.0.1	www.internetbadguys.com
      2 157.230.15.223	67.207.67.3	www.internetbadguys.com
      2 67.207.67.3	157.230.15.223	www.internetbadguys.com

We could extract just the ‘dns.qry.name’ field and save them to a file for later analysis.

$ tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e dns.qry.name | sort | uniq -c > dns.qry.txt

What is another thing that’s really useful with tshark, is you can grep things. How is your grep game? I’d say I’m a beginner in all the things but I’ll let you know about three options with grep I use most. The first option is ‘-i’ which simply ignores case when searching for matches.

$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -i ctf
0460  63 6f 43 54 46 7b 40 70 6f 72 74 63 75 6c 6c 69   coCTF{@portculli

The next options with grep I use the most are the -A and -B which will display the lines above and below your match. This can give you more context to your match, which is very useful when looking at logs and packets.

$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -i ctf
0460$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -A 10 -B 10 -i ctf
03c0  3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f 75   :/nonexistent:/u
03d0  73 72 2f 73 62 69 6e 2f 6e 6f 6c 6f 67 69 6e 0a   sr/sbin/nologin.
03e0  5f 61 70 74 3a 78 3a 31 30 30 3a 36 35 35 33 34   _apt:x:100:65534
03f0  3a 3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f   ::/nonexistent:/
0400  75 73 72 2f 73 62 69 6e 2f 6e 6f 6c 6f 67 69 6e   usr/sbin/nologin
0410  0a 6d 79 73 71 6c 3a 78 3a 31 30 31 3a 31 30 31   .mysql:x:101:101
0420  3a 4d 79 53 51 4c 20 53 65 72 76 65 72 2c 2c 2c   :MySQL Server,,,
0430  3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f 62   :/nonexistent:/b
0440  69 6e 2f 66 61 6c 73 65 0a 73 75 70 70 6f 72 74   in/false.support
0450  3a 78 3a 31 30 30 30 3a 31 30 30 30 3a 43 69 73   :x:1000:1000:Cis
0460  63 6f 43 54 46 7b 40 70 6f 72 74 63 75 6c 6c 69   coCTF{@portculli
0470  73 6c 61 62 73 7d 3a 2f 68 6f 6d 65 2f 73 75 70   slabs}:/home/sup
0480  70 6f 72 74 3a 2f 62 69 6e 2f 73 68 0a 07 00 00   port:/bin/sh....
0490  04 fe 00 00 22 00 00 00                           ...."...
Frame 25202: 71 bytes on wire (568 bits), 71 bytes captured (568 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)

We can see that the packet following our match is ‘Frame 25202’ so if we know our match was in Frame 25201. We can also increase our -A or -B to get more context.

Given everything that we have learned so far, It would take us less than 20 seconds if someone asked you for all the mysql usernames and passwords found in a pcap. Or, if a certain user had attempted to login, etc. Sure you may have to open up Wireshark or google to get the correct syntax of the columns; but that’s easy.

$ tshark -r ctf.pcap -Y 'mysql' -T fields -e mysql.user -e mysql.passwd | sort | uniq 
	
8TmveSod	3305460ddd8e2cc1321a487ebfe4dc8fc9a2d20c5e30485ee382eccfa38f9863
admin	360435d4b3015b249066fe99636aecd8aa3fdb0c36d9e3f6a3a3251209aae0ac
admin	66afa1f2f5f9f5043ff31bd90ddac1ed90bab5f52457c234d0a2a71c9b8ff3dd
admin	b47dee5a3824dcf6f18d2a40abeac5e9259999b639c10d1b91057c3c157f5cfe
admin	c9990930240171b021e8ca57bea4c0f5dec51eba06637a92b7f194348da81c94
admin	dd73c7a5465cfd8bef44bc8b995619fb6e82e36e3da1ee39a159f7e36ee2c4c8
admin@example.com	2a80ec0decb594885667e5aa9b07d97bb4de2b0f8bda631737c790cf9bf562fd
admin@example.com	b722bcf91d9ed81e1160f20a810be143899d6b61cf81d2bb7ba0c770f99f3d74
admin	fc90eb0b8bfbb9c9f7c467cc7ee739b470835bedc1790d81dc2d46a880ba2b7d
flag	1148ed45984fd9b1e5ee7ee8dabde90d8c8ad768dbf47315feb48323e6c55111

I hope, if you’ve never used tshark, or hell, tcpdump for that matter, that you can see the utility of being able to parse packets at the command line. People are very into scripting with python these days, you could do some bash scripting here for things if you end up doing the same sorts of inquiries over and over again. And of course, if you want to open up Wireshark to take a look, you can do it from the command line as well 🙂

$ wireshark ctf.pcap &

That’s all for today. I’m going to focus on Zeek for the next post. Let’s see if I can get some zeek scripts off the ground. That should be bunches of fun! Till next time.

Ep 38 – Bart Castle Part 2

We are back this episode with Part 2 of our conversation with Bart Castle! Bart, Andy, and Aaron talk about the benefits of the cloud to software devs, Bart’s roots in networking, and a whole lot more in this week’s episode!

Follow Bart!
Twitter: @cloudbart
YouTube: youtube.com/c/bartcastle

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Overview

Here at AONE, we believe in continuous learning and development. We also want to do what we can help those trying to break into the network engineering field. While by no means the only factor, certifications can help you gain applicable knowledge for a specific career path. They can also be used to prove to employers that you have the ability and desire to learn and grow. For those trying to get into a network infrastructure profession or are early on in their careers, the Cisco Certified Network Associate (CCNA) program can be a great way to go. It is by means the only path, as their are other certification providers, but it is the one that we are going to highlight in this series.

This upcoming series is meant for those that are interested in, or are working toward achieving the CCNA certification. The approach for this series is that we will take a look a multiple topics in the CCNA “blueprint” and try to provide potentially supplemental knowledge and perspective to be used along with your other study materials. Before we dive into content in the next post, here are some example materials that you can look into if you are preparing for the CCNA certification. This is not an exhaustive list, just a few options that you can look into as you are trying to get started.

  • CCNA 200-301 Official Cert Guide
    • Commonly referred to as the CCNA “OCG”, this book covers CCNA exam topics and provides suggestions for study methods.
    • The book can be purchased in physical form, digital form, or both. There is also an option to get access to bonus material.
  • CBT Nuggets
    • CBT Nuggets provides on-demand video and lab training for many topics and certifications, including the CCNA.
    • Currently, there is an opportunity for some free training via this offer. This offer was released via the Packet Pushers Heavy Networking podcast.
  • Boson
    • Boson offers practice tests and a lab simulator (among other materials) to help you prepare for the CCNA (and other certifications).
  • Make It Stick
    • This book does not specifically pertain to IT, but can give you some tips to help you learn and retain knowledge.
  • It’s All About The Journey Community
    • As always, you can check out the IAATJ Discord Community to communicate with others that are also going after the CCNA certification, and those who are willing to help you.

We look forward to you joining us throughout this series!

Ep 37 – Bart Castle Part 1

In this week’s episode we talk to musician, artist, and Cloud Guru – Bart Castle! Bart weaves an engaging and brilliant tapestry of music, yurts, wanderlust and cloud stories. Buckle up and get ready to learn some cool stuff on this one!

Follow Bart!
Twitter: @cloudbart
YouTube: youtube.com/c/bartcastle

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Faces of the Journey – Chris Randall

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Chris!

Chris Randall, also known as @Bites_to_Bits, is an up and coming individual to the IT profession, originally from Michigan. At the age of 25, Chris moved to Southern Georgia to pursue career opportunities. However, at the time, the aspirations were not around network engineering or even information technology as a whole. Chris has spent the last 13 years in the culinary industry at different levels. He is currently a Food Service Director for a Fortune 500 client, where he oversees four onsite cafes. At their peak, they served over 2,000 guests per day! Before his current role, he also spent a short time at the former #1 restaurant in the world, Eleven Madison Park, in New York City. Previous to cooking for a living, when he was younger, Chris spent summers helping on his Aunt and Uncle’s potato farm. Growing up, Chris never felt that an IT career was a viable option, because they never had a reliable internet connection in the country and the family computer was outdated. However, a few years ago, he came into contact with Python for a college course and found it interesting. This led to some research into computer networking, which was very eye opening. Although not currently in an IT role, Chris spent the last six months studying for the CCNA exam, which he recently passed! As of now, the focus has been on the Cisco Devnet Associate certification and working through a Python #100DaysOfCode challenge. Chris is also working on a blog, playing around with some vlog ideas, and staying active on different social media platforms to help grow his network. Professionally, the next step is to break into the world of network engineering. The long term goal is to get into the DevOps or security disciplines.

Follow Chris:

Twitter

LinkedIn

Blog

Alright Chris, We’ve Got Some Questions

What is something you enjoy to do outside of work? As of late, my wife and I have begun hiking. We have some pretty decent local trails and are heading to Flagstaff, Arizona in April to hike some pretty unique areas. It is nice to be able to unplug for a few hours and spend quality time in some serene landscapes.

What is the next big thing that you are working toward? DevNet Associate and becoming fluent in Python. I want to be an asset as companies continue to implement Network Automation tools.

How did you figure out that information technology was the best career path for you? Cooking was always a means to an end for me, and after getting an Accounting Degree I knew that I needed something more challenging, something that wasn’t going to be redundant for the next 40 years of my life. IT continues to challenge me as I learn everyday, and from everything I see the industry never stops growing, which is exactly what I have been looking for.

When learning something new, what methods work best for you? I have found success in blending different methods together. I tend to watch videos on a new topic to get a baseline reference, and then I move to any sort of print material or online documentation. This helps me have a reference point when reading over the new topic. I will then use ANKI to develop flashcards of what I believe are key topics and then review them frequently. Lab-ing was a big help in my CCNA studies to solidify topics and really tie together how protocols functioned.

What motivates you on a daily basis? I am blessed to have a wonderful wife who deserves so much. She has persevered through even the toughest of times with me, without question, and for that I owe her the world. We are very fortunate to be in the situation we are where she is growing in her field and I have the ability to pivot to a new one. My current industry is very volatile, and I am fortunate to still have such a great job with so many restaurants closing these days. So I am taking advantage of the situation to ensure I do not have to endure such volatility in the future.

Bert’s Brief

I absolutely love to hear these “types” of stories. I am referring to the situations where people pivot their careers. The reason is because doing so takes has a take a large amount of courage, drive, endurance, and really knowing “who you are” as a person. Chris definitely has all of these traits. I cannot even begin to fathom trying to change career paths at this point in my life. The ability and drive to see that you want a change in life and actually going through the process to accomplish that goal is incredible. Chris is definitely someone who has proven that he is willing to put in the time and effort to become an IT professional. Seeing him document his progress over the last six months has been really cool. I cannot wait to see Chris break into network engineering!

Ep 36 – Siloed vs Jack of All Trades

In this episode A.J., Andy, and Dan discuss the differences in being a siloed engineer vs a jack of all trades. There are certainly pros and cons to each of these approaches. The team leverages and shares their experience with each of these approaches.

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Gitlab + Hugo = Website Magic Happy Time

I should let you know right off the top, this is not a ‘how-to’ from an expert. Instead, this is a how I was able to do something cool for the first time, article. The reason for this post is that I had to use multiple different how-to sites and was still left to troubleshoot multiple things. I’m writing this so a person in the same position as myself can hopefully get up and running in less time. So, with that in mind, if you are an expert in the tools used later on in this post I welcome some feedback on what I could have done better or what simply didn’t matter as I made my way through creating my first website since the GeoCities days (a Chicago Bulls tribute fan page).

About six months ago I was talking with a friend on twitter and we were discussing creating a website, a blog and video tutorial site together at some point. Life, projects, kids, COVID and home ownership got in the way and we never really got around to tackling it. Then, about 3 weeks ago I saw a post on my timeline discussing docs as code. I read into it, and watched a conference video that really got me excited. Watch this presentation! Now that you are as excited as me, let’s dive in!

The first thing I did was look to see if any of my mutuals that I talk to a little bit use GitHub to host their website and check in, see what they used or thought about their site. Tony E aka shoipintbri has such a site, hosted on GitHub. I reached out and he said if he had to do it all over again he’d use: GitLabs, Hugo and RestructuredText.

Step 1: So, I created a GitLabs account

After you create an account, it’s time to check our git version and or install it. I was working on Ubuntu 18.04 and the following commands will correspond as such.

Step 2: Install/Upgrade Git, for me I just had to upgrade

sudo apt update
sudo apt upgrade git
git --version

The next step is installing Hugo. Most of the documentation just says install the latest version of Hugo, which I did. But, once you get to looking at Hugo themes most of the new ones will want you to have the ‘extended version’ installed. The first time I stepped through this and my theme wasn’t working, it was because I didn’t have the ‘extended version’ installed. So, to save you a possible step, let’s just install the latest Hugo extended version straight away (I’m writing this to save the next person starting from scratch a little time). You won’t get the latest version using your package manager so we’ll pull it down with wget.

Step 3: Install the latest Hugo extended version (make sure you are downloading the version associated with your architecture/operating system)

wget https://github.com/gohugoio/hugo/releases/download/v0.81.0/hugo_extended_0.81.0_Linux-64bit.deb
sudo dpkg -i hugo_extended_0.81.0_Linux-64bit.deb
Hugo version # verify your version/install
rm hugo_extended_0.81.0_Linux-64bit.deb 

At this point you have everything you need except for your Hugo theme, but we will get there. At this point move into a working directory you’ll want to use for your project. This is not necessarily needed but I like it.

Step 4: Make a working directory for your project and move into it

mkdir ~/Desktop/hugofthunder
cd ~/Desktop/hugofthunder

At this point, I set up git on my local machine to talk to the master of my newly created GitLabs account using SSH authentication.

Step 5: Create a public/private key pair

cd ~/.ssh/
ssh-keygen -t rsa -b 2048
cat id_rsa.pub
ssh -T git@gitlab.com/<your_username>
cd ~/<your_project_working_directory>

When you are logged into GitLabs you can paste the .pub you echoed above under your profile -> preferences -> ssh keys. The next thing to do before we start setting up Hugo is to set some global git configurations that correspond to your GitLab account.

Step 6: configure git

git config --global user.name "<your_username>"
git config --global user.email "<your_email_with_GitLab>"
git config --global --list # verify settings

If we are in the root of our working directory, it should literally be empty if you do an ls command, we can now do a git init command.

Step 7: git init

git init

If you’ve made it this far, it’s time to do our first Hugo command. Congratulations, you are almost to website creation time! The first command you run will name your project and create a new directory with that projects name.

Step 8: Time to fire up Hugo! Name it whatever you want, you don’t have to go with hello-world 🙂 After you run your Hugo new site command move into the newly created directory.

hugo new site hello-world
cd hello-world 

If you ll or ls in your newly created directory you’ll see you have some basic files that associated with the barest of bare bones needed for your upcoming site.

