Learning Linux and my First Ansible Playbook

So Linux has never been my daily driver until a few months ago. Now it’s my daily driver for work and home and with that I’m learning a lot and since you can use a lot of the applications in conjunction with each other with piping and what not. So in essence, learning one new tool or application can open up unseen possibilities in other tools.

The coolest command I learned this past week is watch. In my day job I’m often deploying tools that create logs, like Zeek, and I’d often ls or ll to see if I was having logs created or if the conn.log was getting bigger. Enter watch, simply run any command as you normally would and ‘<ctrl> a’ and add watch to the beginning of the command. Doing this, you get your normal output but it updates every two seconds and if any values change they will change within the output. I found myself using this command again when I was monitoring my kubenertes cluster, instead of ‘kube get pods’ I’m now typing watch ‘kube get pods.’ I’d have it open like a dashboard when deploying or troubleshooting pods.

Then later on in the work week I started having an issue with trying to track time on all of my devices. I surmised that when time got too far off one of my applications would begin to fail. My first attempt was a bash script that simply ssh’d to each device and ran the time command. But by the time I got to the 8th or 9th device, since I was putting in the password, I wasn’t really getting the result I was looking for. So if you got a hammer use it on everything right?! I ended having 10+ windows open, all small and organized on my desktop running ‘watch timedatect’ and I would watch the timing of my devices slowly drift and in due time, prove my hypothesis.

Then came the weekend, and I started looking into ansible. I found an example where they had used one command to connect to and check the time of all the devices in their inventory file. This really perked my interest. Could I have found a tool even cooler than watch in less than a week?!

Interlude: I installed gns3 and started a small topology of cumulus Linux devices to go on this ansible adventure. I’m not going to dive too far into the specifics of the playbook as far as indention or how to or where to put vars as the documentation is really good. Google is your friend here. I’m just here to walk through my first playbook 🙂

The first thing I did when starting this adventure into my first interaction with ansible was creating an inventory file:

[atlanta]
spine01 ansible_host=192.168.49.3
spine02 ansible_host=192.168.49.4
leaf01 ansible_host=192.168.49.5
leaf02 ansible_host=192.168.49.6
leaf03 ansible_host=192.168.49.7

[atlanta:vars]
ansible_user=cumulus
ansible_python_interpreter=/usr/bin/python

Next I used ssh-keygen and shipped a public key to all the devices in my topology so I could connect without username:password. A quick google search of ssh-keygen will get you squared away in no time. This is all what’s needed to do what I was trying to do at work earlier in the week, check the time on all my devices:

ansible all -a "date"
leaf01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf03 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC

Since I’m trying to learn automation I began to brainstorm what could my first ansible playbook do?! A playbook is simply a series of tasks rather than just running one task like illustrated above. To do this I followed along with the cumulus documentation and did one of my switches manually so I understood the steps and what was needed to accomplish this task. In short, here are the main things my ansible playbook needs to do:

  • edit two lines of a conf file
  • enable and start two services

Let’s try to go line by line-ish on what’s happening in my playbook.

---
- hosts: all

I guess the beginning of all yaml files, of which the playbook is, starts with a ‘—‘ and the second line is saying that I want to run what follows and all the things in my inventory file.

  become: yes
  vars:
    conf_path: /etc/nginx/sites-available/nginx-restapi.conf

Become with the switch to yes is saying that you want to be root and on the next line i’m declaring the value of the variable conf_path which I’ll call later in the playbook.

  tasks:
    - name: edit the nginx-restapi.conf file
      replace:
        path: "{{ conf_path }}"
        regexp: 'listen localhost:8080 ssl;'
        replace: '# listen localhost:8080 ssl;'

Here is the first task, of which you can name whatever you want. In path, I call the variable above and then I do a regex search and then replace with the last line. The goal of this task is to comment out a line.

    - name: edit another line from file
      replace:
        path: "{{ conf_path }}"
        regexp: '# listen \[::]:8080 ipv6only=off ssl;'
        replace: 'listen [::]:8080 ipv6only=off ssl;'

In this task I’m trying to uncomment a line. I also had to escape the [::] in the regex search, which tripped me up for a bit.

    - name: enable nginx service
      ansible.builtin.service:
        name: nginx
        enabled: yes
    - name: start nginx service
      ansible.builtin.service:
        name: nginx
        state: started
    - name: enable restserver
      ansible.builtin.service:
        name: restserver
        enabled: yes
    - name: start restserver
      ansible.builtin.service:
        name: restserver
        state: started

The rest of the playbook is just enabling and starting the needed services as speechified in the cumulus linux documentation. All together the playbook looks like the following, of which, with all yaml files indentation is very important.

---
- hosts: all
  become: yes
  vars:
    conf_path: /etc/nginx/sites-available/nginx-restapi.conf
  tasks:
    - name: edit the nginx-restapi.conf file
      replace:
        path: "{{ conf_path }}"
        regexp: 'listen localhost:8080 ssl;'
        replace: '# listen localhost:8080 ssl;'
    - name: edit another line from file
      replace:
        path: "{{ conf_path }}"
        regexp: '# listen \[::]:8080 ipv6only=off ssl;'
        replace: 'listen [::]:8080 ipv6only=off ssl;'
    - name: enable nginx service
      ansible.builtin.service:
        name: nginx
        enabled: yes
    - name: start nginx service
      ansible.builtin.service:
        name: nginx
        state: started
    - name: enable restserver
      ansible.builtin.service:
        name: restserver
        enabled: yes
    - name: start restserver
      ansible.builtin.service:
        name: restserver
        state: started

To further improve this playbook, while it does work, I’ll build in some checks to verify everything is working as it should so you don’t have to do it after the playbook runs. To run the playbook I use the following command:

ansible-playbook enable_RESTAPI.yml --ask-become-pass

I use the –ask-become-pass so that I can enter in the root password for the devices instead of me hard coding them as a var or something. There maybe another way but today that is where we stand.

Thanks for hanging out with me and going through my very first ansible playbook journey. I’ll leave you with the verification that the REST service is working on the cumulus device, till next time!

$ curl -X POST -k -u cumulus -d '{"cmd": "show interface json"}' https://192.168.49.4:8080/nclu/v1/rpc | jq
Enter host password for user 'cumulus':
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4373  100  4343  100    30  12268     84 --:--:-- --:--:-- --:--:-- 12353
{
  "bridge": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": [
        {
          "vlan": 10
        }
      ],
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": true,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 229,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 540,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": "10",
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "",
    "connector_type": "Unknown",
    "mode": "Bridge/L2",
    "speed": "N/A"
  },
  "vlan10": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 208,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 540,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "192.168.49.4/24"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": {
        "ipv4": [
          "02:42:b3:6f:5f:9b",
          "0c:b0:0e:07:88:01"
        ],
        "ipv6": []
      }
    },
    "linkstate": "UP",
    "summary": "IP: 192.168.49.4/24",
    "connector_type": "Unknown",
    "mode": "Interface/L3",
    "speed": "N/A"
  },
  "lo": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 65536,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "00:00:00:00:00:00",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 3393,
        "MTU": 65536,
        "Flg": "LRU",
        "TX_DRP": 0,
        "RX_OK": 3393,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "127.0.0.1/8",
          "::1/128"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "IP: 127.0.0.1/8, ::1/128",
    "connector_type": "Unknown",
    "mode": "Loopback",
    "speed": "N/A"
  },
  "mgmt": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 65536,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "8a:9d:94:9a:3f:8f",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 0,
        "MTU": 65536,
        "Flg": "OmRU",
        "TX_DRP": 13,
        "RX_OK": 0,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": [
          "127.0.0.1/8",
          "::1/128"
        ]
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "IP: 127.0.0.1/8, ::1/128",
    "connector_type": "Unknown",
    "mode": "VRF",
    "speed": "N/A"
  },
  "swp1": {
    "iface_obj": {
      "lldp": [
        {
          "adj_port": "swp3",
          "adj_mac": "0c:b0:0e:07:88:00",
          "adj_mgmt_ip4": "192.168.49.2",
          "adj_mgmt_ip6": "fe80::eb0:eff:fe07:8801",
          "adj_hostname": "JumpSwitch",
          "capabilities": [
            [
              "Bridge",
              "on"
            ],
            [
              "Router",
              "on"
            ]
          ],
          "adj_ttl": "120",
          "system_descr": "Cumulus Linux version 4.3.0 running on QEMU Standard PC (i440FX + PIIX, 1996)"
        }
      ],
      "native_vlan": 10,
      "dhcp_enabled": false,
      "description": "",
      "vlan": [
        {
          "vlan": 10,
          "flags": [
            "PVID",
            "Egress Untagged"
          ]
        }
      ],
      "asic": null,
      "mtu": 9216,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:01",
      "vlan_filtering": true,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 322,
        "MTU": 9216,
        "Flg": "BMRU",
        "TX_DRP": 0,
        "RX_OK": 2318,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": "10",
      "ip_neighbors": null
    },
    "linkstate": "UP",
    "summary": "Master: bridge(UP)",
    "connector_type": "Unknown",
    "mode": "Access/L2",
    "speed": "1G"
  },
  "eth0": {
    "iface_obj": {
      "lldp": null,
      "native_vlan": null,
      "dhcp_enabled": false,
      "description": "",
      "vlan": null,
      "asic": null,
      "mtu": 1500,
      "lacp": {
        "rate": "",
        "sys_priority": "",
        "partner_mac": "",
        "bypass": ""
      },
      "mac": "0c:b0:0e:37:ae:00",
      "vlan_filtering": false,
      "min_links": "",
      "members": {},
      "counters": {
        "RX_ERR": 0,
        "TX_ERR": 0,
        "RX_OVR": 0,
        "TX_OVR": 0,
        "TX_OK": 0,
        "MTU": 1500,
        "Flg": "BMU",
        "TX_DRP": 0,
        "RX_OK": 0,
        "RX_DRP": 0
      },
      "ip_address": {
        "allentries": []
      },
      "vlan_list": [],
      "ip_neighbors": null
    },
    "linkstate": "DN",
    "summary": "Master: mgmt(UP)",
    "connector_type": "Unknown",
    "mode": "Mgmt",
    "speed": "1G"
  }
}

Ep 47 – Get Awoken When it’s Broken!

This week we’re talking about everything on-call! What is it? What’s being “on-call” actually look like? What it means to various organizations. And most importantly – what you should look for when interviewing with a company when discussing being on call and compensation.

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Ep 46 – Time Management

In this episode we’re talking about time management. We share tips and tactics we use to make the most of our time. What do you use to help manage your time? We’d love to hear from you! And, we’ve got some really exciting news, but you’ll have to listen to find out!