This is a very exciting point in the project and this post. Here is where you will decide on what Hugo theme you want to run on your site. This is a configuration that will give a certain look/layout/feel to your website. Each theme has varying degrees of associated documentation but installing them all is pretty much the same. You either git clone or git submodule the theme as follows, and for demonstration purposes, I went with the codex theme.

Step 9: Install your Hugo theme

git submodule add https://github.com/jakewies/hugo-theme-codex.git themes/hugo-theme-codex

Alright, at this point you will have a pretty basic page with placeholder text. This is still pretty cool right? How do you get this up on your GitLabs for everyone to see?! You are about to find out!

The first thing we will need to do is decide on a project name as it will appear on GitLabs. For my website I chose the name ‘jobapp’ and used the following command to create it.

Step 10: Your first git push

# this will be down from the <working directory>/<your project> directory (the root of your project)
git add .
git remote add origin git@gitlab.com:<gitlabs_group_name/project_name>
git commit -m "init commit for project"
git push -u origin master

In about 30 – 90 seconds you should be able to refresh your GitLabs account and see your newly created project created along with the files and directories that were in the root of your project locally. The next thing to do is to talk about the files associated with getting this website up and running. There are two main files, the first I will discuss is called ‘config.toml’ and should be seen in the root of your project if you do an ls. If you go back to your themes documentation, which in my case was the Codex theme they will usually have a .toml config file to copy and paste into your .toml

I found my sample toml on the codex theme’s GitHub. I simply cut and paste their sample file same into my own .toml.

Step 11: Edit your .toml config file

# DO NOT REMOVE THIS
theme = "hugo-theme-codex" 

# Override these settings with your own
title = "codex"
languageCode = "en-us"
baseURL = "https://githugs.gitlab.io/jobapp"
copyright = "© {year}"

In the .toml the only other thing you HAVE to change is the ‘baseURL’ to match what will be your URL on GitLabs. This will be the ‘root’ level so to speak of your website and all the sub directories will fall off this base. If this isn’t set correctly your website will not render correctly on GitLabs. I’ll show you in a few steps where to find this address.

The second configuration file is what GitLabs uses to create your site. You create this file on the root of your project locally as well, same place the .toml is located and name it ‘.gitlab-ci.yml’ I used vim for this task but you can use any other txt editing application without any judgment (from me anyway).

Step 12: Create a .gitlab-ci.yml file

vim .gitlab-ci.yml

Let me show you what’s in my gitlab-ci.yml file and explain the most important part.

image: registry.gitlab.com/pages/hugo/hugo_extended:latest

variables:
  GIT_SUBMODULE_STRATEGY: recursive

test:
  script:
  - hugo
  except:
  - master

pages:
  script:
  - hugo
  artifacts:
    paths:
    - public
  only:
  - master

For just about every theme I tested out, as mentioned earlier, uses a Hugo extended version. Most of the how-to documentation for setting up your first site doesn’t have you install the extended version locally or call an extended version in your .yml file on GitLabs. Instead, they simply have you call the latest version of Hugo. This didn’t work for me, so to save you an hour of troubleshooting you can either navigate to the exact version of Hugo you want to spin up on GitLabs or simply cut and paste ‘image: registry.gitlab.com/pages/hugo/hugo_extended:latest’ and make sure you are using the extended version.

What GitLabs does, to my understanding, is run a script that spins up a Hugo image and runs a script to create and render your website whenever there is a change. Alternatively, you can run Hugo locally to create your .html files and upload those to GitLab but I won’t be covering that here.

At this point, we can do another git commit to add our edited .toml and newly created .yml to our GitLabs project. This .yml is what GitLabs will use to create your page so after this commit we will be able to verify what our URL is and verify we have the correct address in your .toml config file under baseURL.

Step 13: Let’s commit our local changes to GitLab

git add .
git commit -m "adding .yml // edit .toml"
git push -u origin master

Now it is time to go to your GitLab project. On the left side you can scroll down to Settings -> Pages. It is in this location you can verify your baseURL. You can also go to this url to see how your site is currently looking. If you need to change your baseURL in your .toml file you simply make your changes and then push them to GitLabs.

From this point you should have a working site on GitLabs. You’ll need to read your themes documentation on how to create additional posts and how to further edit and personalize your site. Each theme may do things a little different so it is of no use to continue down that train as the documentation for the theme is what you should follow.

I ended up creating https://githugs.gitlab.io/jobapp/ in which I have a simple homepage and then two blog posts. This took me about 8 hours but if I was to follow what I just wrote I could probably accomplish the same thing in 30-45 minutes.


If you made it this far, thanks for reading and I hope you got something out of it. The following is a quick aside as to why I created a site in the first place 🙂

As you can see from the website I created I was trying to get Pete Lumbis’ (who works at Cumulus/NVIDA networking) attention in hopes to start a conversation for a job ask he posted publicly. I’ve been a fan of Cumulus Linux since I first started learning about networking. Most of all, I like that they have their VMs and vagrant boxes publicly available. You don’t have to have a previous relationship with a sales rep to get access or worry about a 30 day license or something. Secondly, their VM can run on less on GB of RAM. This is huge, you can have a little lab going with 6 devices easily with a regular old laptop. No expensive hardware needed. Lastly, both layer 2 and layer 3 work great. With Junos you have to have two VMs up with an internal bridge to do what Cumulus Linux does right out of the box. Cisco VMs are hard to come by and want all of the resources. Thus, Cumulus Linux is great for those that want to spin something up fast and have all the features you are looking for to learn networking fundamentals. If you are up for learning Cumulus check out my friend Aninda Chatterjee‘s new PluralSight course: Cumulus – The Big Picture.


If you’d like to simply clone my site, you can do so here: https://gitlab.com/githugs/jobapp

Ep 35 – FortiJeff

In this episode we talk to Jeff Clark, a Sales Engineer at Fortinet. Jeff discusses how he went from a mortgage broker, to Network Engineer, to SE, as well as what the SE role is all about.

You can find more of Jeff online at:
http://www.fortijeff.com/

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Network Troubleshooting Tip – Model Driven

No matter what the specific role, as an IT professional, you are going to be tasked to solve problems. Whether you are in a direct support role, part of an escalation team, or on the architecture/engineering team, you are potentially seen as someone who “fixes all the things”. Sometimes though, I think it can be easy for us to fall into a trap of quickly jumping to conclusions and getting “into the weeds” in potentially an incorrect direction. I’ll admit, I am definitely guilty of this from time to time. This can be for many reasons, from we feel pressured to find a resolution quickly, to assuming that problem is more technical than it is just because it seems somewhat similar to something that happened in the past. In this post, we’ll go through a high-level troubleshooting method that I like to use when problems arise.

In our studies to become IT/Network professionals, one thing that is good to learn or at least know of, is the OSI (Open Systems Interconnection) Model. The OSI Model is a framework that can be used to standardize and understand the different components of a network or computing system. Here is a list of the layers of the OSI model and how they are displayed.

  • 7 – Application
  • 6 – Presentation
  • 5 – Session
  • 4 – Transport
  • 3 – Network
  • 2 – Data Link
  • 1 – Physical

Now, don’t worry. I’m not going to go in depth on each layer, nor am I an expert in each. I mainly just wanted to show the full model list to help explain my thought process when troubleshooting. I will not say that I use this as a definitive method and have to exhaust each layer before even thinking about the next. I merely like to think of the OSI Model as a high level guide to help get mind right went sifting through problems. Thinking through at least parts of this model give me a starting point and keep me in check from getting deep “into the weeds” before it is necessary to do so. An example of this is, for a connectivity issue, should I really be looking in routing tables for a potential problem before I’ve even validated power and physical connectivity of the problem device(s)? At least keeping the OSI Model in mind can keep me on a more narrow path to trying to find that problem resolution quickly. Here are some examples (not an exhaustive list) that can be used in troubleshooting when thinking about some of these layers (typically in this layer order). Like eluded to in the previous example, I find it helpful to take a bottom-up approach when looking at the OSI Model.

  1. Physical
    • Is all of necessary equipment powered and booted properly?
    • Are all of the proper physical connections made and functioning without apparent errors?
    • For wireless, is the device (or devices) able to associate and authenticate to the proper SSID?
  2. Data Link
    • Are MAC addresses being learned on switchports?
    • Is Spanning Tree Protocol configured and functioning the way we expect?
  3. Network (this a “fun” one)
    • IP Addressing
      • Are devices that are configured for DHCP receiving IP addresses?
      • Are devices that are set statically configured properly? By properly, I mean with:
        • A unique IP address.
        • A correct subnet mask.
        • A correct default gateway address.
        • Correct DNS servers.
        • A good reason to be set with a static address.
          • I bring this up with just a slight bit of snark here. Statically configuring devices with IP information adds a level of complexity and extra room for error (and I am specifically referencing static configuration, not DHCP reservations by MAC address). There are however, reasons to leverage statically configured IP addresses, so I will not say that they are no use cases.
    • Routing
      • Does the router have a correct ARP entry for the device(s).
      • Are routes being learned or statically defined correctly?
      • Ping and traceroute are your friends.
    • Security
      • Layer 3 (Network Layer) and above is where I really start to consider security factors in troubleshooting such as access control lists (ACLs) and/or true firewall rules.
  4. Transport
    • Security/ACL/Firewalling.
  5. Session
    • Not a layer I specifically consider in at least initial, high level troubleshooting.
  6. Presentation
    • Not a layer I specifically consider in at least initial, high level troubleshooting.
  7. Application
    • Is the application functioning or being used/accessed as expected?
    • Security/ACL/Firewalling.

To close this out, I am by no means saying to print out the OSI Model, keep it next to you always, and follow it as an exact step by step troubleshooting method. I am more suggesting to leverage this model to give yourself somewhere to start, and some guidelines, when troubleshooting. We all want to resolve issues quickly and efficiently to keep our customers/clients/co-workers happy, and so we can get on to the next fun and exciting adventure!

Faces of the Journey – Christine Pappas

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Christine!

Christine Pappas, also known as @networkgeekgirl, is a network engineer in Maryland, USA. Christine has spent much of her life in Maryland, leaving for just four years to pursue higher education at Ferrum College in southwest Virginia. Prometric, LLC is the company Christine works for currently and has for twenty one years now. Prometric is a leading provider of technology-enabled testing and assessment solutions worldwide. Christine started at Prometric as an administrative assistant to the IT department with minimal tech knowledge. As she saw the operations of the department, she asked to learn more, and they were more than happy to oblige. First, Christine worked additional hours on the weekends, providing Level 1 support in the data center by monitoring processes and engaging the on-call staff to respond to issues that arose. She then expanded her responsibilities by becoming the technical writer for the processes that she had been monitoring by creating clear instructions for all necessary tasks. Continuing her technical growth, Christine spent time as an FTP administrator, and also joined the security team for a period of time, running reports, and checking for security issues on the network. Then, came the biggest career step. Someone was moving out of the network department, which had been an area of interest for Christine. Christine’s manager and director offered her a transition to that team to learn network engineering. This was about thirteen years ago, and Christine jumped at the opportunity, and has been learning ever since. Initially, she handled the “grunt work” and learned about Juniper and Netopia routers. After a few years of learning and growth, she got the opportunity to work daily on the Cisco routers and switches. Christine now works on both the campus and data center Cisco environments, providing design and implementation expertise for the global enterprise. She has also become the SME for the wireless and VPN disciplines. A love for playing in the CLI is what drew Christine to an IT profession. Understanding that the infrastructure that she designs and implements is a lifeline to the business is very rewarding for her. Christine’s goals and next steps are what I would deem well thought out and methodical. The short term goals are to become a senior network engineer, and to obtain a CCNP certification. Christine is taking it one step at a time so that her goals are achievable. She enjoys leveraging the knowledge that she has gained throughout her career and using it to teach up and coming junior engineers.

Follow Christine:

Twitter

LinkedIn

Alright Christine, We’ve Got Some Questions

What do you want to be when you “grow up”? Senior Network Engineer, with CCNP, CCDP and eventually (possibly) CCIE.

What advice do you have for aspiring IT professionals? Study every day, even if it is for only 10 min, make sure you learn one new thing. The best way to learn is to do and do often, so labbing or working on real equipment is key to solidifying that in your brain. Figure out how you retain knowledge best and use that method. Listen in on troubleshooting calls to learn real world issues and how they are resolved. As you grow, help others with your new knowledge, don’t keep it all inside your own mind.

What is something you enjoy to do outside of work? Spending time with my family is my number one priority. My husband and I love to travel (pre-COVID). Reading and singing (many moons ago I did get a degree in Music) are my passions.

How do you manage your work/life balance? Managing that balance has been more difficult this past year in COVID times. I have learned to work from home full time, while helping my 3 girls do virtual school, and try to keep us all sane from being locked down in the house. I have had to learn to be patient with myself and determine how much work I could get done in a day realistically. Two of my girls have medical issues, so at times I am forced to balance work with doctor appts (my bosses and coworkers are amazing with this). I take time out in the evenings and weekends to watch true crimes or DIY shows with my husband, sit, and talk with him and the kids, plan future travel, and just be around each other. I talk or FaceTime with family and friends. When I need my own space, I will read or scroll social media. Time is a premium around here – I have 3 very different children who all rely on me in various ways. I am also now a passenger as my oldest learns to drive, so that tends to take your mind off everything else!

What motivates you on a daily basis? My kids – seeing them grow and learn and wanting to give them a positive role model. They love me as mom, but also see me studying for exams, and ‘hacking the world’ as they call it when I am connected in CLI. They see a woman in a predominately and historically man’s role, and I hope that they see their own possibilities are endless if they work hard for what they want.

Bert’s Brief

Strength, determination, and compassion are three (among many) traits that Christine Pappas wields on a daily basis. She has seen every challenge in front of her as an opportunity to practice and grow her skill sets. While she been with the same company for the last 20+ years, she has taken different roles to broaden knowledge in different areas. I really think there is a lot to be said for that. Even more so, Christine has been able to advance her career while still making her family and friends priorities, and finding balance, which is very impressive. Christine also finds time to be an active member in the It’s All About the Journey community, providing perspective, guidance, and encouragement. I can’t wait to hear her named called on the AONE podcast when she passes the Cisco ENCOR exam later this year!

Ep 34 – Technical Interviews

In this episode Dan and Andy discuss the technical interview with special guest, Tim McConnaughy. Tim is a Technical Solutions Architect at Cisco who has a lot of experience on both sides of the technical interview table. The guys talk about their personal experiences with technical interviews, how to prepare for one and how to stand out at your next technical interview.

Follow Tim on Twitter: @juangolbez
Checkout Tim’s blog, https://carpe-dmvpn.com/
YouTube: https://www.youtube.com/c/CarpeDMVPN

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Route Summarization (Post 4)

You’ve made it to the 4th and final post in the OSPF Route Optimization series, I’m proud of you! I honestly wasn’t sure if I’d make it this far, myself. Anyway, in this post we will build upon the work we accomplished in post 3, in which we converted our flat, single area OSPF topology into multi-area OSPF with each site having a boundary between area 0 and the local area (1, 2, 3, or 4 per site). By just implementing multiple areas, we do not yet see a large benefit. Our routing table sizes are still larger than they need to be. In this post, we will leverage route summarization in our area border routers to start seeing that benefit of smaller routing tables. Multi-area OSPF is what makes route summarization possible. Just like the last post, to avoid too much clutter, we will focus in on site1-dist and site1-access1. Keep in mind, that the rest of the topology is getting configured also, just behind the scenes. First, let’s get a refresher on our topology.

With OSPF, route summarization is implemented in the area border routers. In our case here, this will be done in the “dist” switch at each site. For the purposes of this demonstration, we will summarize the route advertisements of the entire /16 of each local site network. In the output below, we will take a look at the configuration on site1-dist, then some “show” output from site1-dist and site1-access once the summarization configuration has taken place throughout the entire topology.

site1-dist

site1-dist#configure terminal
 site1-dist(config-router)#area 1 range 10.1.0.0 255.255.0.0
 site1-dist(config-router)#end
 site1-dist#show ip route ospf
   10.0.0.0/8 is variably subnetted, 29 subnets, 4 masks
 O        10.1.0.0/16 is a summary, 00:04:38, Null0
 O        10.1.11.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.12.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.13.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.21.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.22.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.23.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.31.0/24 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.32.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.33.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.255.1/32 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.255.2/32 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.255.3/32 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O IA     10.2.0.0/16 [110/21] via 10.100.0.1, 00:03:32, GigabitEthernet0/1
 O IA     10.3.0.0/16 [110/21] via 10.100.0.1, 00:02:50, GigabitEthernet0/1
 O IA     10.4.0.0/16 [110/21] via 10.100.0.1, 00:01:25, GigabitEthernet0/1
 O        10.100.0.4/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.0.8/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.0.12/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.255.255/32 
            [110/11] via 10.100.0.1, 00:04:38, GigabitEthernet0/1

As you can see, the configuration itself is simple and done within the router ospf instance. Due to the IP addressing plan we used, combined with multi-area OSPF and route summarization across the topology, we were able to reduce the OSPF routes in this Layer 3 switch from 64 down to 20 (including the /16 null route)!

site1-access1

site1-access1#show ip route ospf
   10.0.0.0/8 is variably subnetted, 28 subnets, 4 masks
 O        10.1.21.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.22.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.23.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.31.0/24 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.32.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.33.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.200.4/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.200.8/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.255.2/32 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.255.3/32 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.255.255/32 [110/11] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O IA     10.2.0.0/16 [110/31] via 10.1.200.1, 00:06:01, GigabitEthernet0/1
 O IA     10.3.0.0/16 [110/31] via 10.1.200.1, 00:05:15, GigabitEthernet0/1
 O IA     10.4.0.0/16 [110/31] via 10.1.200.1, 00:03:45, GigabitEthernet0/1
 O IA     10.100.0.0/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O IA     10.100.0.4/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.0.8/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.0.12/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.255.255/32 
            [110/21] via 10.1.200.1, 00:12:42, GigabitEthernet0/1

Here, you can see that the downstream routers from the area border router also benefit from the route summarization as the OSPF routes in the site1-access1 routing table have been reduced to 19. I want to highlight that the routes from areas 2, 3, and 4 are now seen as single /16 routes to routers in area 1. This is a great start to shrinking the routing tables in our topology, but we can go further. Is there really a reason for the access layer switches to have routes to the other sites? I encourage you to take a look at the different stub area types next. Thanks for joining me on this journey, and until next time, happy routing!

Ep 33 – Cord Cutters

In this episode the guys talk about the life of a cord cutter. The advantages and disadvantages of cord cutting over traditional TV, the backend wheelings and dealings that make pay-as-you-go options impossible in traditional distribution models and streaming’s impact on the global network.

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Starting the GIAC Certification Process

So I’ve made it through just about all of the SANS SEC503 material. That’s no small accomplishment in it of itself and I already feel like I’ve leveled up a bit. I now know some of the secrets about the TCP handshake, checksums and window size 🙂 If you’ve followed me through my first three posts you know I’ve touched a bit on tcpdump, scapy and snort while going through the material.

The next big hurdle, which will be coming up in just over 60 days is my first GIAC exam. For those that don’t know, this is the certifying body that is directly relevant to the SANS courses. As I understand it, it’s a 4-hour exam in a PearsonVue type center that is open book/paper. Since it’s ‘open book’ and I have some 5 books of slides and another two books of labs, there has to be a method to organize this into something efficient and useful to a test taker. I’ve searched the web and watched some YouTube videos about how to prepare for a GIAC exam and I keep coming across the word ‘index.’ While the end of my book 5 does have an index, I looked through the terms and tried to imagine how useful it would be, and my conclusion is not much.

To be fully transparent, I started writing this blog post as something to put out there in public to hold myself to completing this indexing task and I’m currently about 18% through I’d estimate. The plan is to reread each book and then pull out the relevant information I think would be useful if I need to reference something quick related to the topic. I’ve decided I’m going to break up my key terms by protocol and/or tool, sometimes making an entry for both referencing the same page number.

Once I get through rereading all the books and completing my index, I’m going to type it up and sort. From there I’ll deliberate the most useful format for the index and set aside some time for a practice exam. Depending on how the practice test goes will give me an idea of what I need to tinker with to be my most successful test taker self. Luckily, I have two practice exams so I get to try out my improved plan before going in on the actual exam.

I’ll do a post later when I’m further along in the process, but like I mentioned above I’m just writing a quick note and putting this out there to help hold myself accountable. If you see me out there tweeting too much Heat basketball send me a dm and let me know what the real goal is 🙂 Till next time!

Ep 32 – Make it Stick

In this episode, we talk with Peter Brown, co-author of Make it Stick! Peter is one of the team of three authors that wrote Make it Stick: The Science of Successful Learning. Peter explains the original idea for the book, the team discusses many of the tactics for successful learning outlined within the book, and Peter elaborates on the team’s findings.

Peter is a New York Times best selling author. In addition to co-authoring Make It Stick Peter has written several other books. You can find more on Peter and his books, on his website: https://www.petercbrown.com/index.php

To get your copy of Make it Stick: The Science of Successful Learning, grab it here: https://amzn.to/3qKGkl5

For more information on the book, you can check out the website: https://makeitstick.net/

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Multi-Area OSPF (Post 3)

In this post of the OSPF Route Optimization series, we take a look at multi-area OSPF. As stated before, while single-area OSPF provides us with global IP reachability, it tends to not scale well from an efficiency standpoint as the network grows. In our sample topology, we will treat the “inside” zone of each site as its own area while leaving the distribution to core layer in area 0. With our IP address design, doing this will allow us to perform IP summarization and shrink the size of our routing tables. Here is an updated view of our topology and in the output shown in the rest of this post, we will work with area 1 (site 1).

As a reminder, here is what the routing table (OSPF routes) looks like on access switch #1 at site #1 with single area OSPF.

site1-access1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.255.255/32
[110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1

We will now start our configuration of multi-area OSPF. For brevity, in this post we will focus on site #1, specifically the distribution switch and one access switch. The configuration is similar for the rest of the network. Disclaimer: similar changes in a production environment should be planned, coordinated, and performed in a maintenance window that allows for downtime.

site1-dist

site1-dist#show ip int brief | exclude unassigned
 Interface              IP-Address      OK? Method Status            Protocol
 GigabitEthernet0/1     10.100.0.2      YES TFTP   up                    up      
 GigabitEthernet0/2     10.1.200.1      YES TFTP   up                    up      
 GigabitEthernet0/3     10.1.200.5      YES TFTP   up                    up      
 GigabitEthernet1/0     10.1.200.9      YES TFTP   up                    up      
 Loopback0              10.1.255.255    YES TFTP   up                    up      
 site1-dist#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.255
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     Loopback0
     GigabitEthernet1/0
     GigabitEthernet0/3
     GigabitEthernet0/2
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      22:12:43
     10.3.255.255         110      22:12:16
     10.4.255.255         110      22:12:16
     10.100.255.255       110      22:12:53
     10.4.255.1           110      22:12:16
     10.4.255.3           110      22:12:05
     10.4.255.2           110      22:12:16
     10.3.255.2           110      22:12:16
     10.2.255.3           110      22:12:43
     10.3.255.3           110      22:12:16
     10.2.255.2           110      22:12:43
     10.1.255.1           110      22:12:53
     10.2.255.1           110      22:12:43
     10.1.255.2           110      22:12:53
     10.3.255.1           110      22:12:16
     10.1.255.3           110      22:12:53
   Distance: (default is 110)
 site1-dist#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 site1-dist(config)#int range gi0/2-3, gi1/0, lo0
 site1-dist(config-if-range)#ip ospf 1 area 1
 site1-dist(config-if-range)#
 *Nov 22 17:17:54.010: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.1 on GigabitEthernet0/2 from FULL to DOWN, Neighbor Down: Interface down or detached
 *Nov 22 17:17:54.018: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.2 on GigabitEthernet0/3 from FULL to DOWN, Neighbor Down: Interface down or detached
 *Nov 22 17:17:54.026: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.3 on GigabitEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
 site1-dist(config-if-range)#
 *Nov 22 17:17:59.544: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID from backbone area from 10.1.200.10, GigabitEthernet1/0

In the above output for site1-dist, we can see that the interface connecting to the core (gi0/1) is left in the backbone area (area 0). All other interfaces that can be seen as “local” to the site (including the router’s loopback 0 interface, which is used as the OSPF router ID) are moved into area 1. For site 2, we are using area 2, site 3 is area 3 and site 4 is area 4. You can see that as soon as the interfaces connecting to the access layer switches are moved into, area 1, we lose OSPF neighborship with them on site1-dist because there is now an area ID mismatch in the hello messages between site1-dist and the access layer switches that are still in area 0. This is why in a production environment, that this would need to be done in a communicated maintenance window. We will now configure the necessary interfaces on site1-access1. The same would be configured on the other access layer switches at site 1 as well as the rest of the access layer switches at the other sites in the topology, just with their respective area IDs.

site1-access1

site1-access1#show ip int brief | exclude unassigned
 Interface              IP-Address      OK? Method Status                Protocol
 GigabitEthernet0/1     10.1.200.2      YES TFTP   up                    up      
 Loopback0              10.1.255.1      YES TFTP   up                    up      
 Loopback11             10.1.11.1       YES TFTP   up                    up      
 Loopback12             10.1.12.1       YES TFTP   up                    up      
 Loopback13             10.1.13.1       YES TFTP   up                    up      
 site1-access1#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.1
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     Loopback0
     Loopback11
     Loopback12
     Loopback13
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      23:43:05
     10.3.255.255         110      23:42:37
     10.1.255.255         110      23:43:16
     10.4.255.255         110      23:42:27
     10.100.255.255       110      23:43:16
     10.4.255.1           110      23:42:27
     10.4.255.3           110      23:42:17
     10.4.255.2           110      23:42:17
     10.3.255.2           110      23:42:37
     10.2.255.3           110      23:43:05
     10.3.255.3           110      23:42:27
     10.2.255.2           110      23:42:55
     10.2.255.1           110      23:43:05
     10.1.255.2           110      23:43:16
     10.3.255.1           110      23:42:27
     10.1.255.3           110      23:43:16
   Distance: (default is 110)
 site1-access1#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 site1-access1(config)#int range gi0/1, lo0, lo11-13
 site1-access1(config-if-range)#ip ospf 1 area 1
 site1-access1(config-if-range)#
 *Nov 22 18:50:38.694: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.255 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
 site1-access1#show ip ospf neighbor 
 Neighbor ID     Pri   State           Dead Time   Address         Interface
 10.1.255.255      0   FULL/  -        00:00:36    10.1.200.1      GigabitEthernet0/1

In this simulation, the client subnets are represented as loopback interfaces. In “real life” they would most likely be switch virtual interfaces (SVIs). As stated in the last post, for the lab, I set the client subnet represented loopback interfaces with the “ip ospf network point-to-point” command. This way, OSPF would advertise the entire /24 subnets rather than just the /32 loopback addresses. We can see that all interfaces on site1-access1 are moved into area 1. As soon as interface gi0/1 (connecting to site1-dist) is added into area 1, the OSPF neighborship comes back online. For all router to router connections in this lab we are leveraging “ip ospf network point-to-point”. That is why we do not see any DRs or BDRs in the “show ip ospf neighbor” outputs.