A.J.’s app recommendations:
Todoist – https://todoist.com/
Forest – https://www.forestapp.cc/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Endpoints and Servers

In this post of the CCNA Series, we will be covering endpoints and servers in the network. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > Endpoints and Servers. While studying in-depth enterprise network infrastructure topics and concepts, I think it can be easy to gloss over why the network is there in the first place. I always like to think of the network as a service that is there to support business functions. Businesses utilize technology for many reasons, for example to become efficient, scalable, and to provide excellent outcomes. Typically, they look to implement and leverage applications to achieve these goals. Well, those applications need to be able to be accessed and hosted (or served) somehow. That is where endpoints and servers enter the picture. If enterprises didn’t have endpoints and/or servers, then we wouldn’t really have a need for networks, would we?

Endpoints

Endpoints are the actual devices that connect to our networks so that we can gain access to those business critical applications that we brought up earlier in the post. In the last post around L2 and L3 switches, we introduced the concept of the three-tier architecture with the core, distribution, and access layers. As depicted in the image above, endpoints can be thought of as being at the edge of the network, so naturally, they connect to our access layer switches that provide initial connectivity or entry into the network at the edge. Endpoints can connect to the network either wired via directly connecting to a switch, or wirelessly, leveraging radio waves to connect to a wireless access point. Examples of common endpoints at the access layer are desktop and laptop computers, printers, phones, tablets, and scanners. Some endpoints, such as desktops and laptops are used to access applications and services, while other endpoints, such as printers, provide a service. For example, a laptop can communicate with a network attached printer to print documents. Endpoints in the network are used to gain access to services, as well as provide services themselves.

Servers

At a basic level, servers can be thought of as endpoints as well. They connect at the edge of the network just as end user endpoints do. The difference is that servers typically connect to the data center access layer versus the end user access layer such as a switch in a small data room on a floor of a building. It was stated earlier that businesses rely on the network to provide access to critical applications. Well, those applications are hosted on devices called servers. Servers can be physical (meaning typically one application per box), or virtual (meaning multiple apps/servers per physical machine). Also, servers can be hosted in on-premises data centers, external co-location facilities, as well as “in the cloud”. Examples of applications or services hosted on servers are email, websites, ecommerce systems, and media servers. To round this out, in our enterprise business example, servers house the applications that provide value to the business.

But Why?

Conclusion

I think it is important to remember that the network is a service (or potentially even a utility, if you want to take it that far). In an enterprise setting, the network is necessary because access to applications and information drives a business forward. Client or user endpoints are leveraged to gain access to those business critical applications, and servers house or host those applications and information. The network is there to provide the connectivity from the client endpoints to the servers that host the applications.

Ep 45 – Softskillz

In this episode, Dan, A.J., guest host Tim Bertino, and returning episode guest Tim McC talk about soft skills, their importance, how to sharpen them, and more. Join us as we share our experience with our own soft skills and were we see their importance shine the most.

Cisco config rollback documentation – https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-rollback-confirmed-change.html

Follow Tim Bertino:
blog: https://netication.com/
Twitter: https://twitter.com/TimBertino

Follow Tim McC:
blog: https://carpe-dmvpn.com/
Twitter: https://twitter.com/juangolbez
YouTube: https://www.youtube.com/channel/UC60oFllzMzQQmlhIQMkMa8g

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Faces of the Journey – Teneyia Wilson

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Teneyia Wilson is a Network Engineer originally from Denver, Colorado, who recently found herself back home. In 2004, Teneyia and her family moved away from Colorado. Being part of a military family, she and her family have lived in many cities in the last sixteen years. Teneyia currently holds two network engineering positions (yes, you read that correctly, two), one of which as a Network Engineer III with the ISP, Spectrum. If you thought that holding two network engineering positions was impressive, get this, IT/network engineering is not Teneyia’s first profession. Before getting into IT professionally, she ran a personal training studio from 2012 to 2019, while also managing a retail store with GNC. Teneyia has been fascinated with technology since middle school and knew then that she wanted a degree in IT, but took a different path for a while. Then, in 2018, she decided to quit her retail job to become a Network Engineer. She went to Barnes and Noble to purchase the CompTIA Network+ book and the Cisco CCNA 200-125 book set. At that time she was not working, so she spent five to eight hours a day reading, taking notes, and watching videos to catch up on the technology that she had missed out on over that nine year window. Teneyia found quickly that getting certifications made sense to her to be able to break into IT so that she could build experience and grow on a technical level (but she has not stopped the certification study by any means). After achieving both the Network+ and CCNA certifications, Teneyia got a help desk position at a managed service provider (MSP). A year later, she earned the CCNP Routing and Switching certification, and accepted a position as a Network Administrator with DXC Technology. In August of 2020, Teneyia moved back to Colorado and is now a Network Engineer with a 911 dispatch center and Spectrum. Teneyia’s fascination with technology started early in life by taking apart a Nintendo NES, computers, and phones to see how they worked. Teneyia is always striving to be a great engineer, who is highly skilled at troubleshooting and design, while helping others along the way. She is currently studying for the CCIE certification and will one day become a Principal Engineer or Solutions Architect.

Follow Teneyia:

Twitter

LinkedIn

Alright Teneyia, We’ve Got Some Questions

What did you want to be when you “grew up”? A multi-business owner. I had plans/ideas for restaurants and clothing lines. I use to love cooking and making clothes. I created a whole clothing line/brand between 2003-2009.

What advice do you have for aspiring IT professionals? Like anything else, don’t rush the process. Take your time to fully understand the technologies. Know how and when to use them. Ignore the imposter syndrome, no one knows everything. Take risks and never stop learning.

What is something you enjoy to do outside of work? Outside of work, I love lifting weights and competing in bodybuilding competitions. I also have a project car. I’m not in the car scene as much as I was when I was living in Los Angeles but still love fixing up and cruising in my 350z.

How do you manage your work/life balance? When studying for certs and/or training for a bodybuilding show, I create weekly schedules and stick to them. I schedule work, family time, errands, study, gym, everything. I prioritize most important to least and try not to deviate. In the off season and when I’m not preparing for a cert exam, work stays between 9am-5pm. I completely shut off computers and work thoughts to spend time doing what my family wants to do.

When learning something new, what methods work best for you? When learning something new, I like to get the information in multiple ways. I read books, watch videos, ask questions to people who have experience and get as many hands-on hours as I can. Even when I don’t have access to get hands-on practice, I find alternate ways to “do” the things I’m learning. For example, I write out or type in notepad configurations over and over when I don’t have access to physical equipment or an emulator. When I didn’t have real people to practice leading fitness classes, I setup my video camera and lead the workout like it was a gym full of people.

Bert’s Brief

“Discipline is more important than motivation!” This is the current pinned tweet on Teneyia’s Twitter profile. I guess I’ve always kind of thought that finding motivation or “the want” to do or accomplish something was the most important thing. Well, as Teneyia has shown, that’s only part of it. I’ve now shifted my thinking that motivation is really just the beginning. To achieve something that is important to you, discipline is the real secret sauce here. If you can find a way to stay consistent on your path, you will get there. Teneyia’s journey is great example of this. She decided to shift into IT just three years ago and what she has accomplished since then is really incredible. Teneyia does not keep her passion to herself, by working to help others along the way. Although she has already accomplished so much, this is really just the beginning for Teneyia and I predict that there are big things to come in the future. Check out Teneyia’s episode on the AONE podcast. One thing that I learned from that episode that I have already put in to practice is to give myself just five seconds to be scared or overwhelmed in a situation. After that five seconds, you put it behind you and focus. I have a feeling that will stick with me for a long time.

Ep 44 – IT Factor Crossover!

In this episode, two worlds collide! We chat with Frank Padikkala and the IT Factor podcast! We talk with Frank about the similarities between IT and AV professionals and how the two worlds often meet. We encourage Frank’s listeners to join us as we know a lot of the members of our own community have roots deeply embedded in AV. And we learned that Frank obtained his CCNA at just 17 years old!

Follow Frank on Twitter: https://twitter.com/frankpadikkala
Check out AV Nation and The IT Factor!
https://avnation.tv/
https://twitter.com/AVITFactor

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

GIAC Certified Intrusion Analyst (GCIA) // SANS503 Review

If you’ve been following my feed a bit, you know I’ve been going pretty strong for the last four months into SANS503. More than half the blog posts I’ve had published on this site were dedicated to a tool introduced or covered in this course. Well, I cleared the exam and it’s probably in no small part due to blogging. Not that blogging or studying in public was the only thing that amounted to a successful exam but it surely did help in my opinion. In the following I’m going to reflect a bit on the SANS503 course and GCIA exam.

I know, the major drawback to SANS courses is cost, and I get that. Each 5-6 day course runs on the plus side of seven thousand dollars and a certification attempt is no small pocket change either. That aside, if we are just here to judge content, this was the best cyber related course I’ve taken and the best certification experience I’ve ever had. To put this into a little bit of context, I’ve taken 7 Cisco exams at the associate and professional level, 4 Juniper associate level tests and 3 CompTIA exams. I’ve subscribed to INE, CBT Nuggets, Pluralsight, Linux Academy and O’Reilly Books. This course bests everything I’ve done up to this point. Perhaps this is just a hint that I need to do more focused training and less video on demand type stuff?!

SANS503 (the course)

The number one thing I liked about the course was the Virtual Machine and the Lab Workbook. Each section of the class concluded with lab exercises that we completed on our vm. We created rules, tuned rules, searched pcaps, created packets, created scripts and had a comprehensive capstone exercise to bring everything together. I went through this workbook twice. I probably spent 100 hours in the exercises alone. I went through the first time as I was following along with the course. I needed a lot of hints and had to do a lot of extra research as most of these tools were new to me. The second time through, I did almost all the exercises without using any of the hints. Really felt like I got the foundational understanding of how to use the main tools discussed during the class, namely, snort, tcpdump, tshark, scapy, wireshark and zeek.

I did the self paced version of the course. I got a recorded version of the course that I could watch at my own pace. This was perfect for me. As I mentioned before, this was the first time I’d ever used snort or wrote a snort rule. So I got to take my time with the material and really hone in on the fundamentals of using the tool. The instructor was excellent, clear and engaging even though it was not interactive. Besides just learning some tools the class also dug into major protocols. We went through ethernet, ip, tcp, udp, icmp, dns, smb, http and tls. One of the major themes of the course was being able to parse these different packets in hex. After doing this for a few months it’s not so difficult to pull out the next header field and what have you.

GCIA (the certification)

The certification exam was difficult for me. I had done one practice exam before taking the actual exam and scored an 89%. Not only that, I had more than an hour to spare. This had me feeling very confident. On the actual exam, as opposed to the practice test I took, I didn’t get any feedback per question, whether it was right or wrong. For whatever reason, perhaps just the added pressure of it ‘being an exam’ I was second guessing myself and was looking up more answers and even verifying answers I knew were right (it’s an open book exam). When I submitted the last question I had one minute remaining of my four hour allotted testing time. I scored two points lower than my practice test when all was said and done, an 87%.

What I like most about the exam is that since it is open book, there isn’t any really stump the chump kind of feeling when an obscure question about an IP option comes up. Instead, using documentation you can easily decipher what you need and come up with the answer.

Before going through the examination process I had read in other blog posts or youtube videos of people making an index. People would go through each book and index terms so that when they came across a question they could go to their index and hopefully find the answer in a reasonable amount of time. I did not do this, I used the index provided in the lab book portion of the materials and truth be told I didn’t use it that much. My thought process is that if you put in the time on the material (there are five main books), you will have a pretty good idea of where to start looking for that topic.

Lastly, one of the coolest parts of the exam is that it has a VM portion where you interact with pcaps using the tools and protocol knowledge outlined in the course to pull out answers. This was way more slick than any Cisco simulation I’ve ever done. Overall I think the exam really covered everything in a fair and balanced way and didn’t at all feel like a random trivia question extravaganza.

Conclusion

If you get the chance definitely take the opportunity to do some of their training. I’m hoping to take FOR572, Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response and the associated GNFA next. It will, I’m sure, be covering a lot of the same tools but I’m excited to get the point of view of a different instructor that will hopefully shed light on new things.

Also, I think I’m going to continue to keep blogging a bit here. I started out not knowing whether I would like it or find it useful. I think blogging and ‘studying in public’ is kind of a way to hold myself accountable even when the passion or motivation maybe lacking a bit that day. Hope you will continue this journey with me and I’ll see you on the other side on our next adventure.

Ep 43 – You get 5 Seconds

In this episode, we talk to Teneyia! She shares her upcoming story on how she went from being a fitness trainer to Network Engineer. She shares her viewpoints on motivation vs discipline, and why one matters way more than another. She also gives great advice on handling interviews, and what to do when you are in a situation that makes you feel nervous or scared. Enjoy this episode with Teneyia!

Follow Teneyia:
Twitter: @TeneyiaW
LinkedIn: https://www.linkedin.com/in/teneyia-wilson/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – L2 and L3 Switches

In this edition of the CCNA Series, we are going to cover network switches. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > L2 and L3 switches. Before we get into the difference between Layer 2 and Layer 3 switches, let’s describe and understand what switches are and what their role is in a network. In their simplest form, switches are hardware or software devices that provide connectivity to the network. For the simplicity of this article, unless otherwise specified, we will be focusing on hardware based (physical) switches. Who and/or what do switches provide connectivity to the network? Well, that depends upon which “layer” the switch resides. In the traditional campus infrastructure model, we can look at the network as having three layers; access, distribution and core.

Traditional 3 layer campus design
  • Access Layer
    • The switches at the access layer provide endpoints, or devices their initial connectivity to the network. The access layer can be thought of as the edge of the campus network, because this is where the network begins for devices. This is where our computers, printers, phones, and much more, connect to the network. The network is providing the service of delivering data to the required destinations for the connecting devices.
  • Distribution Layer
    • While the purpose of the access layer is for switches to connect to endpoints, the distribution layer switches connect to other switches. The distribution layer bridges the gaps between access layer switches at the local site (intra-site communication), and the local site access layer and the core layer, which provides connectivity to other sites (inter-site communication). The distribution layer provides two main functions, that both stem from the concept of network scalability.
      1. Acts as an aggregation layer for the access layer switches. As the number of access layer switches grows at a site, it is not functionally or cost effective to connect each access layer switch together directly to provide connectivity between them. It makes more sense to create a layer of switches “above” the access layer to provide the intra-site connectivity.
      2. Provides connectivity to the core layer which in turn provides connectivity to other sites (inter-site connectivity).
  • Core Layer
    • The purpose of the core layer is similar to the distribution layer in that it provides the service of aggregating switches to provide scalability. However, rather than aggregating access layer switches, the core layer ties together the different distribution layer switches between sites. Configuration and service-wise, we try not to get too fancy with the core layer. The core is there primarily to move packets through the network (between sites, if you will) as quickly as possible. In depth security and authentication services are typically handled in the lower layers of this three-tier model.

Now that we have covered the very basics around the purpose of switches and their roles depending on where they live in the network, let’s now describe, compare, and contrast Layer 2 and Layer 3 switches. Back in the “old days”, switches solely provided the Layer 2 functions in the network and routers (previous post) solely handled the Layer 3 functions. Switches typically have many physical ports and as stated earlier, connect to either devices at the edge of the network, or to other switches to get up or downstream in the network. Routers, on the other hand, tend to have fewer ports and provided routed (Layer 3) connectivity between different network segments. What do we mean in the traditional sense of switches operating at Layer 2 and routers at Layer 3? At Layer 2 of the OSI Model, we forward data (called frames) through switches based on their destination MAC addresses (burned in, or hardware addresses). In contrast, at Layer 3, data (called packets) is forwarded through routers based on destination IP addresses (logical addresses).

Layer 2 Switches

As covered in the previous section, switches operate at Layer 2 of the OSI Model by default. As frames flow through a switch, the switch builds what is called the MAC address database (aka the MAC table). The MAC table is used to properly forward data frames to the correct destinations. When a frame enters a switchport, the switch takes note of the source MAC address, the port the frame entered the switch on, and the VLAN that the port belongs to, and adds that as an entry into the MAC table. Later, when a frame enters the switch with a destination address of that first MAC address that was added to the table, the switch knows which port to forward that frame out. If that original device/MAC address gets moved to another port, the MAC table will be updated to reflect the port move. At Layer 2, VLANs are used to provide network segmentation. An access port on a switch can only belong to a single data VLAN, and traffic from a VLAN should only be forwarded out ports in the same VLAN. For traffic to cross VLANs, a routing function is needed.

Layer 3 Switches

Again, traditionally, Layer 2 functions have been handled with switches, and when subnets have been needed to be defined and Layer 3 forwarding used, we had relied on separate devices, called routers. As switches developed over the years and resources could be added to them, they began to be able to handle more functions. It then became a popular question that if switches can handle handle routing functions from a resource standpoint, do we really need separate hardware routers everywhere in the network that we define a Layer 3 boundary? Enter, Layer 3 switches. Layer 3 switching is just another way to say that we are providing routing functions in a switch. This can be handled in few different ways from an interface standpoint.

  1. Routed Port
    • This is a native Layer 3 interface on a switch and most resembles a “normal” interface on a traditional router. To recap, switches operate a Layer 2 by default, so to convert a Cisco switchport to a routed port, the command no switchport is entered on the interface. After that, an IP address and subnet mask can be entered just like on a traditional router interface.
  2. SVI (Switch Virtual Interface)
    • An SVI is a virtual Layer 3 interface on a switch that corresponds to a specific VLAN. Before Layer 3 switches, to provide routing for devices on a VLAN, we would need connectivity to an external router via access or trunk ports and the router would handle the Layer 3 functions of separating routed networks and forwarding packets between networks/subnets. An SVI is initiated by entering the global config command of interface vlan vlan-id. Then, an IP address and subnet mask can be defined. Finally, the SVI needs to be enabled with the no shutdown command.
  3. Layer 3 Portchannel
    1. To provide higher bandwidth and resiliency at Layer 3 on a switch, a Layer 3 portchannel can be used. The physical member interfaces need to be configured for Layer 3 with the no switchport, added into a portchannel, then the IP and subnet mask information is configured on the portchannel interface.

But Why?

Summary

Many switches out there today can operate at both Layer 2 and 3, which can cut down on the amount of network hardware that is needed. As always, when selecting solutions, you need to determine your network requirements to make sure you are selecting the correct gear to suit your needs. You can think of a Layer 3 switch as a switch that can also act as a router.

TSHOOT – Linux Networking Style

When I got restarted in networking circa 2018-19 everyone on my timeline would always profess how much they loved Cisco’s TSHOOT exam. People had tickets to do and felt like they were showing off what they knew, their experience, rather than answering trivia questions. “I always recert my CCNP with the TSHOOT exam…” or so the story went.

Enter Cumulus Linux, the networking arm of Nvidia. They’ve had a cumulus in the cloud offering for sometime now and I logged in the other day after a long hiatus just to check things out. They are currently running Cumulus Linux version 4.3 with vim now on it’s standard image 🙂

Cumulus Linux – Where Networking Magic is Created

There was one new thing that really caught my eye. One of the ‘Demo Modes’ they have now, once you are all logged in and have your virtual 2 racks of equipment powered on, virtually cabled and spun up is called ‘Challenge Labs.’ Currently, there are 4 challenge labs. Each lab is loaded and solution validated from the oob-management-server within the topology by way of an bash script. To load the first challenge you simply run a bash script that loads the configuration to the applicable devices using an ansible playbook.

cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a load

Challange #1

Server01 is unable to ping server02 or server03. Server02 and server03 are able to ping each other.
Challenge #1 Topology

Here we go! Are your wheels spinning? Are you coming up with possible issues and areas to look? The first thing I like to do when I first encounter a problem ticket is:

  1. Check power (is it plugged in?)
  2. Check physical connections (is the ethernet cable plugged in?)
  3. Verify the documentation/topology (fix documentation if incorrect)
  4. Recreate the issue, in this case, verify the ping fails from server01 -> server[02|03]

I don’t really have to worry about power here since we are all virtual but I can verify that the IPs in the diagram and the interfaces connecting the devices are correct. Let’s take a look at server01, is it’s IP correct and is it using ‘eth1’ as specified in the diagram?

cumulus@server01:~$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 44:38:39:00:00:32 brd ff:ff:ff:ff:ff:ff
    inet 10.1.10.101/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::4638:39ff:fe00:32/64 scope link
       valid_lft forever preferred_lft forever

Now, when we look into our first cumulus switch, I can discuss one thing that’s really cool about it. You can check the port configuration the same way we did above, with ‘ip a’ or we can use more of a traditional ‘command line’ for a networking device utilizing what they call nclu (network command line utility). Let’s log into leaf01 and have a look:

cumulus@leaf01:mgmt:~$ ip a show swp49
51: swp49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9216 qdisc pfifo_fast master bridge state UP group default qlen 1000
    link/ether 44:38:39:00:00:59 brd ff:ff:ff:ff:ff:ff

So ‘ip a’ isn’t showing us everything we want here but I think it’s mighty cool that i’m on a ‘switch’ and i got native Linux commands at my disposal. We can tell we don’t have an IP address configured so we are operating at layer 2 and we are up.