We are now going to fast forward. All routers (Layer 3 switches) in the topology have been configured properly for multi-area OSPF as shown in the diagram at the beginning of this post. Let’s now take a look at some show commands from site1-dist and site1-access1 now the entire topology has been configured.

site1-dist

site1-dist#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.255
   It is an area border router
   Number of areas in this router is 2. 2 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     GigabitEthernet0/1
     Routing on Interfaces Configured Explicitly (Area 1):
     Loopback0
     GigabitEthernet1/0
     GigabitEthernet0/3
     GigabitEthernet0/2
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      00:04:09
     10.3.255.255         110      00:03:28
     10.4.255.255         110      00:02:53
     10.100.255.255       110      00:17:48
     10.1.255.1           110      00:17:38
     10.1.255.2           110      00:17:48
     10.1.255.3           110      00:17:38
   Distance: (default is 110)
 site1-dist#show ip route ospf
       10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
 O        10.1.11.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.12.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.13.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.21.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.22.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.23.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.31.0/24 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.32.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.33.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.255.1/32 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.255.2/32 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.255.3/32 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O IA     10.2.11.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.12.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.13.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.21.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.22.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.23.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.31.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.32.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.33.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.200.0/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.200.4/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.200.8/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.1/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.2/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.3/32 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.255.255/32 [110/21] via 10.100.0.1, 00:04:43, GigabitEthernet0/1
 O IA     10.3.11.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.12.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.13.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.21.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.22.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.23.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.31.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.32.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.33.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.200.0/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.200.4/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.200.8/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.255.1/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.255.2/32 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.255.3/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.255.255/32 [110/21] via 10.100.0.1, 00:04:01, GigabitEthernet0/1
 O IA     10.4.11.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.12.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.13.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.21.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.22.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.23.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.31.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.32.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.33.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.200.0/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.200.4/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.200.8/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.255.1/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.255.2/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.255.3/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.255.255/32 [110/21] via 10.100.0.1, 00:03:27, GigabitEthernet0/1
 O        10.100.0.4/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.0.8/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.0.12/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.255.255/32 
            [110/11] via 10.100.0.1, 00:18:21, GigabitEthernet0/1

site1-access1

site1-access1#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.1
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 1):
     Loopback0
     Loopback11
     Loopback12
     Loopback13
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.1.255.255         110      00:06:19
     10.1.255.2           110      00:22:56
     10.1.255.3           110      00:22:56
   Distance: (default is 110)
 site1-access1#show ip route ospf
       10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
 O        10.1.21.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.22.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.23.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.31.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.32.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.33.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.200.4/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.200.8/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.2/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.3/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.255/32 [110/11] via 10.1.200.1, 00:09:02, GigabitEthernet0/1
 O IA     10.2.11.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.12.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.13.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.21.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.22.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.23.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.31.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.32.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.33.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.200.0/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.200.4/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.200.8/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.1/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.2/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.3/32 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.255.255/32 [110/31] via 10.1.200.1, 00:08:44, GigabitEthernet0/1
 O IA     10.3.11.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.12.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.13.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.21.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.22.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.23.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.31.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.32.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.33.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.200.0/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.200.4/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.200.8/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.255.1/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.255.2/32 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.255.3/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.255.255/32 [110/31] via 10.1.200.1, 00:07:59, GigabitEthernet0/1
 O IA     10.4.11.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.12.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.13.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.21.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.22.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.23.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.31.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.32.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.33.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.200.0/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.200.4/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.200.8/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.255.1/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.255.2/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.255.3/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.255.255/32 [110/31] via 10.1.200.1, 00:07:21, GigabitEthernet0/1
 O IA     10.100.0.0/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.4/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.8/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.12/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.255.255/32 
            [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1

In conclusion of this post, let’s go over some key takeaways from the perspectives of site1-dist and site1-access1 now that multi-area OSPF has been configured throughout the topology.

site1-dist

  1. In the output of “show ip protocols”, the list of routing information sources has decreased to the following. The reason for this is because site1-dist now has interfaces in area 1 as well as area 0. Routing information will only be seen as sourced from routers within area 1 and area 0.
    • 10.2.255.255 (site2-dist)
    • 10.3.255.255 (site3-dist)
    • 10.4.255.255 (site4-dist)
    • 10.100.255.255 (core)
    • 10.1.255.1 (site1-access1)
    • 10.1.255.2 (site1-access2)
    • 10.1.255.3 (site1-access3)
  2. In the routing table, any route outside of 10.1.x.x (area 1) and 10.100.x.x (area 0) is seen as an inter-area (IA) route.

site1-access

  1. In the output of “show ip protocols”, the list of routing sources has decreased to the following. The reason for this is because site1-access1 now only has interfaces in area 1. Routing information will only be seen as sourced from routers within area 1.
    • 10.1.255.255 (site1-dist)
    • 10.1.255.2 (site1-access2)
    • 10.1.255.3 (site1-access3)
  2. In the routing table, any route outside of 10.1.x.x (area 1) is seen as an inter-area (IA) route.

Alright, we have multi-area OSPF set up across the topology, but our routing tables still look pretty heavy and cluttered. Well, the base multi-area OSPF configuration just set the stage for the next tool in our OSPF toolbox, which is route summarization. Join me in the next post, and we will leverage route summarization in our area border routers (the dist switch at each site) and shrink the size of our routing tables.

Ep 31 – Tim Bertino

In this episode, we talk to Tim Bertino! Tim is part of the AONE family working on our blog. He is the author and creator of the Faces of the Journey series, and he helps to find, and create, binge worth content for our website. When Tim isn’t working on the blog he is working in the healthcare industry. He shares his journey into IT and then he flips the script and starts asking us the questions!

You can find more of Tim on:
Twitter @timbertino https://twitter.com/TimBertino
His blog: https://netication.com/
LinkedIn: https://www.linkedin.com/in/tim-bertino-99378a62/

Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Single Area OSPF (Post 2)

In this second post of the OSPF Route Optimization series, we take a look at our sample topology network configured with a single OSPF area. We will see that while we have global IP reachability throughout the network, the routing tables are not very efficient, and this design may not scale well. Here is another look at our topology, this time showing that the routers in the entire network are all members of the backbone area, OSPF area 0 (zero).

In the following “show” output, we will take a look at the OSPF related configuration for site1-dist and one of the site1-access switches. Remember that in this topology, we are working with a routed access design, so the virtual routers for the client subnets live on the access-layer switches. Rather than using SVIs at the access layer, for this demonstration, we are leveraging loopback interfaces to simulate client routers (each access-layer switch has three client subnets). By default, the loopback OSPF network type will only advertise a /32 host route, so for this demonstration, the OSPF network type on the loopback interfaces has been changed to “point-to-point”. By doing this, although they are loopback interfaces, the full /24 subnets will be advertised.

site1-dist

site1-dist#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 57 subnets, 3 masks
C 10.1.200.0/30 is directly connected, GigabitEthernet0/2
C 10.1.200.4/30 is directly connected, GigabitEthernet0/3
C 10.1.200.8/30 is directly connected, GigabitEthernet1/0
C 10.1.255.255/32 is directly connected, Loopback0
C 10.100.0.0/30 is directly connected, GigabitEthernet0/1

site1-dist#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.255
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
GigabitEthernet1/0
GigabitEthernet0/3
GigabitEthernet0/2
GigabitEthernet0/1

site1-access-1

site1-access1#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
C 10.1.11.0/24 is directly connected, Loopback11
C 10.1.12.0/24 is directly connected, Loopback12
C 10.1.13.0/24 is directly connected, Loopback13
C 10.1.200.0/30 is directly connected, GigabitEthernet0/1
C 10.1.255.1/32 is directly connected, Loopback0

site1-access1#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
Loopback11
Loopback12
Loopback13
GigabitEthernet0/1

site1-access1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.255.255/32
[110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1

You can see the large size of the access-switch routing table in the “show ip route ospf” output at the end. OSPF, like other routing protocols will provide you global reachability, but when left to default settings, it can quickly become cumbersome. In the next post, we will bring out the first tool in our OSPF optimization toolbox, which is leveraging multiple areas.

Ep 30 – Mental Health

In this episode, the boys take a moment to talk about mental health. They stress how important it is to take time and make sure to take good care of your mental health. If you’re going through difficult times it’s okay. It’s okay to have feelings and emotions, don’t hold that stuff in. As always, seek medical help if you’re struggling.

Ten Percent – Meditation App and Podcast https://www.tenpercent.com/
Waking Up – Meditation App https://wakingup.com/

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

OSPF Route Optimization – Background (Post 1)

When it comes to global reachability within an organization, dynamic routing is a beautiful thing. There are multiple internal gateway protocols (IGPs) out there, but in this series of posts, we are going to focus on OSPF. Taking this focus a step further, we will go through IP/subnet design and routing table optimization.

As with any task in network infrastructure, you need to understand your requirements before you can develop and present a design. With dynamic routing implementation, once you understand your requirements, then comes the fun part of design. To me, it’s not just picking a protocol and off you go. You will want a routing domain that is simple, efficient, and scalable. The foundation for these pillars is IP address/subnet design.

Simplicity – Being able to quickly understand a network from a Layer 3 perspective is important when it comes to operations, troubleshooting, and future design. Having a well thought out IP scheme is essential.

Efficiency – Proper IP design allows for route summarization, which leads to smaller routing tables. This is good for both the routers and the network staff. The routers can perform lookups efficiently and the administrators/engineers can more easily understand the routing table. A happy engineer equals a happy network, right?

Scalability – This feeds off of efficiency. Summarization and smaller routing tables can scale well with the organization.

In this series of posts, we will go through an OSPF design example progressing from single area to multi-area OSPF to optimize routing tables throughout the OSPF domain. The topology itself is a simple hub and spoke design with a core at the “hub” connects to multiple outlying sites as the “spokes”. Each spoke has a distribution layer switch with three access layer switches connected to it. This is a routed access design with IP routing all the way to the edge (access layer). This means that we do not have VLANs trunked between the distribution and access layer. In “traditional” routed networks, a strong, well thought out IP address design is incredibly important for efficiency and scalability. I put “traditional” in quotes because software defined networks with overlay technologies are really changing the game when it comes to routing and IP address design. Throughout this series, we will be thinking in terms of a traditional network exclusively.

With IP address design in mind, I decided to set up each site with its own /16 IP network. Each access layer switch has three subnets of the respective /16s attached, that are participating in OSPF. The reason behind this is for summarization and routing table efficiency and scalability. This will be seen and explained throughout this series. In the next post, we will see this topology built out as a single OSPF area to see that improvements can be made to support efficiency and scale.

As a refresher for this series, here is a list of OSPF LSA types:

  • Type 1 – Router LSA
  • Type 2 – Network LSA
  • Type 3 – Summary LSA
  • Type 4 – Summary ASBR LSA
  • Type 5 – AS External LSA
  • Type 7 – NSSA External LSA

Ep 29 – Cable Guys

In this episode, Andy and Aaron discuss their experiences as cable guys and how they contributed to their current IT positions. You’ll hear about the varied skillsets they obtained as cable technicians and how being a cable guy can be a great introduction into the technical arena.

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

scapy or not, here I come!

                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.3
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | Craft me if you can.
       scccccp///pSP///p          p//Y   |                   -- IPv6 layer
      sY/////////y  caa           S//P   |
       cayCyayP//Ya              pY/Ya
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
                                       using IPython 7.11.0

I came across a pretty cool tool during the first part of section 3 of my SANS503 course: Scapy. Using this tool you can do many things, for example, read in packets, edit packets and create entirely new packets just to name a few.

The easiest way to get started it to just type out ‘scapy’ from your Linux cmd prompt and it’ll drop you into a what looks like an interactive python interpreter.

>>>   

From here, you can begin to craft your packet[s]. To do this, you’ll create your packet by specifying values layer by layer. For example, you’ll give arguments for your Ethernet layer, IP layer and application layer. I like to use the built in functions to see what’s possible within a specific layer and view the specific syntax i’ll need:

>>> ls(Ether)                                                                                                           
dst        : DestMACField                        = (None)
src        : SourceMACField                      = (None)
type       : XShortEnumField                     = (36864)

Not that we need to put values in this field as scapy is smart enough to use our own IP stack to fill in the layer two values, with that being said, if we are going to create a packet we still need Ethernet headers. For the sake of this post, lets put some values in there cause it’s fun! Here’s how we do that:

>>> e = Ether(src="11:22:33:44:55:66", dst="77:88:99:AA:BB:CC")

Since we used the ls(Ether) function we know the exact syntax to use when creating our ‘e’ variable, specifically ‘src’ and ‘dst’ in this case. We can simply type our new variable ‘e’ to see it’s contents:

>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>

Next up, let’s build our IP header, again, the easist way to get started and make sure you know the correct syntax is to use the call the ls(IP) function:

>>> ls(IP)                                                                                                              
version    : BitField (4 bits)                   = (4)
ihl        : BitField (4 bits)                   = (None)
tos        : XByteField                          = (0)
len        : ShortField                          = (None)
id         : ShortField                          = (1)
flags      : FlagsField (3 bits)                 = (<Flag 0 ()>)
frag       : BitField (13 bits)                  = (0)
ttl        : ByteField                           = (64)
proto      : ByteEnumField                       = (0)
chksum     : XShortField                         = (None)
src        : SourceIPField                       = (None)
dst        : DestIPField                         = (None)
options    : PacketListField                     = ([])
>>>     

Now we know the syntax for each part of the IP packet when we create our new variable. Let’s just specify the ‘src’ and ‘dst’ and leave every other value the scapy default.

>>> i = IP(src="10.0.0.1", dst="192.168.0.1")                                                                           
>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i                                                                                                                   
<IP  src=10.0.0.1 dst=192.168.0.1 |>
>>>       

Alright, now we can go up one layer and decide whether we want our packet to have a TCP or UDP header. Feeling inspired by a David Bombal tweet asking a question about traceroute, let’s go the UDP route. Checking out the Cisco documentation it looks like a traceroute is sent via UDP port 33434. If you’ve followed the post this far you should know the drill, let’s ls(UDP) to see what our options are and syntax to use when creating our variable for this header:

>>> ls(UDP)                                                                                                             
sport      : ShortEnumField                      = (53)
dport      : ShortEnumField                      = (53)
len        : ShortField                          = (None)
chksum     : XShortField                         = (None)
>>>    

A couple of things to note at this point. First off, scapy will compute a correct checksum when we end up creating our packet if we don’t specify a value. Secondly, isn’t this fun?! Let’s create a UDP header with the variable ‘u’ and specify simply the destination port in accordance with traceroute documentation and leave everything else the scapy default:

>>> u = UDP(dport=33434)                                                                                                
>>> u                                                                                                                   
<UDP  dport=33434 |>

Last but not least we need an ICMP header to complete our crafted traceroute packet. I’m just going to create the header with scapy defaults throughout.

>>> icmp = ICMP()                                                                                                       
>>> icmp                                                                                                                
<ICMP  |>

I just remembered, if we are going to be ‘crafting’ a traceroute packet we will want to specify the TTL of 1 to start off, we don’t want to keep the default TTL. In order to do this we have to know which header specifies this value. It’s questions like these that I think crafting random packets really shines. We are getting to hammer down on layering, what’s in each header and soon we will be putting all those layers together. Before I get too happy let me go in and change the TTL in the IP header:

>>> i.ttl=1                                                                                                             
>>> i                                                                                                                   
<IP  ttl=1 src=10.0.0.1 dst=192.168.0.1 |>

Before we put it all together let’s take a look at everything we’ve done to this point in the order we will soon specify when we create our packet.

>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i                                                                                                                   
<IP  ttl=1 src=10.0.0.1 dst=192.168.0.1 |>
>>> u                                                                                                                   
<UDP  dport=33434 |>
>>> icmp                                                                                                                
<ICMP  |>

Remember that the order is important because we can tell scapy to smash these together however we want, but if we do that, devices won’t understand our packet. To put all our headers together we will use the variable ‘packet’ and ‘/’ between each variable.