A command I like to go to straight away on a Cisco device is ‘show ip int br’ and we can get a lot of the same sort of data with Cumulus’ nclu command ‘net show interface’:

cumulus@leaf01:mgmt:~$ net show interface
State  Name    Spd  MTU    Mode       LLDP                          Summary
-----  ------  ---  -----  ---------  ----------------------------  ---------------------------
UP     lo      N/A  65536  Loopback                                 IP: 127.0.0.1/8
       lo                                                           IP: ::1/128
UP     eth0    1G   1500   Mgmt       oob-mgmt-switch (swp10)       Master: mgmt(UP)
       eth0                                                         IP: 192.168.200.11/24(DHCP)
UP     swp1    1G   9216   Trunk/L2   server01 (44:38:39:00:00:32)  Master: bridge(UP)
UP     swp49   1G   9216   Trunk/L2   leaf02 (swp49)                Master: bridge(UP)
UP     bridge  N/A  9216   Bridge/L2
UP     mgmt    N/A  65536  VRF                                      IP: 127.0.0.1/8

With Cumulus, if configured, I always find myself typing ‘net show lldp’ as one of my first orientation sort of activities. LLDP (link layer discovery protocol)

cumulus@leaf01:mgmt:~$ net show lldp
LocalPort  Speed  Mode      RemoteHost       RemotePort
---------  -----  --------  ---------------  -----------------
eth0       1G     Mgmt      oob-mgmt-switch  swp10
swp1       1G     Trunk/L2  server01         44:38:39:00:00:32
swp49      1G     Trunk/L2  leaf02           swp49

OK. Now let’s verify the issue. Let’s see if server one can ping the other servers in the topology:

cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms
pipe 3
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2027ms
pipe 3

You may have seen the issue already, you may not. But let us get on the working switch, the one where both hosts can ping each other, and see if you can spot the difference:

cumulus@leaf02:mgmt:~$ net show lldp
LocalPort  Speed  Mode       RemoteHost       RemotePort
---------  -----  ---------  ---------------  -----------------
eth0       1G     Mgmt       oob-mgmt-switch  swp11
swp2       1G     Access/L2  server02         44:38:39:00:00:3a
swp3       1G     Access/L2  server03         44:38:39:00:00:3c
swp49      1G     Trunk/L2   leaf01           swp49
cumulus@leaf02:mgmt:~$

We can see that the ‘good’ switch has access ports to their servers and the ‘bad’ server is configured as a trunk. Two solutions come to mind straight away. One, we could configure the server link to the switch as a trunk. Since we are working with ‘cumulus linux’ within the challenge I’m going to assume we want to change leaf01 to have an access port to it’s server, but with what vlan? Let’s check on leaf02:

cumulus@leaf02:mgmt:~$ net show bridge vlan
Interface  VLAN  Flags
---------  ----  ---------------------
swp2         10  PVID, Egress Untagged
swp3         10  PVID, Egress Untagged
swp49         1  PVID, Egress Untagged
             10

Aright, vlan 10 it is. One last thing I need to check out before logging off of leaf02 is a hint on what the command to use, for this I’ll grep the configuration:

cumulus@leaf02:mgmt:~$ net show configuration | grep -B 4 -i access
  address dhcp
  vrf mgmt
interface swp2
  bridge-access 10
interface swp3
  bridge-access 10

Let’s jump back on leaf01 and fix this issue once and for all:

cumulus@leaf01:mgmt:~$ net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net commit
--- /etc/network/interfaces     2021-05-04 20:46:36.925028228 +0000
+++ /run/nclu/ifupdown2/interfaces.tmp  2021-05-05 00:42:00.327566444 +0000
@@ -7,20 +7,21 @@
 auto lo
 iface lo inet loopback
 # The primary network interface
 auto eth0
 iface eth0 inet dhcp
  vrf mgmt
 auto swp1
 iface swp1
+    bridge-access 10
 auto bridge
 iface bridge
     bridge-ports swp1 swp49
     bridge-vids 10
     bridge-vlan-aware yes
 auto mgmt
 iface mgmt
   address 127.0.0.1/8
net add/del commands since the last "net commit"
================================================
User     Timestamp                   Command
-------  --------------------------  ---------------------------------------
cumulus  2021-05-05 00:27:03.636686  net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net show lldp
LocalPort  Speed  Mode       RemoteHost       RemotePort
---------  -----  ---------  ---------------  -----------------
eth0       1G     Mgmt       oob-mgmt-switch  swp10
swp1       1G     Access/L2  server01         44:38:39:00:00:32
swp49      1G     Trunk/L2   leaf02           swp49
cumulus@leaf01:mgmt:~$

Last thing to do is to log into server01 and see if I can now ping server[02|03]:

cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
64 bytes from 10.1.10.102: icmp_seq=1 ttl=64 time=20.8 ms
64 bytes from 10.1.10.102: icmp_seq=2 ttl=64 time=4.09 ms
64 bytes from 10.1.10.102: icmp_seq=3 ttl=64 time=3.48 ms
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.489/9.475/20.844/8.042 ms
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
64 bytes from 10.1.10.103: icmp_seq=1 ttl=64 time=5.85 ms
64 bytes from 10.1.10.103: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 10.1.10.103: icmp_seq=3 ttl=64 time=2.76 ms
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.768/6.825/11.853/3.772 ms

We’ve verified we have solved the issue, but I also want to let you know that the run script also comes with a verification option that will make sure you solved problem statement. To do this, we log back into the oob-server:

cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a validate
Validating solution for Challenge 1 ...
PLAY [server] ******************************************************************
TASK [include_tasks] ***********************************************************
Wednesday 05 May 2021  00:57:25 +0000 (0:00:00.059)       0:00:00.059 *********
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
TASK [Validate connectivity to server01] ***************************************
Wednesday 05 May 2021  00:57:25 +0000 (0:00:00.355)       0:00:00.415 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server01] ********************************************
Wednesday 05 May 2021  00:57:27 +0000 (0:00:02.523)       0:00:02.939 *********
ok: [server01] =>
  msg: 10.1.10.101 is alive
ok: [server02] =>
  msg: 10.1.10.101 is alive
ok: [server03] =>
  msg: 10.1.10.101 is alive
TASK [Validate connectivity to server02] ***************************************
Wednesday 05 May 2021  00:57:28 +0000 (0:00:00.112)       0:00:03.051 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server02] ********************************************
Wednesday 05 May 2021  00:57:30 +0000 (0:00:02.422)       0:00:05.474 *********
ok: [server01] =>
  msg: 10.1.10.102 is alive
ok: [server02] =>
  msg: 10.1.10.102 is alive
ok: [server03] =>
  msg: 10.1.10.102 is alive
TASK [Validate connectivity to server03] ***************************************
Wednesday 05 May 2021  00:57:30 +0000 (0:00:00.087)       0:00:05.561 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server03] ********************************************
Wednesday 05 May 2021  00:57:32 +0000 (0:00:02.087)       0:00:07.649 *********
ok: [server01] =>
  msg: 10.1.10.103 is alive
ok: [server02] =>
  msg: 10.1.10.103 is alive
ok: [server03] =>
  msg: 10.1.10.103 is alive
PLAY RECAP *********************************************************************
server01                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
server02                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
server03                   : ok=9    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Wednesday 05 May 2021  00:57:32 +0000 (0:00:00.083)       0:00:07.732 *********
===============================================================================
Validate connectivity to server01 --------------------------------------- 2.52s
Validate connectivity to server02 --------------------------------------- 2.42s
Validate connectivity to server03 --------------------------------------- 2.09s
include_tasks ----------------------------------------------------------- 0.35s
Display results for server01 -------------------------------------------- 0.11s
Display results for server02 -------------------------------------------- 0.09s
Display results for server03 -------------------------------------------- 0.08s
cumulus@oob-mgmt-server:~/cumulus-challenge-labs$

So this wasn’t the most complicated ticket, and the further challenges get a bit more involved to solve. My hope is that you can see how relatable the output is from the nclu if you are coming from learning or working on Cisco, Juniper or Arista. Also, if you love Linux how cool is it to have all this functionality in a native Linux platform?!

Conclusion

Seeing how easy (and FREE and easily accessible) it was to setup a lab and a challenge from within the lab I hope that you can see the potential of Cumulus VX as a learning platform. Furthermore, this challenge script found on the oob-server within this free cumulus in the cloud offering could be a framework for future TSHOOT challenges.

If you want to run this lab locally, that’s also no issue as they have their process documented on their Gitlab repository. Once more, you’d think with all the devices you’d need some special hardware but as I mentioned in an earlier post, a single instance of Cumulus Linux needs less than 1GB of ram.

Lastly, if you need help getting along, the docs for cumulus are great and my friend Aninda Chatterjee has put together a great series of blog posts covering getting started with Cumulus Linux.

Ep 42 – A Look Back

In this episode we are joined by Tim Bertino once again! Tim, A.J., and Andy celebrate a ton of wins from our Winning channel, Tim introduces an exciting new blog series on the AONE blog that focuses on the CCNA, and we take a brief trip down memory lane recapping that last 30 or so episodes. Whether you’ve been with us from the beginning or just joining there’s a little something in this episode for everyone!

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Routers

In the first ever post of the AONE CCNA Series, we are going to start from the top. If you are following along on the CCNA exam topics, we will be covering Network Fundamentals > Explain the role and function of network components > Routers. Routers represent a critical component of network infrastructure in that they connect networks together, both physically and logically. What do we mean by logically? Well, the main purpose of a router is to receive data, find out where it needs to go, and send it out the interface (or port) in the right direction. Routers operate at Layer 3 of the OSI model, which means that they “route” or forward packets (data) based on the packets’ destination IP addresses. IP addresses can also be referred to “logical addresses”, and they signify the logical location of a device in a network. The IP address of a device can and may need to change depending on its movement in a network. MAC (or physical) addresses are a contrast to IP addresses in that they describe more of a physical location of a device in a network (at Layer 2). In fact, each device is said to have a “burned in address” or BIA, which is a device’s MAC address at Layer 2. This is a “permanent” address that the device keeps and uses no matter where it lives or moves within a network. But that’s enough about Layer 2 and MAC addressing for now, we’re here to talk about routers. Now that we know that a router’s purpose is to get data from one place in a network to another, let’s get into what routers might look like and how they perform this ever-important function of delivering our precious packets from point A to point B.

Example logical representation of routers in a network.