>>> packet=e/i/u/icmp                                                                                                    
>>> packet                                                                                                               
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 type=IPv4 |<IP  frag=0 ttl=1 proto=udp src=10.0.0.1 dst=192.168.0.1 |<UDP  dport=33434 |<ICMP  |>>>>                                         

One last thing, to close this post out, let’s export the viable ‘packet’ as a pcap file and then read in that file with tcpdump. If you need an intro on tcpdump I wrote a quick intro as my first attempt at a ‘technical’ type post a few weeks ago. We write our packet to a file using the wrpcap function:

>>> wrpcap("/tmp/trace.pcap", packet)                                                                                   
>>> exit()   
$ tcpdump -r /tmp/trace.pcap -xXve
reading from file /tmp/trace.pcap, link-type EN10MB (Ethernet)
19:21:03.223806 11:22:33:44:55:66 (oui Unknown) > 77:88:99:aa:bb:cc (oui Unknown), ethertype IPv4 (0x0800), length 50: (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto UDP (17), length 36)
    bigASSpoop.comcast.net.domain > 192.168.0.1.33434: [|domain]
	0x0000:  4500 0024 0001 0000 0111 ef1e 0a00 0001
	0x0010:  c0a8 0001 0035 829a 0010 b254 0800 f7ff  
	0x0020:  0000 0000                                                     

We can see our source and destination MAC addresses have been inserted and it looks like my source IP got changed but the destination IP with the correct source port of 33434 like we specified are there and we can also see that the ttl is 1 like we specified. Hope you enjoyed this little walk through and are excited enough to dig into some reference docs and see all the things you can do with this application. Till next time!

Ep 28 – Before we got into IT

In this episode Andy and A.J. discuss the jobs they had prior to getting into tech, and the decisions that ultimately led them to an IT Career path. You’ll hear the paths we almost took, why we ended up not taking them, and how Andy burned a car to the ground. Yeah you read that right.

Aaron has been busy but rest assured he will return soon, and Dan lost power just before we were scheduled to record. Life happens. Enjoy this episode from A.J. and Andy.

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

new snort rule, who dis?

The third section of my SANS503 course has a huge section, the second biggest of the entire course, dealing with some 110+ slides on snort. I’m not here to give you the history of snort, IDS/IPS placement within your enterprise or any of that, instead I just want to introduce you to the basic structure of a basic snort rule. The most important thing to takeaway from snort rules is that there is no concept of ‘or’ within a rule. It either matches and does the action or it doesn’t.

First things first, if you’re going to create your own custom rules you’ll specify the location of this file in your overall snort configuration file [snort.conf] which is by default ‘local.rules’. At this point you will have to decide upon which text editor you will use to create and edit your new rules. This can become a contentious conversation for some. For me:

vim local.rules

A rule consists of two main parts, a header and a body. The header is mandatory and the body is not. There are seven mandatory options in the snort rule header:

Action | Protocol | SourceIP | SourcePort | Direction | DestIP | DestPort
-------|----------|----------|------------|-----------|--------|----------
alert  | ip       | any      | any        | ->        | same as| any
pass   | tcp      | IP       | #          | <>        | Source | #
log    | udp      | IP/CIDR  |            |           | IP     |
drop   | icmp     | !IP      |            |           | options|
sdrop  |          | $Variable|            |           |        |
reject |          |          |            |           |        |

The above chart doesn’t outline every option within each category but it should give you a pretty good overview of what’s possible within each spot. Most importantly, I’ll explicitly state that you can define vars in your snort.conf file and use those vars in your snort rule instead of hard coding them in the rule itself.

Here is an example of a header, including calling a variable:

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS

Now let’s dig into the body a bit and go over some common options you may find in a rule body. The first thing we need to do is to start the body, and to do this we use a ‘(‘ after the header. Then notice how the keyword and argument are separated by ‘:’ , ended by a ‘;’ and the body is ultimately closed by ‘)’.

alert IP any any <> any any ( \
     keyword:argument; \
     keyword:argument_1,argument_2; )

Below is an example of some keywords and arguments in an actual rule:

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; \
     content:"SmellsBad", nocase; )

I’m pretty new at writing rules myself, but this is the format I like to use. After starting the body, I like to begin the body on a new line by using ‘\’ and having each keyword and it’s associated arguments having it’s own line. I find this much easier to see what’s going on if you have your rules written like this rather than all on one line. The ‘msg’ keyword will display in the log if this rule matches traffic so make sure you make it useful. Custom rules begin with a ‘sid’ of above 1 million and instead of making a new rule or ‘sid’ when you change something you can increment the ‘rev’ to keep track of the revision number. It’s also good practice to store your old rules, perhaps in a folder called rules.old so that you can rollback to a previous configuration of the rule if needed.

Content is probably the most common keyword to use within a snort rule. It will search for the content within the packets payload. The ‘nocase’ keyword simply tells snort that you don’t care about case and will match any case that matches your ‘content’ argument. You can further optimize the rule by telling snort where to look for the content by using the offset and depth keywords. Offset tells snort where to start looking, with offset 0 being the very beginning of the payload and depth tells snort how many bytes to look in.

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; offset:4; depth:20; \
     content:"SmellsBad", nocase; )

Beyond offset and depth, there are two relative pointers you can use. Distance will tell snort where to start looking for the content relative to where snort left off in your previous content argument. The within keyword is designed to be used with distance to instruct snort how many bytes to examine after it determines the starting point to search.

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; offset:4; depth:20; \
     content:"SmellsBad", nocase; distance:20; within:10)

Now I know there are a bunch more ways to further optimize or specify your rule but this is only an intro to snort rules in general, not a masters thesis. With that said one fun thing to do when adding on to your rule or creating your rule for the first time is to run it against some traffic. If you have a pcap, look at the details of a packet and try to create a rule that will match that traffic.

You can run snort on a pcap by using the ‘-r <filename>’ option and then point to your snort conf file with the ‘-c <filename>’ option. Furthermore you can specify a filename for your log using the ‘-l <filename>’ option:

snort -r http_extract.pcap -q -c etc-snort/snort.conf -A console \
     -l rule_test.log

One last tip, when creating your rule it’s a good idea to create it line by line. After you add a line, specifying your rule further, test it against the traffic it’s designed to alert and make sure it’s still working they way you want before moving on. This makes troubleshooting your rule easier than if you go all out creating a multiple line rule and then realizing your rule isn’t catching traffic.

If you have further tips, feel free to leave a comment to let me know. I’m just starting myself and understand this is the best time to start building good habits 🙂 Till next time!

Ep 27 – CCENT Emeritus

In this week’s episode, Andy and Aaron are absent, so it’s the Dan and A.J show! Dan and AJ talk about living in rural areas and the various challenges it can pose to the job market. They set the stage by talking about population sizes in their area and compare it to other areas, and then they discuss the related effects that can have on the job market. We also discuss the pros and cons of staying at one employer vs having multiple jobs.

For more info on the JNCIA-Junos exam checkout: https://www.juniper.net/us/en/training/certification/certification-tracks/ent-routing-switching-track/?tab=jnciajunos
ESOP – Employee Stock Ownership Plan
Switchback Brewing – https://www.switchbackvt.com/
Find a VMUG in your area! https://www.vmug.com/home

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Protecting stored Cisco IOS passwords

This article first appeared on Andrew’s blog – andrewroderos.com

As many network professionals know, Type 0 (cleartext) passwords are a big no-no. With that said, Cisco introduced Type 7 and 5 passwords in the early 90s to protect stored passwords.

However, after more than 25 years, the Type 7 password type no longer serves its original purpose of keeping the password secret. That said, it is best practice to avoid it as much as possible.

Nowadays, the majority of network professionals know and use Type 5 passwords. While Type 5 is still sufficient with a strong password, did you know that it seems Cisco has deprecated it in favor of the new hashing algorithms?

Find out more about the new hashing algorithm here. In this article, I also demonstrated how to launch a dictionary attack on the hashing algorithm.

Ep 26 – Goal Hacks

A.J., Dan, and Andy talk strategies for tracking progress on goals. As always, we get off the main topic but we cover a lot of great stuff in this episode, like how to properly use flashcards, using practice exams as a tool, and not waiting until just before your scheduled exam. We also celebrate breaking 30K downloads! All because of ya’ll!

Andy covers the Star-Spangled Banner – https://www.youtube.com/watch?v=azH9bXy2Ojg
A.J. sherpa lined hoodie from LL Bean
Andy’s heated sweatshirt – https://amzn.to/2XqQYjB
Make it stick – https://amzn.to/3seX98T
The AONE Merch store – https://artofneteng.com/store
Andy talks to the winner of his home lab – https://www.youtube.com/watch?v=G2OyMLmcaXs
Anki Flash Cards – https://apps.ankiweb.net/
Alternate iOS (Free) Anki App – https://apps.apple.com/us/app/ankiapp-flashcards/id689185915

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

PIONEERING BLOCKCHAIN TECHNOLOGY BY BECOMING A NETWORK ENGINEER

Bitcoin continues to be pioneering as the currency continues to hit all-time high every new season, particularly in 2020.. As at the time this article was written. It currently trades at $26,765. But one of Crypto’s interesting applications is not that individuals trade it to become richer. It’s about solving big challenges that make money for you. It’s about turning capitalist greed (the burden of making payment across countries) into unselfish open-source software.

Crypto doesn’t really have the best rep in the tech world, just about the same thing that happened when the internet started. But Crypto is just a slice of the cake. People often don’t talk about the technology in which Crypto is built upon, that is called “Blockchain.”

The term “Blockchain” always comes to my mind when I hear or read the word ” Cryptocurrency.” But the media frequently correlates “Cryptocurrency” with “illegal transactions.”

In this article, we will briefly examine how valuable the implementation of blockchain technology is being developed, as well as how this offers an enormous opportunity for individuals who study Network Engineering.

With Blockchain What Can You Achieve?

Beyond cryptocurrency, there are interesting things you can achieve with a blockchain:

  1. A Data Which Does Not Change: A company like Twitter is a privately owned social media company. This means that the data can be changed at any time by anyone who has access to the company’s admin database. Unlike a company like Twitter and other Web 2.0 companies, a blockchain is owned by no one, meaning that no single owner can serve as a single source of information for other users.
  2. Digital Scarcity: In a blockchain network, data may be owned by other users, but cannot be copied and distributed to other users. This gives value to an asset the user owns.
  3. Payments: Since cryptocurrency has been integrated into the blockchain, sending valuable assets in the form of tokens such as Bitcoin, Ethereum, etc. has been made possible and smooth.
  4. User Identification & Data Privacy: This one marvels me a lot because this is what Web 3.0 (Blockchain Web) is built upon. With user identification, a user is given a single blockchain address to sign into all web pages/web applications on the web. We will talk more about this on the next section. With data privacy, a user can control who has access to their information. For instance, if a user logs off a site, the site owners can no longer access their data directly. Unlike Web 2.0 in which the site owners have user credentials stored in their database.

Web 2.0 vs Web 3.0

With Web 2.0 a user has multiple means of identification on the internet. They can also have multiple identification to the same website. One user can have a G-mail, iCloud, or an outlook user identification.

Figure 1: A User with Multiple Identities

But with Web 3.0 which leverages blockchain, the case is different.

On Web 3.0, different blockchain have their network, their community participants and a software which acts as a wallet & form of identification for accessing this network. The most popular blockchain network at the moment is the Ethereum network and it is powered by a popular software called Metamask. This means that on an Ethereum network, they are several websites inside the network. And to log into each of these websites, users only need a single Ethereum blockchain address.

Figure 2: A User with A Single Identity Accessing Multiple Platforms
Figure 3: A User (Me) Accessing a Platform on Web 3.0 With a Blockchain Address

Payments on eCommerce websites are also made with the cryptocurrency of the blockchain network.

Figure 4: A User (Me) Trying to Purchase an Artwork from an E-commerce Website on Web 3.0 Using My Blockchain Address

Users can even build their network, with its own cryptocurrency. That is why you see new cryptocurrencies every day.

Okay, if you are non-IT reader who just wants to know what the future web you might be using soon will look like, you can stop here. One interesting value I feel blockchain is bringing in the telecommunication industry is a proof of location protocol.

FOAM Proof of Location Protocol

Okay, when I say FOAM, I don’t mean the comfy soft material used in making beds. FOAM is a startup who is providing value for people who think that they deserve to have control over who get access to their locations at all time.

For satellites to get the location of a device who has a GPS installed, the GPS sends a signal to the satellite 🛰️, then the satellite calculates the difference in time of arrival, and distance of this signal.

Figure 5: A Satellite Determining the Location of a Device

The FOAM protocol also applies this approach of using four objects (called Zone Anchors) with specialized IoT hardware so they can synchronize themselves over the radio signal they are receiving from the device which came into the area.

Figure 6: Zone Anchors Determining the Location of a Device
Figure 7: Specialized FOAM Zone Anchors Being Installed in Brooklyn, New York

In case you are wondering, why does the satellite or the Zone Anchors have to be four to locate an image?

As each data from one satellite places you in a bubble around the satellite, you need four satellites. You can narrow the possibilities to one single point by evaluating the intersections.

Figure 8: How a Satellite locate an Object

Drawbacks with Depending on GPS

  1. It has a single point of failure, which are satellites. The New York stock exchanges use GPS to automate trades, ATM and card transactions require location data, all transportation machines use GPS, etc. So, having redundancy is extremely important.
  2. It’s susceptible to signal jamming
  3. A GPS received can be deceived with a wrong GPS signal

How Does FOAM Blockchain Provide Opportunity for Network Engineers

This location-based protocol implementation using blockchain proves that a time where all things will be connected securely with 5G is bright and approaching rapidly. And it provides countless opportunities for people who will study network engineering because these engineers will be the one configuring and maintaining these devices.

The first step to starting this journey, is by taking the Cisco Certified Network Associate (CCNA) exam. This is because this certification has a low barrier to entry, it provides a positive force in the society (IoT, Blockchain, etc.), and lastly it has a global impact.

Another reason is that this implementation proves that blockchain technology is promising, and blockchain uses distributed system technology which will sky rocket with 5G, meaning that a lot of automation will be achieved. Network engineers have begun taking on automation, by studying the Cisco Development Network Associate (DEVASC) you have the opportunity to be skilled enough to take on this new opportunity.

Additional Reading & Resources

Apply & Win a complete CCNA kit from The Art of Network Engineering Team

Ep 25 – 2021 Goals

In this episode, the guys discuss goal setting and their goals for 2021. Join them and let us know what you’re committing to in 2021. Hit us up on Twitter @artofneteng or use the hashtag #aone.

This episode is available in video format on our YouTube Channel! Check it out: https://youtu.be/trxfYItKYNA

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

tcpdump filters, an intro

When learning, I often try to do as my teacher. For example, when I went through Kirk Byers free network automation course he used Vim exclusively which meant I got to get pretty comfortable with it myself. Now that I’m on to day 2 materials of my SANS SEC503 course I find myself getting deep into tcpdump. In day 1 a lot of things could either be done with Wireshark or tcpdump but in day 2 there is a bigger emphasis in getting the most out of tcpdump. The instructor seems to really fancy utilizing tcpdump filters over looking things over in Wireshark so I might as well buckle down and do as my instructor once more! Furthermore, as I’ve experienced in person and discussed in this class, attempting to open a very large pcap in Wireshark is most likely not to go well. Instead, we should be able to narrow our search and extract a smaller subset of data in tcpdump before we open it up in Wireshark. What better way to grasp the material than attempt to explain it! Strap in!