What do routers look like? They can come in a variety of brands, shapes, sizes, and sometimes the routers themselves are not even physical at all. Yes, we can deploy routers as virtual machines just like traditional virtual servers. And while we are focusing on enterprise networking because this is a CCNA series, routers are leveraged in residential networks as well. If you are connecting personal/home devices to the internet you are leveraging a router to provide connectivity to the internet for all of the devices on your home network. Think of the router as bridging a gap between your local network and the internet.

Finally, let’s go over how routers provide the functionality of transporting data across networks. As stated earlier, routers make their packet forwarding decisions based on the destination IP address in the packet header. That’s all well and good, but how do routers learn about networks and how to reach them so that they can forward packets in the right direction and along the correct path the proper destinations? Routers learn how to reach destination IP networks from three sources.

  1. Connected networks/routes
    • When an interface is configured with an IP address and enters an “up” state, the network associated with that interface is automatically entered into the routing table. The router now knows what networks are directly connected to itself and which interfaces to use, to forward packets out toward those networks.
  2. Static routes
    • Network administrators can manually program the router with static routes for specific destination networks.
  3. Dynamic routing protocols
    • Routing protocols can be enabled and configured on routers to communicate with each other and share routing information.

Once a router has enabled a way or ways or learning routes, it has to know which proper paths to choose when it receives packets. The best path(s) for each destination network is placed into the routing table, which is a database on the router that, at a high level, lists each destination network, the next hop IP, and egress interface to reach each destination network. Here high level sequence of operations that a router goes through when selecting the best path to reach a destination network for a packet it has received.

  1. Longest prefix match
    • This can be thought of as the rule of specificity and is the first method used for path selection. The route in the table with the most leading bits in the “on” position in the subnet mask will be chosen. An example of this logic is:
      • A router receives a packet to forward with a destination IP of 192.168.1.200.
      • The router has two routes in its routing table that match this destination:
        • 192.168.1.0/24
        • 192.168.1.128/25
      • In this case, the route that matches the 192.168.1.128/25 network will be chosen because it is more specific, in that it has one more bit in the “on” position than the route with the /24 bit mask.
  2. Administrative Distance (AD)
    • Routing protocols (OSPF, EIGRP, etc.) leverage metrics when determining the route to select when there are multiple routes learned to the same destination. However, the metrics used are only understandable to the given routing protocol. So, what does a router do when it learns the same route from different routing source types (for instance, a route learned both by a static route and EIGRP). A concept called Administrative Distance is leveraged to determine which route will enter the routing table.
    • Administrative Distance is a “trustworthiness” value (from 0 to 255) assigned to different routing sources so that when a router learns about the same route from different sources, it can decide which route to install into the routing table and use. The lower AD value is preferred.
  3. Routing protocol metrics
    • When a router receives multiple routes to the same destination from the same source (for instance, OSPF), it leverages the routing protocol’s metric values to determine which route(s) should be selected for the different destination networks. Examples of routing protocol metrics that are used by different routing protocols are hop count, cost, bandwidth, and delay.

But Why?

Why do we build computer networks and need routers?

Summary

There is definitely a lot that can be covered here about routers, but we want to keep these posts in consumable chunks. We have also highlighted some topics that we can go into more depth later on down the road. I think a big takeaway to remember here is that routers are a core component of network infrastructure and are responsible for moving packets through different Layer 3, (or “routed”) networks.

Faces of the Journey – Emmanuel Pimentel

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Emmanuel Pimentel (@MannyBytes88) was born and raised in New Jersey, but currently resides in Orlando, Florida, moving there in 2006. Manny is a Network Technician, working as a contractor in the transportation and tolling industry. He has a hybrid role, in which he assists in the management of both the network and server environments. While juggling college, Manny was looking for a way to break into the IT field. He decided to apply for a sales position in the computer department at a local Best Buy, but during the interview, the hiring managers quickly picked up his interest in tech, and found that he would be a better fit in a support role with Geek Squad. That just goes to show that displaying your interests and drive can open doors that you weren’t even looking to open! While with Geek Squad, Manny held positions as an Advanced Repair Agent and Covert Fulfillment Agent (remote Geek Squad agent). His time there gained him enough confidence and experience to book and pass both exams to become CompTIA A+ certified on the same day! Manny also credits developing his soft skills to his time at Geek Squad. After Geek Squad, Manny started with his current company as a Workstation Support Technician, prior to receiving a promotion to Network Technician.

For Manny, the draw to network engineering stems from senses of challenge and curiosity. He actually changed from majoring in general Computer Information Technology to majoring in Computer Network Engineering with a Cisco specialization because he wanted more of a challenge! While initially being intimidated, Manny accepted the challenge and has been “plugged into” (shameless, bad Tim pun) network infrastructure ever since. The draw to IT in general started in childhood with the Nintendo gaming system. From there it grew when he got his first PC and found out that he could dual boot to different operating systems. Manny’s ultimate goal is to become a Network Engineer. That being said, the role means much more to him than just the title. He is striving for all of the knowledge, responsibility and experience that comes with it. This goal motivates Manny each day to keep striving.

Follow Manny:

Twitter

LinkedIn

Instagram

Alright Manny, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Never stop being hungry for learning and for your growth. Always dedicate some time to your own personal development whether it’s a half hour before or after work or a few hours or maybe even a day off. Your peers and management will take notice and it will help propel your career as IT evolves for what it seems like warp speed these days. Make sure you learn and grow your soft skills. As Aaron once said on the podcast, “Soft Skills Pay The Bills”. Believe it or not, you have no idea how important soft skills are. You can be very technical and the cream of the crop, but it creates an barrier when you’re unapproachable to work with by your peers, management, and your end-users/clients/customers.

What is something you enjoy to do outside of work? Gaming. RPGs are my favorite genre with great games like Final Fantasy but also love action games like Metal Gear Solid, Yakuza, Uncharted, etc, seriously I can go on and on. I’m a sucker for retro games so if I’m not playing a current-gen title, I’m playing an older title like Parasite Eve, Xenogears, Chrono Trigger, GoldenEye, etc. The other two would be fitness and my two rides: 2007 Suzuki GSXR 600 and 2018 Subaru WRX STi Limited. If I’m not cruising around, I’m in my garage gym.

What is the next big thing that you are working toward? The biggest thing and main focus is obtaining my Cisco CCNP Enterprise certification with either the ENARSI or ENSLD aka “En-Salad” exam as my chosen concentration. The bigger picture is gaining more knowledge in the Route and Switch and Network Security space to become are more knowledgeable and well-rounded Network Engineer. That being said, I have a list of “side quests” that will aid in that along with accumulating experience such as: Juniper Networks JNCIA-Junos, Palo Alto Networks PCNSE, Cisco CCNP SISE, and Aruba Networks ClearPass Associate. I might even tackle the CCNP Service Provider track as that’s another level in the Route & Switch realm. These certs are loaded with knowledge that I feel would help develop me into a powerful, well-knowledgeable Network Engineer plus gaining experience as I grow of course.

How do you manage your work/life balance?

This is honestly a tricky one as I’m sure it is for many, if not all of us. For starters, I’m very strict on separating work from my personal life. Unless I’m on-call for the week or the back-up person, I don’t think or deal with anything relating to my job. Biggest way I accomplish this is I have two phone lines and phones for my personal use and for work. I love what I do, love my job, and the people there but I treat it as self-care that I’m mentally checked out so I can relax. Outside of that, I try to have a schedule or a routine. I always dedicate 1-2hrs of study/lab time before bed or first thing in the morning. I plan my workout days to both the time and muscle group I’m exercising. I even get in a quick jump-rope session during my work lunches when I’m working from home. I try to plan my meals Monday-Thursday. I figure it as one less unnecessary thing on my mind. Kind of like a “set it and forget it” kind of deal. Friday-Sunday, I like to mix it up and cook something random from Breakfast all the way to Dinner. Finally, I try to get in some non-study related time to unwind. Whether I’m relaxing and watching a show, reading a book, or getting in some game time. I usually leave this for the weekend as I’m in a grind mode Monday through Friday.

What is your favorite part about working in IT? You’re always exposed to new tech. Whether you work in the Private Sector which can be bleeding edge depending on the environment or in a more reserved environment like the Public Sector and Healthcare. You’re always exposed to something new. New piece of equipment and software tends to always mean new learning opportunities whether your company provides training, or you take it upon yourself to learn on your own time and be the SME on the new tech. I don’t like the idea of coasting permanently and never changing with the times. IT gives me that constant drive to learn as environments grow, new technologies emerge, and new skills are required and desired. Finally, because there’s so much to learn, it ignites a fire in me when I see my peers or my friends genuinely curious and wanting to learn what I’m doing or showing interest in specializing. What better way to validate your knowledge than by teaching what you’ve learned while also empowering your peers, am I right?

Bert’s Brief

I’m definitely not making light of anyone else when I say this, but Manny is someone from the IAATJ community that I absolutely cannot wait to meet in person someday. He has that perfect balance of positivity, drive, determination, and compassion. When someone has a win or achievement posted within Discord or Twitter, Manny is always one of the first people with a “congratulations” comment. He is not only working hard to help himself to succeed, but he wants to see others succeed as well. I love the mentality he has around the win-win situation of teaching others to help them and yourself, it’s spot on in my opinion. Due to his curiosity and will for a challenge, Manny has had this nice, steady growth in his career thus far, and I fully expect that to continue.

Ep 41 – From Audio to Network Engineer

This week we speak with Beau, an audio engineer making a pivot to network engineering. Covid destroyed the live entertainment industry, so Beau made a decision to pursue a career in IT. Armed with his A+, Net+, home lab and CCNA study materials Beau plans to take and pass his CCNA by the end of the year and leverage his newly earned skills to get his first job in IT.

Follow Beau:
Twitter: https://twitter.com/BeauToop
LinkedIn: https://www.linkedin.com/in/beau-toop-680863202/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

My Top 5 Network Engineering Books

With so many networking books out there, someone coming into networking could find themselves asking: are any of them any good??!

This blog post, in opposition of the title, are not the 5 best. Who am I to say they are the best?! I’ve been studying pretty good for the last two years now. Just the other night I realized when someone asked if a book was good or not that I’ve read quite a few pages over that time frame. Having read quite a bit I’m going to spend a bit of time highlighting what I feel are the best of the best, the must reads. These are all books that I’ve really enjoyed and content I’ve connected with since I started my journey.

Book #1

Junos Enterprise Switching and Junos Enterprise Routing

My absolute favorite book(s) on networking covers Junos. Both books are older than 10 years or so but filled with everything you’d need to understand the fundamentals of switching and routing. The books are Junos Enterprise Switching and Junos Enterprise Routing. The number one reason why these are great books is that they allowed their personality and humor to spill out. Every other paragraph has some bit of hidden humor morsels.

These books are even highly recommended from Juniper’s best Yasmin Lara and Art of Network Engineering’s own Carl. So even though these books are a bit older, their wit really shines and makes getting through all the nitty-gritty all that much more enjoyable. If you are just getting started in networking you can’t go wrong knocking these two books out first.

Book #2

Anything by Dinesh Dutt

From earliest to latest, Mr. Dutt’s books include BGP in the Data Center, EVPN in the Data Center and Cloud Native Data Center Networking.

Even if you don’t really know BGP yet or basic Data Center concepts, do not fret. These books are still for you. Why? Because Mr. Dutt does such a great job at breaking down each technology to a simple digestible nugget before building a beautiful tapestry that ties everything together.

Book #3

Cisco Software-Defined Access – Cisco Press

This book was just a joy. It might have had a lot to do with my studying at the time. I was in multiple ENCOR study groups and I’d committed to trying to lead the SD-Access section and this book laid out everything so that I could have a somewhat successful presentation. This book broke down how everything was automated to what was going on underneath the hood of the automation. Harnessing the internet, I watched Roddie Hasan’s Cisco Live presentations (which is an amazing free resource) and followed him on the twitter (you should do the same, super cool dude). If you were only to read one chapter, read chapter 6.

Furthermore, I had won a book giveaway by another author of the SD-Access book Jason Gooley and he sent me a few Cisco Press books so I just have a lot of good vibes from this book and the connections I’ve made from it.

Book #4

The ASCII Construct

The ASCII Construct is not a book, though it should be. The author of this blog writes in such a way that that it inspired me to try and write something. He explains things in pain staking detail not normally outlined or covered. So the tidbits you get on these posts are not found in many other places on the internet. Furthermore, the author, Aninda Chatterjee, is one of the nicest people I’ve had the pleasure of interacting with. He has given his time over and over again on questions about anything. A teacher of the highest quality.

Book #5

Network Programmability with YANG: The Structure of Network Automation with YANG, NETCONF, RESTCONF, and gNMI, First Edition

The last book I’d like to highlight is Network Programmability with YANG by Joe Clarke, Jan Lindblad and Benoit Claise. Everyone’s talking about network automation and I think this is the book that really breaks down a lot of the underpinnings in ways other books simply don’t match. This book is just well put together. Great, simple explanations with subsequent code examples with each chapter ending with a cool question answer with a different ‘expert’ related to what’s covered. This was a another book that stood out as an example to me as something I’d like to aspire to if I ever ended up writing some long form stuff.

Honorable Mentions

After reading this you may be wondering to yourself, I’m studying for xxx Cisco exam or what not, and not one OCG was mentioned. Truth be told, I’ve read quite a few OCGs and simply put, I just don’t like them. I don’t like being distracted by ‘do I know this already’ and ‘key terms’ and other certification type related sections. I prefer books that just discuss the technology. If I did have to choose my favorite author of these sorts of book I’d go with Kevin Wallace. My guy spent less than a year at Walt Disney according to his LinkedIn but I feel like I’ve heard 20+ stories about it going through his training, which I enjoyed.

Other books you should check out that I didn’t explicitly outline in the top 5 are: Automating Junos Administration, Computer Networking Problems and Solutions, Network Programmability and Automation, Routing TCP/IP, Volume 1 and Routing TCP/IP, Volume II.

Bonus

Since I mentioned one blog, and we are talking about learning content, I want to highlight some video content creators out there.

Video Creator #1

Calvin Remsburg

One such creator is Calvin Remsburg. He’s been streaming on Twitch (which I can’t find a link to at this time) and Youtube a bit over the past couple of years. His posts are long and if you get in on the live stream, interactive. He shares his point of view on all sorts of networking and automation concepts as he walks through a technology. Always felt he should have many more subs than he does.

Video Creator #2

Matt Oswalt

This was a short series and only covered one topic, git. Matt Oswalt ran a little series called Labs & Latte where he begins each episode with some cool piano notes and some latte art. If you follow my twitter feed you know I’m into coffee. In any case, the content here is just great. I hope Matt picks this back up in this sort of format. I understand you can find Matt on other channels with a white doctors coat on explaining network automation but I really like this format and presentation.

Video Creator #3

Network Collective

I got into watching their Wednesday night live streams when I was in Arkansas for work a few months ago. They do a cool trivia segment segment and plenty of demos with industry pros. Their production quality of this live stream is very good. At some point, once I climb all the way out of debt, I hope to become a paid subscriber. They have so much content out that once you get a bit hooked you’ll have a mini mountain of content to binge through. Since I’ve been back home on the west coast it’s been really hard to get home and tuned in to the live stream so I’m going to have to make this more of a priority 🙂

Final Bonus

Ivan Pepelnjak

Subscribe to this gentleman’s content. You could be watching an old network field day and hear this voice that’s just firing off question after question. Turning every complex technology into a simple analogy of another technology. I was introduced to Ivan in a Youtube video interview with David Bombal. I’ve since watched all the content I could get my hands on at ipspace.net and listened to all the episodes of his podcast Software Gone Wild. I heard recently he may be taking a step back a bit from content creation but will still be blogging. Whatever the case, make sure to check out his content.

Final Final Bonus

I have a long commute. So I listen to a lot of content as well. Here is a short list of my favorite networking related podcasts: The Hedge, The Art of Network Engineering, Full Stack Journey, Network Collective, Darknet Diaries, Software Gone Wild and History of Networking.

All for now, let me know what books or anything else I’ve missed and need to check out!

Ep 40 – Automacho

This week we talk to Kevin Camacho, otherwise known as Automacho. Kevin came from the NOC and now works on Andy’s team as a Network Engineer with a focus on Automation. Kevin shares his journey and provides some advice to others on working in a NOC.

You follow Kevin on LinkedIn here: https://www.linkedin.com/in/kevin-camacho-39012812a/

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

zeek-cut vs jq

Last week I wrote a quick little tutorial so that one could get started using tshark. In this post I want to look at different ways of viewing the same data using a tool called zeek. Zeek is often referred to as a packet examination ‘framework’ as it allows you to see what is happening, the whos, wheres and whats within the traffic. Zeek is often deployed along side other tools like snort, suricata and/or moloch.

Since we will be examining pcaps, not live traffic we will again be going with the ‘-r’ option as we did with previous posts covering tcpdump and tshark.

$ ls
ctf-dump-v2.pcapng  ctf.pcap  zeek.script
$ zeek -Cr ctf.pcap
$ ls
conn.log            dns.log    ftp.log    ntp.log            smtp.log  ssl.log    zeek.script
ctf-dump-v2.pcapng  dpd.log    http.log   packet_filter.log  snmp.log  weird.log
ctf.pcap            files.log  mysql.log  sip.log            ssh.log   x509.log

You can see, after we read in our pcap with zeek a bunch of *.log files were created. You can guess what kind of information is in each log based on it’s name. To view logs nativly, zeek has a tool called ‘zeek-cut’ that allows you to format and view what you’d like. If you use just zeek-cut you will get the default columns:

$ head dns.log | zeek-cut
1613159462.737544	Ci2kw63INthRjNjuae	157.230.15.223	57199	67.207.67.3	53	udp	6601	-	223.15.230.157.in-addr.arpa	1C_INTERNET	12	PTR	3	NXDOMAIN	F	F	T	F	0	-	-	F

What are these columns you ask?! Good question. We can see what are all our options are as far as data within this log by simply looking at the very beginning of the file:

$ head dns.log
#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	dns
#open	2021-04-16-17-46-03
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool

Fields we can extract/view from this log are listed after the #fields above.

An aside: A bit about source/destination vs originator/responder. In zeek the one who initiates a request, whether by a syn or what have you, is the originator and the one responding, ie, a syn-ack is the responder. They do not use the lexicon of source and destination. Which, I think, is kind of cool as one of the things you do with tcpdump a lot is filter by syns or syn-acks and here that work is already done for you.

Back to parsing this log file. Using zeek-cut, let’s pull out the id.orig_h, resp_p and the query. I only pipe it to head for brevity.

$ cat dns.log | zeek-cut id.orig_h id.resp_p query | sort | uniq | head
10.10.10.101	53	assets.msn.com
10.10.10.101	53	cdn.content.prod.cms.msn.com
10.10.10.101	53	debug.opendns.com
10.10.10.101	53	portal.mango.local
10.10.10.101	53	sw-ec.mango.local
10.10.10.101	53	sync.hydra.opendns.com
10.10.10.101	53	www.gstatic.com
10.10.10.101	53	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1	53	1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1	53	1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

This information is exactly the same information we pulled out of the file last week with tshark. Zeek is an awesome tool because the logs, once extracted from live capture or a pcap can be held onto for a long time because in relation to the hard-drive space needed for a pcap, Zeek logs take up very little space. You can refer to these artifacts later and retain for much longer/easier than trying to retain pcaps.

Another pro for zeek is that parsing through a log file is computationally super fast when compared to tshark or even tcpdump trying to look through an entire pcap every time you do a filter. So getting information out of your data, once read through zeek is FAST!

So to briefly recap, to get started with zeek-cut looking at your logs, head a log you are interested in, see the possible columns and then use zeek-cut to parse out what you are interested in. Another thing I demonstrated last week in my tshark post was pulling out all the usernames used to login with mysql. Can we quickly do the thing with zeek?

$ ls *.log
conn.log  dpd.log    ftp.log   mysql.log  packet_filter.log  smtp.log  ssh.log  weird.log
dns.log   files.log  http.log  ntp.log    sip.log            snmp.log  ssl.log  x509.log

We see we have a mysql.log and the next step is to head it and see the columns.

$ head mysql.log 
#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	mysql
#open	2021-04-16-17-46-03
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cmd	arg	success	rows	response
#types	time	string	addr	port	addr	port	string	string	bool	count	string

The three columns that stand out as possibilities that could help us reach our goal of getting all the username’s/passwords to log in would be cmd, arg, success, rows and response. One of the cmd is ‘login’ so if we grep for login and show associated arg we are able to see all the usernames:

$ cat mysql.log | zeek-cut cmd arg | grep login | sort | uniq -c
      2 login	8TmveSod
     12 login	admin
      4 login	admin@example.com
      1 login	flag
      4 login	jamfsoftware
     12 login	mysql
    140 login	root
      4 login	superdba
     12 login	test
     12 login	user
      4 login	username
      2 login	wdxhpxxK

To briefly look back, here was us last week doing the same thing with tshark:

$ tshark -r ctf.pcap -Y 'mysql' -T fields -e mysql.user | sort | uniq -c
    963 
      2 8TmveSod
     12 admin
      4 admin@example.com
      1 flag
      4 jamfsoftware
     12 mysql
    140 root
      4 superdba
     12 test
     12 user
      4 username
      2 wdxhpxxK

One more really cool thing to mention about Zeek before we shift over into looking at the same data in JSON format using jq is that of the uid. Let’s say for whatever reason, you are super interested in someone logging in with the username flag. In zeek, every single log has a UID, which is a unique identifier of traffic consisting of the same 5-tuple or source IP address/port number, destination IP address/port number and the protocol in use. So if we include the UID in the login associated with flag we could then grep all of our logs for that UID to see all the associated traffic.