To get to where we need to I will need to introduce a few things before we get our hands dirty using filters in tcpdump. To start, let’s explore one of the most famous interview questions, at least at the junior positions in tech, the tcp 3-way handshake. Below is Figure 7 from RFC 793, Transmission Control Protocol.

      TCP A                                                TCP B

  1.  CLOSED                                               LISTEN

  2.  SYN-SENT    --> <SEQ=100><CTL=SYN>               --> SYN-RECEIVED

  3.  ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK>  <-- SYN-RECEIVED

  4.  ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK>       --> ESTABLISHED

  5.  ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK><DATA> --> ESTABLISHED

          Basic 3-Way Handshake for Connection Synchronization

We can see 2 flags being sent along with sequence and acknowledgement numbers to establish the connection, namely, SYN and ACK.

SYN – Session init request by client
SYN/ACK – Server response to SYN, reflecting a listening port
ACK – Acknowledge data, flag should be set on every packet afer the init SYN

Now let us look at the TCP Header to examine where these flags exist, also taken from RFC 793.

TCP Header Format


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             data                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            TCP Header Format

To understand what we are looking at in the header we must first understand how it is broken down. Each number across the top numbering 1 – 8 represents 1 bit. 4 bits = 1 nibble and 2 nibbles = 1 byte. For example, the first field titled ‘source port’ is 2 bytes/4 nibbles/16 bits long.

The next thing we need to understand before we dive into tcpdump is offset numbers. When looking at the tcp header diagram above, starting in the top left corner, every byte will be one offset starting with 0. Thus, if we look at ‘source port’ it’s contents take up both offset 0 and 1. Offset 0 would by the high order byte and offset 1 would be the low order byte for the ‘source port’ part of the TCP header.

Explaining high order vs low order could be a post of it’s own i suppose, but for our purposes here i’ll try to summarize it into two sentences. If a number is on the left it is usually of more importance in that it effects the overall number more than a number on the right. If you change a number in the tens place [left] you cause more overall change than if you change a number in the ones place [right].

To get back to the TCP handshake, we can see all the flags are located in offset 13. Again simply count each byte starting at 0 from the top left to find out your offset number.

TCP Header Byte Offset 13 [1 byte/2 nibbles]

CWR | ECE | URG | ACK | PSH | RST | SYN | FIN

Besides SYN and ACK we find the following additional flags:

PUSH – Send data
URG – Signal for out-of-band data
FIN – Graceful termination
RST – Immediate termination
ECE, CWR – Explicit congestion notification related

Alright, now that we have a bit of background taken care of let us get to our first problem to solve. Use tcpdump commands to find TCP establishment attempts from clients to servers. From this filter we will be able to derive things such as what server ports did the clients attempt to establish a connection with.

First part of the question, find TCP establishment attempts, this would require the SYN bit be set to be turned on. In the following i’ll show you what this will look like in offset 13. First in binary and then converting to hex which we will need for our tcpdump filter.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  0  |  0  |  0  |  1  |  0
          0           |           2
                    0x02

Thus, our first tcpdump command and filter will be a variation of:

tcpdump -r <file.pcap> -nt 'tcp[13] = 0x02'

The ’13’ is the offset within the tcp header we are matching and ‘= 0x02’ means that we are only matching to the SYN packet being set which I think is easy to visualize when looking at the binary conversion we did above. The tcpdump option of ‘-r’ is simply reading the file that follows meanwhile ‘-n’ suppresses hostname lookups and the -t option hides the timestamps in the output.

Sample output from a single matched packet:

IP 192.168.10.59.55796 > 192.168.10.7.25: Flags [S], seq 2766660809, win 29200, options [mss 1460,sackOK,TS val 86960251 ecr 0,nop,wscale 7], length 0

In this request, we can see that the client attempts to connect via port 25

Let’s say we to run through the entire pcap file, pull out the port numbers and only display the unique ones we could run the following:

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x02' | cut -f 4 -d ' ' | cut -f 5 -d '.' | cut -f 1 -d : | sort -n | uniq -c
reading from file <filename.pcap>, link-type EN10MB (Ethernet)
      32  25
      32  53
      384 80
      15  445
      2   999
      1   4444

The cut tool is a fast way to parse text in linux. The -f option specifies which fields you want to capture while the -d option specifies what separates the fields. I created the above command by cutting up the first 20 packets till I got what I was looking for and then ran my filter on the entire file. To limit the amount of packets in the file you can use either the -c [number] option on tcpdump or | head.

To solidify our understanding let’s try to see the servers response or in other words, the classic SYN ACK.

To visualize what we need to do in our tcpdump filter let’s break it down to what that would look like in offset 13:

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  1  |  0  |  0  |  1  |  0
          1                       2
                     0x12

Above, we’ve turned on the ACK and SYN bits in accordance with the tcp header diagram. Translating both nibbles into hex we end up with 0x12 and thus our filter would look like ‘tcp[13] = 0x12’

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x12'
reading from file <filename.pcap>
IP 192.168.10.7.25 > 192.168.10.59.59756: Flags [S.], seq 2725832514, ack 2766660810, win 28960, options [mss 1460,sackOK,TS val 85610818 ecr 86920651,nop,wscale 7], length 0

In tcpdump a SYN ACK will be displayed as ‘[S.]’ in the flags section. If you wanted to cut out the specific ports you can use the -c of tcpdump of the first 10 entries until you get your cut filter displaying what you want like we did in the first example but I won’t demonstrate that again here.

Did you know we can use a mask with our search filter in tcpdump?!  Amazing right! This is what actually prompted me to write a blog about tcpdump filters in the first place. As you can see it took a bit of work to make it to this point but here is where things get fun.

Let’s say you wanted to create a filter that will display all packets that has either a FIN or RST flag set.  In other words, we want to look at all the termination packets.

To do this, we want to have a mask that will ignore all of the bits except for what we care about, namely, RST and FIN. In the following I’m going to write out the same visualization I did when we came up with the mask above except I’m going to put an ‘x’ instead of a ‘1’ on our important bits.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  0  |  0  |  x  |  0  |  x
          0                       5
                     0x05

Since we are still in the 13th offset of the tcp header that remains the same. We attach our mask with the ‘&’ operator.

tcpdump -r <filename.pcap> -nt 'tcp[13] & 0x05 != 0'
reading from file <filename.pcap>
IP 192.168.10.61.57956 > 192.168.10.7.25: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 86920662 ecr 85610828], length 0

‘!=’ simply means not equal to. In this specific case we are saying if either of the bits we care about are turned on or both of them are turned on, we want to see them. In the tcpdumps flag section a termination will show either [F.] or [R.]

For our final act let’s write a filter to match on TCP connecting on port 25 with both PUSH and ACK flags set and any other flags maybe set. You can tell hopefully just by reading this that we will need to use a mask since we see a ‘maybe’ in our problem statement.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  x  |  x  |  0  |  0  |  0
          1                       8
                     0x18

Since we want both flags to be set, not either, we won’t use ‘!= 0’ instead we will make it ‘= 0x18’

tcpdump -r <filename.pcap> -tn 'tcp dst port 25 and tcp[13] & 0x18 = 0x18'
reading from file <filename.pcap>
IP 192.168.10.61.59756 > 192.168.10.7.25: Flags [P.], seq 15:108, ack 118, win 229, options [nop,nop,TS val 86920654 ecr 85610820], length 93: SMTP: MAIL FROM:<andre@bigpoop.net> SIZE=424

‘tcp dst port 25’ is a macro, meaning it can be run it as is instead of writing out which specifc bit in a offset needs to be on or off to work, someone wrote out a macro to make it easier. One other thing to notice in the filter above is that we used ‘and’ to connect the macro with our other search parameter and mask. So you can connect two search parameters with ‘and’ and you connect your search parameter with your mask with ‘&’

Let’s say you didn’t know the macro existed, you could look at the TCP header and see which offset the destination port is. Go ahead, go and count from the top left, each byte and see if you can get the correct offset numbers. Did you get it? Destination port numbers are set in offsets 2 and 3 and to get up to 25 like the original question asked above we only need the low order byte, offset 3.

So instead of writing ‘tcp[13]’ like in all of our previous examples remember that we are in offsets 2 and 3 here. The following is the logical equivilant to ‘tcp dst port 25 and tcp[13] & 0x18 = 0x18’ The purpose of this section is just to specify what is happening under the hood so to speak when you write out ‘tcp dst port 25’

'tcp[2] = 0x00 and tcp[3] = 0x19 and tcp[13] & 0x18 = 0x18'

Also, as is the case in many different aspects of IT, there is more than one way to accomplish the same task. In this case, instead of using ‘tcp[3] = 0x19 and tcp[2] = 0x00’ we can shorten this up as ‘tcp[2:2] = 0x0019’ which means we are starting at the 2nd offset and matching the next 2 offsets.

It’s been pretty fun learning about packet headers, hex and binary conversion, creating filters to include masks as a tcpdump filter option. The best part about learning about packet headers is that you can do so pretty easily. Tcpdump and Wireshark can be installed simply and support is everywhere. You can start capturing your home lab within a few minutes! Also, networking instructors like Nick Russo have made pcaps highlighting certain types of traffic publicly available. I’m planning on updating my progress as it relates to filters as I dive deeper into SEC503. I hope you’ll join me 🙂

Ep 24 – From the Cab to TAC

In this week’s episode we talk to Mansoor. Mansoor works as Cisco TAC HTTS – (High Touch Technical Support) Technical Consulting Engineer dedicated to Google and AT&T. Mansoor started out working in NYC as a Cab driver and eventually found his way into IT.

Todd Lammle CCNA Book – https://amzn.to/38rksmF

Mansoor’s LinkedIn – https://www.linkedin.com/in/mansoor-alam-90b54545/

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Network Adjustments – Reflecting back on 2020

We are about to wrap up a year where the word “unprecedented” has been heard and read by each one of us dozens of times. You’ll hear it once more from me. Many of the plans we made last year were derailed. Families and jobs have been affected. The world has been in turmoil. Even though so much has happened, we have adjusted. We’ve found ways to continue moving forward and that is where we have found our strength, in the adjustment. As people working in IT, we know more than anyone that things can change at the last second. Even when projects seem to be going right on track, a last-minute call can take the team in a different direction. I just wanted to write about two ways IT has adjusted during this unprecedented year. There is value in being able to measure, adjust, and make the change.

BasementVue

Over the years I’ve taken certification tests and they have all been in a quiet controlled environment. I expect to show up, jam my personal belongings into a small locker, and do my best not to make eye contact as I walk to my isolated test center PC. If you’ve taken a certification test, that has most likely been your experience. However, if you have recently taken a test it has probably been in a makeshift test center you created at home. This year I took my Palo Alto Certified Network Security Engineer (PCNSE) exam at home. I could hear the water coming down the pipes above me as the kids took their shower. It was…different. I taped a paper on the basement door that said “Do Not Open – Taking Test!!!” As instructed by the test engine instructions I took pictures of my entire area, submitted them, and waited for the test to begin. I am not sure how many minutes went by, but it felt like the test would never start. I am not sure if that was just me, but I tried not to click on anything just in case. The entire time my mind kept racing “What do I do if my internet starts having issues?” “What if the kids think dad is playing hide-and-seek?” It did not happen though. No fiber cuts and my wife kept the children entertained upstairs. I passed the test. It was different than driving in to the nearby college test center, but it was comfortable. I’d do it again even as things continue to normalize. Or until the fiber cut happens. As you continue to study for your certs, know that taking a test at home is a perfect way to add a win. Depending on your situation, you might not be able to sit at home and take a test.

Short Commute

As the pandemic continued to impact the world, businesses sent their workforce home. Schools were forced to jump into the world of distance learning. Church services were now video-only. For many, it was like an unexpected bucket of cold water being dumped on them. Everyone was scrambling to figure out how to keep things going remotely. IT teams all over the world were at the center of that change. I found myself looking at redundancy and security. While we were not fully remote prior to the pandemic, the framework was already there and being used. Once our offices were told to stay remote, we began to make sure our services were redundant between data centers. A single failure could disconnect our users. We had to ensure the services people used on-prem were available to all. It led to many meetings, change requests, and work. In the end it made the business stronger. These are the opportunities where IT needs to take to come up with solutions that the business can latch on to. How can you help the business adjust? 2020 has opened the eyes of many business globally. Remote work was something that many businesses did not subscribe to or did not know how. Today we are finding out that we can run at the same pace if not faster remotely. As a network engineer, unless I need to physically touch something, I can do my work from anywhere in the world. Being remote has not only extended our network’s reach, it has also placed our focus on security. With people not centralized in offices behind firewalls and other protections, teams have had to figure out how to secure those users while they are at home. A user sitting at home might be a bit more comfortable and let their guard down. Security training, endpoint protection, multi-factor authentication and DNS security existed, but now they really needed to be paid attention to.  Things might eventually go back to normal or they might not. No matter what your business decides to do, be prepared to adjust and provide those needed solutions.

Your guess is as good as mine for what next year will bring. 2020 has been one for the books. One that none of us will easily forget. However, no matter what happens next year always be prepared to adjust. Things can change in minutes and how you react matters. There is value in adjustment.

Ep 23 – of IT

In part two Keith shares insights on how he studies! He recommends reinvesting 2-3% of your income back into yourself, used for video training, lab equipment, and other study materials to help you grow. He goes on to discuss how he stays motived and the rest of the group jumps in. Keith also makes the crew commit to a personal challenge!

Keith’s book recommendation, Atomic Habits: https://amzn.to/3oVYz5s

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!
https://www.amazon.com/shop/keithbarker

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Starting Over

Standing at the bottom of the mountain looking up is where I find myself yet again.

I joined the Air National Guard full-time in the summer of 2018, 36 years old and beginning what is my 4th, 5th or 6th career or life stage so to speak. Getting back into IT wasn’t something I planned on, instead, I found myself at a pretty ‘OK’ job with benefits going into my mid 30s but not really gaining any transferable skills if I were to lose said job.

Starting as a 3d1x1, or in regular type talk, I was a generalist help-desk person. If you can’t get your email to load, send or save you called my office. If a certain website isn’t loading to your liking, you call my office. If you can’t access a certain file, you contact my office. Basically, if anything doesn’t work to what you’d expect my office would be the first to hear about it. This was my introduction back into IT, and to be quite honest, it was a nice way to be eased back in. I got to see and diagnose a wide variety of issues and learned who did what beyond my scope of responsibilities.

Before long, I started studying networking during my off time. It all started by attending a Cisco CCNA Security Cohort training. This training also came with an ICND1 and CCNA Security exam voucher. I was once CCNA certified way back in 2002 so a lot of old neurons began reconnecting and I was able to make gains rather quickly. In 2019, I cleared CCNA Security, Cloud and Routing & Switching. I moved to Junos and cleared JNCIA Junos, DevOps, Design and Cloud. I did a bunch of other training but nothing that lead to clearing any more certifications yet most importantly, my confidence was starting to grow.