$ cat mysql.log | zeek-cut cmd arg uid | grep flag 
login	flag	C4nJ2N3ksR7OfGiU9k
$ grep C4nJ2N3ksR7OfGiU9k *.log
conn.log:1613168140.809131	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	tcp	-	0.011629	443	1438	SF	-	-	0	ShAdtDTaFf	48	3446	38	4868	-
dpd.log:1613168140.809956	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	tcp	MYSQL	Binpac exception: binpac exception: out_of_bound: LengthEncodedIntegerLookahead:i4: 8 > 6
mysql.log:1613168140.809676	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	login	flag	-	-	-
mysql.log:1613168140.809750	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	unknown-167	\xb3\x12\xd815'\x07%\x814\xfeP\x9b\x1a\xfd\xae\xc85\xee	-	-	-
mysql.log:1613168140.809838	C4nJ2N3ksR7OfGiU9k	157.230.15.223	45330	172.17.0.2	3306	query	\x00\x01select @@version_comment limit 1--	-

We have easily located associated traffic with the mysql traffic with the login name of ‘flag’ very quickly.

Another very quick aside. A tool that’s like uid, but even more useful is called community-id. This is the same sort of idea as uid except you can take this ‘community-id’ and pivot to entirely different tools. Say we found something with traffic in zeek that was super interesting but wanted to look at the pcap. If we were using community-id we could copy it from our zeek log like we did with uid but this time search for this community-id within a tool like moloch (view flows and download pcap) and get greater context/viability.

Alright. So many quick asides today. Back to the lesson at hand. Zeek data can also be output in JSON format as opposed to simple text logs as outlined above. This is how zeek is configured at my work and is done so it can be easily ingested into our SIEM. Today we are just going to read in the same pcap and play around a bit with a tool called jq to parse our logs. Here is how we switch to a JSON format:

$ zeek -Cr ctf.pcap -e 'redef LogAscii::use_json=T;'

If we head our dns.log, like we did above to search for quries our data will look much different. So much so that zeek-cut no longer works with this format 🙂

$ head dns.log 
{"ts":1613159462.737544,"uid":"CyZQzA1XgYbK1dLIah","id.orig_h":"157.230.15.223","id.orig_p":57199,"id.resp_h":"67.207.67.3","id.resp_p":53,"proto":"udp","trans_id":6601,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}
{"ts":1613159462.737492,"uid":"C1n5WP2f5tNp0iBXa2","id.orig_h":"157.230.15.223","id.orig_p":56994,"id.resp_h":"67.207.67.2","id.resp_p":53,"proto":"udp","trans_id":505,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}

We now have a whole bunch of key:value pairs. Which means our log files will be slightly bigger than the plain txt ones but otherwise all the pros mentioned above still hold true here. Instead of piping to zeek-cut we are going to use jq to parse our data. To look at the first log, we will use the -s ‘.[0]’ option (which simply picks out the first thing in the index, ie the first log):

$ cat dns.log | jq -s '.[0]'
{
  "ts": 1613159462.737544,
  "uid": "CEDtgA2onmkOdbRSp",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 57199,
  "id.resp_h": "67.207.67.3",
  "id.resp_p": 53,
  "proto": "udp",
  "trans_id": 6601,
  "query": "223.15.230.157.in-addr.arpa",
  "qclass": 1,
  "qclass_name": "C_INTERNET",
  "qtype": 12,
  "qtype_name": "PTR",
  "rcode": 3,
  "rcode_name": "NXDOMAIN",
  "AA": false,
  "TC": false,
  "RD": true,
  "RA": false,
  "Z": 0,
  "rejected": false
}

I always find myself heading a log or looking at the first log before I really dive in. This is because I never remember what the key value is or the specific name of the interesting thing I’m looking for. This gives me a chance to look at an entire log and make out what each thing is referencing and I can make a better guess on what search term to use or how it should be formatted. Doing this first saves you a bit of time later in my opinion.

Every key, if you can remember back to the beginning of this post will correspond to a column header when we were using zeek-cut. With zeek-cut we used id.orig_h, id.resp_p and query. To do this we will use the -j (join option) with jq which will put the following things we select on the same line. We have to put ‘id.orig_h’ and ‘id.resp_p’ in brackets because their key value begins with a ‘.’ already and in order for jq to read them the syntax with the square brackets is needed. Since query doesn’t begin with a ‘.’ no brackets needed. “\n” simply means new line. Below we have a csv formatted version of what we did with zeek-cut above.

$ cat dns.log | jq -j '.["id.orig_h"], ", ", .["id.resp_p"], ", ", .query, "\n"' | sort | uniq |head
10.10.10.101, 53, assets.msn.com
10.10.10.101, 53, cdn.content.prod.cms.msn.com
10.10.10.101, 53, debug.opendns.com
10.10.10.101, 53, portal.mango.local
10.10.10.101, 53, sw-ec.mango.local
10.10.10.101, 53, sync.hydra.opendns.com
10.10.10.101, 53, www.gstatic.com
10.10.10.101, 53, www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1, 53, 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1, 53, 1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

If you forgot what we did with zeek-cut above i’ll spare you the work of having to scroll up:

$ cat dns.log | zeek-cut id.orig_h id.resp_p query | sort | uniq | head
10.10.10.101	53	assets.msn.com
10.10.10.101	53	cdn.content.prod.cms.msn.com
10.10.10.101	53	debug.opendns.com
10.10.10.101	53	portal.mango.local
10.10.10.101	53	sw-ec.mango.local
10.10.10.101	53	sync.hydra.opendns.com
10.10.10.101	53	www.gstatic.com
10.10.10.101	53	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
127.0.0.1	53	1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa
127.0.0.1	53	1.0.0.0.5.7.e.1.0.0.0.0.0.0.0.0.0.d.0.0.0.0.4.0.0.8.8.a.4.0.6.2.ip6.arpa

If we look at the mysql log I’m sure you can already make out how we could search for usernames used to login like we did with zeek-cut using jq:

$ cat mysql.log | jq -s '.[0]'
{
  "ts": 1613164528.211387,
  "uid": "CCk4OU1exd8KJARVSg",
  "id.orig_h": "45.55.46.240",
  "id.orig_p": 38550,
  "id.resp_h": "157.230.15.223",
  "id.resp_p": 3306,
  "cmd": "login",
  "arg": "8TmveSod"
}
$ cat mysql.log | jq -j '.cmd, ", ", .arg, "\n"' | grep login | sort | uniq -c
      2 login, 8TmveSod
     12 login, admin
      4 login, admin@example.com
      1 login, flag
      4 login, jamfsoftware
     12 login, mysql
    140 login, root
      4 login, superdba
     12 login, test
     12 login, user
      4 login, username
      2 login, wdxhpxxK

Above I used grep to do the same sort of search that we did with zeek-cut. But, we don’t have to use grep as jq has some very cool functions built in that allow us to do comparison searching within the tool itself. This is where I think jq really shines. You can use ‘<‘ ‘>’ or ‘==’ to filter your search how ever you need. Here we just want to get all the ‘cmd’ that equal login.

$ cat mysql.log | jq 'select(.cmd == "login")' | jq -j '.cmd, " ", .arg, "\n"' | sort | uniq -c
      2 login 8TmveSod
     12 login admin
      4 login admin@example.com
      1 login flag
      4 login jamfsoftware
     12 login mysql
    140 login root
      4 login superdba
     12 login test
     12 login user
      4 login username
      2 login wdxhpxxK

With zeek-cut we zeroed in on the flag login and searched all our logs for the uid to find all relevant traffic with the associated tuple. We can do the same thing with jq no problem.

$ cat mysql.log | jq 'select(.cmd == "login" and .arg == "flag")' | jq -j '.uid, " ",.cmd, " ", .arg, "\n"' | sort | uniq -c
      1 CmBHdR2a0DMQ9kfam login flag
$ cat *.log | jq 'select(.uid == "CmBHdR2a0DMQ9kfam")'
{
  "ts": 1613168140.809131,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "proto": "tcp",
  "duration": 0.011629104614257812,
  "orig_bytes": 443,
  "resp_bytes": 1438,
  "conn_state": "SF",
  "missed_bytes": 0,
  "history": "ShAdtDTaFf",
  "orig_pkts": 48,
  "orig_ip_bytes": 3446,
  "resp_pkts": 38,
  "resp_ip_bytes": 4868
}
{
  "ts": 1613168140.809956,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "proto": "tcp",
  "analyzer": "MYSQL",
  "failure_reason": "Binpac exception: binpac exception: out_of_bound: LengthEncodedIntegerLookahead:i4: 8 > 6"
}
{
  "ts": 1613168140.809676,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "login",
  "arg": "flag"
}
{
  "ts": 1613168140.80975,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "unknown-167",
  "arg": "\\xb3\\x12\\xd815'\\x07%\\x814\\xfeP\\x9b\\x1a\\xfd\\xae\\xc85\\xee"
}
{
  "ts": 1613168140.809838,
  "uid": "CmBHdR2a0DMQ9kfam",
  "id.orig_h": "157.230.15.223",
  "id.orig_p": 45330,
  "id.resp_h": "172.17.0.2",
  "id.resp_p": 3306,
  "cmd": "query",
  "arg": "\\x00\\x01select @@version_comment limit 1"
}

I might have not shown the most ‘useful’ parsing within jq but I hope by showing you a few examples of how you can select based on the values of certain fields you can see how easy it is to zero in on what you are looking for. You can, for example, only display only logs that have a ip.orig_p less than 1000 in your conn.log with ease. Or, display on logs with a packet bigger than a certain size. The possibilities are endless and being able to use comparison operators in your search, I think, is just awesome.

Also, you can format your output based on whatever values in any order and to csv very easily if that’s a useful avenue for you. There is even more stuff you can do with jq, such as sorting. But I think we’ve went long enough 🙂

That’s all for today as I think I’ve rambled on long enough, with far to many asides. But i digress. Next time I’m thinking of trying to write my first zeek script. Till next time!