A job opportunity opened up in my organizations infrastructure shop as a 3d1x2 in late 2019 and after a short interview process I was added to the team. Due to being short staffed I worked in both my previous position and my new position for months before being allowed to fully relocate. I got to do a whole bunch of new things, such as, racking and stacking equipment, running cables and on-box troubleshooting/configuration. This was a very fun and welcomed change of pace and yet another opportunity presented itself, a position on my organizations Mission Defense Team. I started on this team, albeit remotely for the most part, about 10 weeks ago.

It is here where I find myself in what feels like the bottom of the mountain again. The Mission Defense Team is a new type of position/shop being developed within the Air Force providing everything a ‘Security Operations Center’ would do. I’m to stand up this shop with five other individuals, of which, most have never been security analysts up to this point. So the task is a large one. We have our equipment but have a lot to learn to truly harness our equipments capabilities.

Where to Start?

There is soooooooo much more to learn to feel like i’m even at the ground level of where I need to be. I read one post that laid out a four year learning plan. Since starting, another thought that continually enters my head is: How does someone jump straight into security. I know security is a ‘hot job’ and what not so a lot of people are going after that money but I can’t for the life of me understand how some ‘starts’ with security. There is so much ground work to be done. In short, it seems like to be proficient, you have to be pretty good at all the things.

Since I’ve been somewhat tied to learning a lot of Cisco due to being on their e-learning platform, I went through their CyberOps Associate training. I found this training to be a great introduction to a Security Operations Center and thought the labs shined as they were the best part and key to learning the basic principles presented.

I’ve also dived into two books:

Network Intrusion Detection, Third Edition by Stephen Northcutt and Judy Novak

– I’ve made it through the first 2 chapters and I really love this book. A lot of the first two chapters was review but the way it was presented with just the slight bits of humer was delightful.

Applied Incident Response by Steve Anson

– I made it to chapter 6 of this book and it was at this point I switched to reading the book just previously discussed. The fact that I switched books doesn’t mean this book is ‘bad’ and I will come back to tackle this one! This book is a bit more advanced and you can really just take your time going through a good three paragraphs as you go on and read all the linked to references.

Where to Go?

pexels-wilson-vitorino-3260090

This is quite possibly the most important question. I’m always tinkering with my ‘study plan’ and how I should go about sharpening my toolset. My work is going to put me through a SANS course, specifically SEC503 which should take up most of my time.

Besides that, I’ve started trying to follow and locate different ‘InfoSec’ people on the InterWebs. Most notably, I’ve started watching a few YouTube video’s on the Cyber Mentor’s page.

What I’d really like to know, and the purpose of this post, is to ask you, the reader, what do you think I NEED to study/do as a person just getting into this security domain? If you have any suggestions, feel free to hit me up on the twitter and let me know. I plan to keep posting along this journey and let you know what mile posts are in the rearview. Till next time!

Exciting Announcement!!!

We are super excited to announce that we’ve been named a finalist in the 2020 Cisco IT Blog Awards, for the category Best Podcast or Video Series!

So what happens now? We need your help to vote for your favorite video series or podcast! To vote go here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180 and vote for your favorites! If you love what we’re doing we would really appreciate your vote!

Winners will be announced in early 2021!

We are so honored for this nomination! In our inaugural year to recieve this kind of recognition is truly amazing! We’ve only been doing this for 6 months! In that 6 months we’ve interviewed some truly amazing people in our industry, we’ve achieved more 26,000 downloads of our podcast, and obtained a listenership of 1000+ clearly devoted subscribers of our podcast. Thank you so much for following, listening, and showing your love for us on social media. All the comments and emails keep us motivated to create new episodes and keep the content coming!

In other categories you’ll find some people you recognize. For the category of Best Cert Journey you’ll find our very own creator/co-host A.J. Murray’s blog, NoBlinkyBlinky! Along side him in that category is recent AONE guest, YouTuber, and CBT Nuggets Trainer – Knox Hutchinson!

In the category of Most Inspirational you’ll find AONE guest author, blogger, Faces of the Journey member David Alicea!

Also featured in the category of Best New Comer – IAATJ Discord staffer, DevNet celebrity, and everybody’s favorite Butcher turned Network Engineer – Chris Dedman-Rollet!

So, as you can see the competition is fierce, and there’s a lot of faces we recognize on this ballot. Please do your part and vote for your favorites today!

Ep 22 – The OG

In this episode, we talk to The OG himself, Keith Barker! Keith, very openly, shares his journey into tech, and then into teaching. Keith also shares his experience obtaining not one, but two CCIEs – and this was all in just part one of this exciting two-part series!

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!
https://www.amazon.com/shop/keithbarker

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Ep 21 – He Automates a LAN Down Unda

This week we talk with Daniel Teycheney, all the way from Australia! Daniel talks about life as a Network Engineer in Australia, the similarities and differences. Daniel is a Network Automation Engineer for a global company. He shares his journey with us, and offers some advice on getting started with your Network Automation journey!

You can find more of Daniel:
Twitter – @DanielTeycheney
Blog – https://blog.danielteycheney.com/
GitHub – https://github.com/writememe/
LinkedIn – https://www.linkedin.com/in/danielfjteycheney/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Faces of the Journey – Carl Zellers

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Carl F. Zellers IV (NO_DTP) was featured on Episode 18 of the Art of Network Engineering podcast. If you follow Carl on Twitter, or interact with him in the It’s All About the Journey Discord community, you would probably think that he has been a network engineer since before he learned to walk. However, IT/network engineering was not Carl’s first career path. After high school, he pursued general education and vocational studies at a local community college. Carl started to feel like a career student, and ended up finishing with an associate’s degree in construction management. He also completed several certificate programs in the same general field of study. While in school, Carl was working for FedEx Express, experiencing corporate structure and many other real-world realities. He felt comfortable with the long term promise he had with the company, but ultimately felt the need for a bachelor’s degree to round it all out. While Carl didn’t feel the bachelor’s degree was necessarily required, it was part of his personal plan. Then, in 2011, a good friend was finishing up a computer science degree and got Carl interested in IT. So naturally, he headed back to school to investigate the opportunities. Three years later, with his AS degree in hand, he found himself leaving a significant opportunity on the table at FedEx to take an entry level managed security services role. This was a very scary move for multiple reasons, but he knew it was the right move, and has never looked back. Then, in 2017, Carl finished up his BS degree. Through his first six years in IT, he has rarely (if ever) said “no” to an opportunity or shied away from something that he knew he could learn from. Carl is now a Senior Solutions Engineer and really enjoys his work and pace of life and study. He gets to be involved in new and emerging technologies as well as work on a wide portfolio of products and platforms. He is a self-proclaimed “lifelong learner” and embraces that as a self-fulfilling (and never-ending) goal.

Follow Carl:

Twitter

LinkedIn

Alright Carl, We’ve Got Some Questions

What did you want to be when you “grew up”?
Age 9 – A pirate.
Age 16 – Totally unsure.
Age 18 – Still not sure, but I was aware of how I would approach my future, and that was simply “hard work”. That was the plan no matter the application.
Age 23 – Career FedEx employee.
Age 26 – In “IT”. I was beginning my journey into IT and didn’t know the job landscape > titles, roles, responsibilities, specializations, etc.

What advice do you have for aspiring IT professionals? Don’t neglect the soft skills. You’re a human being and as such be fluid, flexible, and know how to effectively deliver information to a diverse set of people. You can add so much value to your junior team members, colleagues, seniors, managers and beyond simply by building your ‘best self’. Timely/effective communications, willingness to accept/admit faults, and common courtesies are all a massive part of who you aim to become personally and professionally.

How did you figure out that information technology was the best career path for you? I spent a good deal of time, effort and energy applying my strengths to various disciplines. I’ve always been very good with ‘how things work’. I decided that once I thought IT would be a good fit for me, I enrolled in some courses at my local community college and happened to fall into a networking centric program. In taking these classes, I realized very early on that I really liked networking and was the perfect “work smarter, not harder” type scenario.

What is your strongest “on the job” skill? Critical thinking. Although not specific to IT, it’s my opinion that critical thinking is of the utmost importance, especially in IT. It might translate to the most efficient way to go about a process, or a calculated approach to troubleshooting. The ability to think critically in a myriad of situations is generally what I would attribute most of my successes to both personally and professionally. A great tool/methodology that ultimately, I use as a loose framework for how I approach a situation or absorb advise, just to name a few examples.

What motivates you on a daily basis? I got into IT “late” (at 29 years old). The reason for that is prior to getting into IT, I still wasn’t 100% sure what I wanted to do career wise. Because I was essentially starting my career over at a “later” age, I always felt I needed to keep a pretty aggressive pace in my development. Looking back, I’m glad I did, however that feeling of wanting to continue to learn and experience new challenges has never left me. I value and embrace all that I have learned so far and humbly accept the vast expanse of what is yet to come. I really love learning and contributing which keeps me on a steady trajectory of growth, and in doing inevitably exposes new opportunities!

Bert’s Brief

Carl has quickly become an absolute legend in the network engineering community. His drive for continuous learning and development is truly inspiring. Very often, when scrolling through the Twitter feed, I see Carl answering quiz questions from people around networking topics. As stated in the bio above, he doesn’t shy away from challenges and has a skill for either knowing or being able to figure out how things work, which are incredible qualities for a network engineer to possess. Not only is Carl dedicated to his career and constant education, he is also dedicated to the community. He is often providing insight and assistance in the It’s All About the Journey Discord channels. I remember shortly after I joined the community on Discord, one of the members had questions around a scenario they were facing. Carl got involved by asking questions and providing suggestions and advice immediately. In fact, the conversation went back and forth, on and off, for the better part of a day and Carl stayed engaged with it. I thought that was so cool to see and is a prototypical example of “community”, and the value that Carl provides. His episode on the AONE podcast is one of my favorites to date. Before listening to that episode, in my head, Carl was this network engineering machine that just never turned “it” off and was always in a book or a lab environment outside of work. That’s really not him, though. Yes he is dedicated, yes he works hard, but is also a proponent of the fact that we are all human and need to find the best habits that work for us. We don’t have to be “go, go, go” all of the time to be successful. I really needed to hear that episode. Anyway, if you haven’t already, get to know Carl F. Zellers IV. You will not regret it.

Ep 20 – Top 10 Questions

In this episode the guys answer the top 10 questions about getting started in networking. What study materials should I use? Physical vs. virtual lab? What are some good study habits? And, so much more!

This episode runs a little longer than usual, we had a lot to say.

Sign up for Cisco’s Packet Tracer at https://www.netacad.com/
Visit CiscoPress.com for all your Official Cert Guide needs! https://www.ciscopress.com/
Read more on the Pomodoro Technique here: https://en.wikipedia.org/wiki/Pomodoro_Technique
CCAr – Cisco Certified Architect – Higher than the CCIE. https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/architect/ccar.html
Anki Flashcards – Free flashcard app. https://apps.ankiweb.net/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

The Art of Automation – Getting Started

I imagine if you’re here you just got done with a hellacious week of updating 100’s of switches, 1000’s of config directives, or your fingers are bleeding from hammering away all week. However, you may just very well be more proactive than I was. Automation for me was born out of necessity. Without automation, I think I would have burned out. It’s simple, automation makes my job easier, more rewarding, and manageable. If you’ve decided automation is something you want to learn then this article is for you. I wish this article was the first one I read when I started my journey into DevOps, and subsequently NetDevOps.

First Steps

The first thing I would be deciding on is what is the problem to solve? Next, you need to decide on, what outcome you’d like. For me, it was helping to manage a VMware environment and the array of VM’s within it. It could be as simple as you want to set up a web server in your home lab and that’s alright. Once you start understanding the concepts of automation you’ll see 100’s opportunities to use it.

Now it’s time for you to sink your teeth into the tech, my favorite part. The first three things I would focus on is YAML( YAML Ain’t Markup Language ), Jinja, and Ansible. The first two are large components of Ansible. Therefore will be needed in almost any Ansible Project. YAML is what you’ll use to tell Ansible what to do. However, don’t fear this does not require any software development experience. Here is a brief example of YAML in an ansible-playbook.

- name: Install the latest version of Apache
  yum:
    name: httpd
    state: latest

As you can figure out from the name, this will install the latest version of Apache. It really is that simple, you’re now automating.

Now continuing the example of installing Apache, the next step is configuration. Similarly, we have another tool that can help, Jinja2. With Jinja2 we have a powerful templating engine. In addition here is an example of Jinja for configuring the Apache configuration.

NameVirtualHost *:80
{% for vhost in apache_vhost %}
<VirtualHost *:80>
ServerName {{ vhost.servername }}
DocumentRoot {{ vhost.documentroot }}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
{% endfor %}

Contained within the double curly brackets {{ }} is the name of a variable. Ansible passes these variables to the Jinja engine and then spits out our completed configuration file for us. As you can see this is not software development and something you can learn.

To help you grasp these concepts I recommend you setup a small lab. I found having an ansible host and 2 nodes under its control was useful. You can create these on Centos 7 hosts using your preferred virtualization platform. In my case, I set up a load balancer with 2 web servers behind it using Ansible only.

Running with it

Once you’re comfortable with the basics you could start implementing this at work. If you’re a network engineer you can start with small things such as updating NTP, DNS, even changing a VLAN on a switchport. Eventually, you can move up to more advanced configurations, generating BGP and OSPF configuration with Jinga and using Netbox as your source of truth for configuration data.

A hurdle you may face when bringing these new found skills to work is buy-in from co-workers/managers. Take these situations in stride. I recommend showing them the small things you’ve automated. In addition, show them the time it’s saved. Explain to them how you learned to do it, and why you think they should.

After tackling some of the simpler things in your network it’s time to move on to some more advanced projects. A task I was highly motivated to automate was the provisioning of resources, in my case VMs, and assigning network resources to it ( vlans, addresses, hostname). This required a bit more than Ansible, enter Terraform. However that is beyond the scope of this article, I did create a Git repo showing a simple version of this you can check out. You may also find you like the concepts of NetDevOps so much that you’ll want to implement IaC ( infrastructure as code) to manage your entire network. This offers many benefits beyond simply automation. It allows you to implement development and QA environments for testing changes.

Final Thoughts

I’d like to leave you with some of the final tips, tools, and general advice I’ve gained. Here is a very non-comprehensive list of tools and resources I’ve found that I use quite often if not daily.

  • Validyaml – A CLI tool for validating your YAML files
  • Jinja2-CLI – A CLI tool for validating your Jinja templates and checking the outcome is as expected.
  • Ansible Template Tester – Similar to Jinja2-CLI, just in the browser, sometimes easier to see formatting errors on output.
  • Ansible Docs – Self-explanatory, but this tab is almost always open in my browser.

One of the most important tips I can provide is to find a good community to ask questions. Getting feedback from how others are doing things is important especially with tools such as Ansible. It is a community-driven project that means there are some really smart people willing to help. Most importantly is enjoy the journey, it takes time, it will be frustrating, but you’ll get there. Enjoy the benefits when you do!

Ep 19 – She’s got jobs!

In this episode we speak to our resident technical recruiter, Brittany! Brittany is a Lead Technology Recruiter at Oscar Technology. She focuses mostly on the network industry and primarily helps to fill network engineering related positions. Brittany talks about her process and makes some fantastic recommendations for people seeking new roles as a network engineer.

ITGuyBlake’s Redit post on passing the CCNA: https://www.reddit.com/r/ccna/comments/j7njmw/i_passed_ccna_9241000_first_time_its_doable/?utm_medium=android_app&utm_source=share

You can find Brittany:
LinkedIn: https://www.linkedin.com/in/brittany-mussett-6836a2146/
Twitter: @NetEngRecruiter https://twitter.com/NetEngRecruiter
Current openings Brittany has: https://www.oscar-tech.com/consultants/brittany-Mussett
You can also find Brittany in our Discord Server, It’s All About the Journey!

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

10 Pieces of Advice for Network Engineers

This article first appeared on Tim’s blog, carpe-dmvpn.com

Recently I saw a post where different network engineers I really respect gave advice for new network engineers and it got me thinking. What would my own rules be, if I were trying to hand down some wisdom (as if I were wise) to someone starting in the field?

Credibility is the most important thing you possess.

  • More important than knowledge, connections, recognition and fame. Knowledge, connections, recognition and fame can be gained, lost, and regained. Credibility is a one-use item. Once lost, it is gone forever.

Own every mistake, no matter how stupid, no matter how large.

  • Even if it means getting fired. The truth always comes out, somewhere things are logged, evidence can be correlated, etc. A mistake is a mistake and can be forgiven or at least understood. Hiding it, covering it up, and denying it will damage your career far more than a human error ever would. This industry is smaller than you think, you don’t want that reputation to follow you.

Trust but verify.

  • If the sysadmin says the DHCP server is ‘having issues’, if the DBA says the database replication is ‘running slow’, if the infosec guy says there are strange traffic patterns, trust their expertise as you expect them to trust yours. Don’t be in such a hurry to push them away so you can get back to your own work. Be methodical. Take the extra time. If you give a noncommittal ‘No one else is having problems’ all you’ve done is ensure that person will be back with potentially useless evidence in five minutes, or worse, a critical incident is opened and it might be the network after all. Tell them what you need to further investigate, help them help you prove it’s not the network.

When there’s a fire, be the firefighter, not the police.

  • In places with very punitive leadership, often a critical incident is less about restoring services than it is about clearing yourself as a suspect. If the hot potato is yours, there’s no point trying to hand it off, so don’t waste time. Similarly, when another team is desperately trying to blame you to save themselves, don’t panic. The root cause is the root cause already, it’s not going to change. Get services restored. Investigation comes later. By the time you are working on a critical incident it’s too late to panic about whether or not it’s the network. Above all, remember Rule #1 and Rule #2.

Wireshark doesn’t lie.

  • No matter what strange things are happening, no matter how much it seems to be the network causing a problem, get a packet capture. I once implemented DHCP snooping and the next day DHCP was failing everywhere. After a Wireshark capture, it was proven to be an infosec security scanning application that locked the DHCP database on a Windows server so no new leases could be recorded. Wireshark showed the NACKs from the DHCP server rescinding the leases because it was unable to record the lease in the database. Critical incident root cause determined, not the network even though all the ‘evidence’ pointed that way. Get a packet capture.

When you are proven right, don’t be a jerk about it.

  • Everybody gets to ride the Right and Wrong carousel from time to time. Your coworkers will appreciate the humility and understanding, and you’ll strengthen bonds instead of cutting them. There’s rarely a prize for being right, but there’s always one for being a jerk about it. Hint: It’s not a prize you want.

When you are proven wrong, don’t be a jerk about it.

  • Don’t make up excuses for it. Don’t blame others (even if you believe others are to blame). It’s not a good look. If someone throws you under the bus, that will come out later when they do it to another. Guard your credibility. Everyone is wrong eventually, but how you act when wrong is how people will remember you.

There’s no such thing as being irreplaceable.

  • Don’t hoard knowledge and don’t try to become Brent from the Phoenix Project. If Brent had been a cantankerous ass who refused to train anyone, he would have been a liability, not irreplaceable. In short: Job security is in sharing what you know and helping the team succeed, not in being the only one with the keys to the kingdom. Someone like that is a threat to an organization, not an asset, and they will be dealt with eventually.

Automation isn’t the cure for human error.

  • It can minimize the occurrence, but make the blast radius global. Say it once more, with feeling. Automation allows you to screw up at scale. As the industry embraces network automation, remember that without understanding networking, how can you trust what you are automating?

Expertise is the result of experience.

  • All experience is useful. I’ve learned a lot from labs, from production, consulting, reading, watching videos. I’ve learned more from failure than success. Those who shortcut expertise doom themselves to a career of chicanery. Yes, I’m talking about cheating. Stop a moment and consider the end result of passing a test without the expertise associated. What is the next step, exactly? Will your next job have a dump of their network for you? The sad fate of these people is they tend to bounce from job to job quickly, as their lack of expertise is uncovered. Don’t doom yourself to a career of jumping around as you get discovered as a fraud. It’s far easier to just learn expertise than to fake it.

So, I came up with ten. I could have done far more but that was the idea, 10 essential rules. I’ll present them here, and I’m curious how you feel about them. So curious that I’m actually updating my blog.

By the way, here’s a link to that post, it’s far better than anything I can write. https://twitter.com/rowelldionicio/status/1262874206233980928

Faces of the Journey – Charles Uneze

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Charles!

Charles Uneze (network_charles) is from Nigeria, currently working as a freelance copywriter for an ISP in the western part of the country, in the city of Lagos. Back in 2013, Charles entered university to study agricultural engineering. He had applied for electrical/electronics engineering, but didn’t quite meet the marks for entry. The agricultural engineering program did not feel like a good fit for Charles, but it’s not always often for students who apply for public university to get admitted, so he took the opportunity. Private university can be easier to get into, but the cost was much more than Charles was willing to deal with. After running into some issues, in 2015, Charles made the decision to leave the agricultural engineering program to pursue something he really loved. By then he knew he had a passion for IT, reapplied for that program, and was admitted in 2016. The draw to network engineering came in the form of an IP addressing and subnetting class one semester in university. The interest only grew as Charles found like minded people on social media. He even found a Cisco Netacad instructor in the same city as him! Charles is striving to become a network automation engineer.

Follow Charles:

Blog

Twitter

Lost in Networking on Twitter

Alright Charles, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? IT is an intricate field where sub-fields are complicated, mixed up, and shiny. I will recommend they visit www.cybrary.it and watch a free course titled “Introduction to IT & Cybersecurity.” The course speaks about fields like System Administration, Network Engineering, Penetration Testing, etc. After they have found the field which suits their personality, it may feel like suffering when they see the books to read because they are stepping into a strong current. I want them to understand that no heart suffers when it goes in search of its dreams, because every second of the search is a second’s encounter with God and eternity. COURAGE IS ESSENTIAL.

What is something you enjoy to do outside of work? I watch a lot of movies. I’m currently watching a new drama series called “We Are Who We Are”. Everyone in the series is still figuring out who they are by testing boundaries. Aside from movies, I enjoy playing board games like Scrabble or strolling to clear my head at the beach.

Charles and his sister.

What is the next big thing that you are working toward? The next big thing I am working towards is improving my Python, Linux, and Git skills. Currently, the big thing I am working on is understanding Computer Networking Technology via the CCNA certification. If I combine that knowledge with Python, Linux, and Git, my Infrastructure as a Code skill will be ripe to dive into certifications like Cisco DevNet without stress.

When learning something new, what methods work best for you? First, I make a list of things to be done, to avoid being misled/distracted by another shiny task. Next, I read a chapter and make highlights of new things I have learned. Then, I buy a full 60 leaves notebook where I write down summaries of highlighted texts from the book. Lastly, I lab it up, over and over again until I am comfortable with the concept. Often, I also blog about the extremely difficult topics which stress me. Blogging about it also feels like a second note taking to me, because I refine again how I have previously written the concept.

What motivates you on a daily basis? I don’t want to be imprisoned in my immediate world and get stuck with a daily routine of having the same kind of conversations with friends around me. I want to expand my mind and nurture this gift God has given to me. Also as the first son of my family, I have to carry others along and provide for their needs when it is required. So I must work hard and smart.

Bert’s Brief

It’s always a fun conversation with Charles. He is very active in the “It’s All About the Journey” community and often joins the weekly happy hour chats in the Discord channel as well. I absolutely love the curiosity and enthusiasm from Charles. It’s almost like he comes to conversations prepared with questions to ask and thoughts to share. How he uses blogging as a method of studying and retaining knowledge is creative and incredibly smart. He is a very driven person who is constantly chasing his passion. If you ever get a chance to have a conversation with Charles, I strongly recommend it. I cannot wait to hear what is next for Charles!

Ep 18 – Carl!

This week we talk to Carl! Carl shares his journey from the Marines, to FedEx, and then into IT. Carl also shares his experience preparing for, and taking, certification exams.

Check out Carl’s article on the AONE Blog – The Art of Preparing for a Cisco Exam.

You can follow Carl on Twitter, he is @cfzellars4 (https://twitter.com/cfzellers4)

Cisco Press Enterprise Design Book – https://amzn.to/2IHvA63
300-730 – Implementing Secure Solutions with Virtual Private Networks (https://learningnetwork.cisco.com/s/svpn-exam-topics)

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

My Advice on being a Traveling Parent

This article first appeared on A.J.’s blog, blog.noblinkyblinky.com

In my position I travel a fair amount for work. This is certainly not a new thing for me, I have traveled in the past for previous employers. What is new, however, is that my youngest son is getting older and has become more aware of my absence. With that has come more emotions, understandably. One trip, however, changed everything.

This image has an empty alt attribute; its file name is img_1532.jpg

Meet Astro. If you work in IT or with Enterprise Applications you may recognize him as one of the furry mascots for Salesforce. I attended Dream Force in 2017 and ever since I brought Astro home my youngest son fell in love with him. They go everywhere together, and now he goes everywhere with me.

My son would get really, really sad when I was gone. So sad it would make my travel extra difficult for my wife. One trip we decided to try something new. We let my son pick a cuddly friend that would travel with me. Of course, he picked Astro. I brought Astro on my trip and took pictures of him on our journey. Here he is on the coast of Maine.

This image has an empty alt attribute; its file name is img_1542.jpg

Viewing the outdoors is not the only thing Astro likes doing, he also likes getting into trouble. He really loves to trash my hotel rooms.

This image has an empty alt attribute; its file name is 57818571645__b3f4cb7f-b0d5-4306-b53d-dfa7ec896166.jpg

Seeing these pictures and FaceTiming with Astro and I has made a significant improvement in my son’s mood while I’m away. He seemingly looks forward to my trips now because he is so curious and excited about what Astro is going to do next. This helps ease the anxiety and sadness exponentially.

We even kept the magic alive during a recent family trip where my son brought his Astros – yes we have 3 of them, Red, Blue, and Black. The three of them really did a number on our hotel room! The magic and wonder in his eyes upon our return was more than worth it!

This image has an empty alt attribute; its file name is img_3780.jpg

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

This image has an empty alt attribute; its file name is img_3603.jpg
This image has an empty alt attribute; its file name is img_3605.jpg

The best part is that I’ve also started sharing some of these photos on my social media accounts and my friends and family love keeping tabs on Astro as well! I was recently at a family BBQ where several people asked me about Astro and told me that they love seeing the pictures and get a good laugh out of what I post.

Besides traveling with a stuffed co-pilot…

The only other advice I’d give, that seems to work for me and my family, is be more present. When you’re gone it’s noticed. So, when you’re home make sure it’s noticed.

I try to help out more around the house, be the one to handle daycare drop offs and pick ups, and do more of the bed time routine. I typically ramp up prior to leaving and after my return. If my schedule will permit me to be home for a longer period of time then my wife and I tend to load-balance all of these things – work gets done and no one person is over saturated.

What about older kids?

In addition to a four year old I also have a teenager. The teenager misses me just as much as the four year old. However, my teenager isn’t as interested in pictucres of a stuffed animal doing funny things. What helps with him are phone calls, FaceTime, text messaging, and I keep an eye out for things that interest him.

For example, like most teenage boys he’s into fancy exotic cars. I was recently traveling in San Jose, CA for Network Field Day 21. As we were leaving a venue there were three cool looking cars parked out front. I was sure to snap a photo and text it to him.

This image has an empty alt attribute; its file name is img_0165.jpg

Doing little things like this helps show him that he’s on my mind even while I travel.

What else?

If you travel for work I’d love to hear what works for you. Shout it out in the comments or tweet me on Twitter!

As always, thanks for stopping by!

Ep 17 – The A.J. and Aaron Show

In this episode, you guessed, it’s just A.J. and Aaron. A.J. shares the latest journey he’s begun, discussing physical vs digital books, and more. The guys also discuss study habits and styles, and the idea of “total compensation” with your employer.

Apologies for the poor audio on A.J’s side – he had the wrong input device selected when they recorded…

DevNet Associate OCG – https://amzn.to/2ThDBQO
Post it note flags – https://amzn.to/31yJZYE
ACM Professional Membership regularly $99/yr, and Student is $19/yr!
Profesional: https://services.acm.org/public/qj/profqj/qjprof_control.cfm?promo=PWEBTOP&form_type=Professional
Student: https://services.acm.org/public/qj/quickjoin/qj_control.cfm?promo=PWEBTOP&form_type=Student

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

2020 Geek to Geek Pick Me Up Exchange

This article first appeared on Ben’s blog – packitforwarding.com

I don’t know about you, but this year has really kept me kind of down. I really missed seeing friends at tech conferences this year and I’m starting to go a bit stir crazy limiting my travels to about 10 miles from home. That’s why I am inviting you all to participate in a little fun.

I’m proposing a Geek to Geek exchange. Starting now and until November 13th, I will be accepting participants using this form.

I want this to be fun for all so please be considerate of others. Only sign up if you can commit to sending something (possibly internationally) by December 15th. The packages don’t have to be elaborate, just a little fun to make someone’s day. Who doesn’t like getting a package in the mail? Please no bag of dicks or other such “novelty” sites.

I promise that all data collected will only be shared with your secret Geek match and that it will all be securely deleted after the event is over.