Faces of the Journey – Tim McConnaughy

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Tim!

Tim McConnaughy had lived in Hampton Roads, Virginia most of his life. A few years ago he left to take a position with a global company headquartered in Idaho. Tim now resides in Raleigh, North Carolina. His current role is as an Enterprise Networking Technical Solution Architect at Cisco. Specifically, Tim works in the Customer Proof of Concept labs (CPOC), and develops demonstration material for field engineers on Cisco dCloud. A while back, I had the opportunity to discuss this role with Tim, and it was very interesting to me. The responsibility is to essentially build and prove out solutions to customers that are being proposed by the pre-sales engineering team. Tim has the opportunity to learn and perfect new technologies, and work with customers directly to see how those technologies may, or may not fit in their environment. To me, that sounds like a rewarding experience. Before Cisco, Tim had gained experience in a NOC and as a network engineer in different industries. He got his professional start in IT working tech support at a local dial-up ISP, where he also built Linux web hosts for their co-lo service. IT has always been a passion of Tim’s, stemming from when he first played the Atari 2600 and Intellivision as a kid. As his career progresses, Tim is striving to become an architect who can focus on big picture network strategy, while remaining technical enough to assist in deployment. In relation to this, Tim is quoted in stating “I realize that this is not unlike wishing for more wishes, but it is at least a goal to strive toward.”

Follow Tim:

Twitter

Blog

Alright Tim, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Learn how to learn. Barbara Oakley has a great free course on Coursera by the same name. There is a firehose of data waiting for you. Start with a strong foundation in learning how to absorb it all in a way that makes it stick. In IT we can’t ‘learn it for the test’ because unlike some fringe classes in high school or college, we might actually be called to utilize what we learned. Besides learning how to learn, learn how to look things up. Learn how to ask Google the right questions. Learn how to ask your peers the right questions. Above all, learn how to research something you don’t already know and how it will fit in with what you do know.

When learning something new, what methods work best for you? I like to start learning something new by determining how it relates to what I do know well already. It becomes a bit of a bridge. I think we have all stared at something that might as well be written in some ancient elvish script and thought, “I will never understand it”. You don’t need to scale that wall directly. Find the handholds by relating it to what you know. When I teach, I try to relate to real-world examples, established technologies, etc., as a scaffold for building the understanding of how it is different and goes beyond those things.

What is your favorite part about working in IT? I think my favorite part of working as a network engineer is when all my hard work pays off. When you spend a lot of time and effort learning something, doing something, and it pays off there is not another feeling like it.

How do you manage your work/life balance? If you figure this one out, please let me know. In all seriousness, there is no secret, no trick, and in some ways that makes it even harder. It is simple willpower and ability to swallow the anxieties of work to pursue the benefits of life, to be able to push back because there will always be a project, a task, some new thing to study. Kids are only kids once, and for far shorter a time than we realize. Usually, we are only realizing it when it’s in the rear-view mirror and too late to change anything. Not just kids, though. Whatever it is that we love and for whatever reasons we live, we have a finite amount of time to prioritize it.

What is something you enjoy to do outside of work? Besides the obvious answer, spending time with my family, of course, I play videogames, though not as much these days. I have a samurai movie collection I have been meaning to watch again. I enjoy (but never have much time to play) board games and role-playing games of various depth and color. I bike when the weather is good. I used to read voraciously but I admit I have let that slide as the years have passed. I am a shameless ramen fanatic, the good stuff, not the grocery store ones. I also spend a good amount of time helping others with their journey. I review resumes, give suggestions about technical interviews, answer questions, explain networking. I am a firm proponent of the idea that you have only mastered something when you can teach it to someone else. So it’s not entirely selfless.

Bert’s Brief

I cannot say enough good things about Tim McC. He has such a down-to-earth attitude and is practically always willing to help. He can be found actively in the It’s All About the Journey Discord community, providing advice and insight. Take it from me, you can learn a lot from the experiences that Tim has documented over the years. I had no idea of the extensive interview experience he had until his AONE episode. There is a fair amount of good content from Tim, so I’ll create a list of my recommendations below. Finally, since I’m starting to become brave like Aaron, on behalf of the IAATJ community, I’d like to thank Tim for his continuous contributions to helping others.

  • Recommended reading/listening
    • “10 Pieces of Advice for Network Engineers” blog post
    • AONE Ep 34 – Technical Interviews
    • ZigBits Ep 71 – Demystifying The Role of The Network Engineer

Ep 39 – Andy’s Hard NOC Life

Andy and Aaron discuss Andy’s time working in the NOC, nicknames and how important the mental game is to success.

Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

tshark the best?!

I wrote a quick intro to tcpdump some months ago as I was learning about the tool and I thought it was just the best. You only love what you know right?! Well last week I embarked on a quest to find some flags on Cisco’s CTF 2021 using tshark. I mean, I originally tried to use tcpdump but since their file was saved as a pcapng it was not compatible without a little more work. Mr. Tony E has a how-to on trace wrangler coming up on a network collective live-stream that can solve non-compatibility pcapng issues, and I digress.

The first thing people like to do when they encounter a new pcap is to get the lay of the land so to speak. If they were in Wireshark, most likely they’d venture into the Statistics tab and check out ‘Capture File Properties’ and ‘Protocol Hierarchy.’ Can we get this sort of information from the command line? You bet your bottom dollar we can! The first tool we can use is called capinfos:

$ capinfos ctf.pcap 
File name:           ctf.pcap
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  microseconds (6)
Packet size limit:   file hdr: (not set)
Number of packets:   203 k
File size:           97 MB
Data size:           88 MB
Capture duration:    330489.302412 second
First packet time:   2021-02-12 19:44:00.093265
Last packet time:    2021-02-16 15:32:09.395677
Data byte rate:      266 bytes/s
Data bit rate:       2,135 bits/s
Average packet size: 432.96 bytes
Average packet rate: 0 packets/s
SHA256:              127353c65071e00c66dd08011e9d45bc75fe8030d3134db061781e7bf97b21b0
RIPEMD160:           d3b4062292749b33aef0d6abf74bf42ee90e900d
SHA1:                9850abbf26d14f2636e1e65d6c64841047317f17
Strict time order:   False
Capture oper-sys:    64-bit Windows 10 (2004), build 19041
Capture application: Mergecap (Wireshark) 3.4.0 (v3.4.0-0-g9733f173ea5e)
Capture comment:     TraceWrangler v0.6.8 build 949 performed the following editing steps:   - Replacing Linux Cooked header with Ethernet header  
Number of interfaces in file: 2
Interface #0 info:
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = microseconds (6)
                     Time ticks per second = 1000000
                     Time resolution = 0x06
                     Number of stat entries = 0
                     Number of packets = 203528
Interface #1 info:
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = microseconds (6)
                     Time ticks per second = 1000000
                     Time resolution = 0x06
                     Number of stat entries = 0
                     Number of packets = 247

We can glean how long the trace took place, how many packets we have, among other things. Believe it or not we can also get some protocol statistics using tshark, getting the same info you would in Wireshark!

$ tshark -qz io,phs -r ctf.pcap 
===================================================================
Protocol Hierarchy Statistics
Filter: 
eth                                      frames:203775 bytes:88226987
  ip                                     frames:197880 bytes:85519998
    tcp                                  frames:174805 bytes:82885008
      vssmonitoring                      frames:9120 bytes:510720
      ssh                                frames:6410 bytes:1946553
        _ws.malformed                    frames:4 bytes:440
      http                               frames:7799 bytes:45700088
        data-text-lines                  frames:807 bytes:1001371
        urlencoded-form                  frames:34 bytes:13836
          http                           frames:6 bytes:3612
          tcp.segments                   frames:2 bytes:148
        png                              frames:62 bytes:180828
          _ws.unreassembled              frames:60 bytes:173448
        http                             frames:16 bytes:14456
          http                           frames:14 bytes:13706
            http                         frames:10 bytes:11568
              http                       frames:8 bytes:10188
                http                     frames:6 bytes:8540
                  http                   frames:4 bytes:6468
                    http                 frames:4 bytes:6468
                      http               frames:4 bytes:6468
                        http             frames:4 bytes:6468
        media                            frames:20 bytes:429928
          http                           frames:2 bytes:124660
            media                        frames:2 bytes:124660
      telnet                             frames:33006 bytes:2741153
        _ws.malformed                    frames:986 bytes:66470
        vssmonitoring                    frames:4 bytes:224
      ftp                                frames:71 bytes:6326
        ftp.current-working-directory    frames:71 bytes:6326
      mysql                              frames:1172 bytes:186711
        mysql                            frames:3 bytes:1437
          mysql                          frames:3 bytes:1437
            _ws.unreassembled            frames:3 bytes:1437
              mysql                      frames:3 bytes:1437
      data                               frames:559 bytes:60665
      tls                                frames:163 bytes:165596
        tcp.segments                     frames:18 bytes:14665
          tls                            frames:12 bytes:10517
      smtp                               frames:89 bytes:13675
        imf                              frames:1 bytes:406
      _ws.malformed                      frames:1 bytes:134
      snmp                               frames:96 bytes:12388
        snmp                             frames:3 bytes:303
          snmp                           frames:3 bytes:303
            snmp                         frames:3 bytes:303
              snmp                       frames:3 bytes:303
                snmp                     frames:3 bytes:303
                  snmp                   frames:3 bytes:303
                    snmp                 frames:3 bytes:303
                      snmp               frames:3 bytes:303
                        snmp             frames:3 bytes:303
                          snmp           frames:3 bytes:303
                            snmp         frames:3 bytes:303
                              snmp       frames:3 bytes:303
                                snmp     frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
                                ...snmp  frames:3 bytes:303
      ftp-data                           frames:5 bytes:45402
        ftp-data.setup-frame             frames:5 bytes:45402
          ftp-data.setup-method          frames:5 bytes:45402
            ftp-data.command             frames:5 bytes:45402
              ftp-data.command-frame     frames:5 bytes:45402
                ftp-data.current-working-directory frames:5 bytes:45402
      nbss                               frames:1 bytes:55
    udp                                  frames:22101 bytes:2493199
      sip                                frames:66 bytes:29741
      rpc                                frames:5 bytes:416
        portmap                          frames:5 bytes:416
      dns                                frames:21781 bytes:2427147
      data                               frames:91 bytes:8754
        vssmonitoring                    frames:2 bytes:112
      isakmp                             frames:2 bytes:364
      tftp                               frames:3 bytes:182
      snmp                               frames:55 bytes:4714
      cldap                              frames:4 bytes:377
      openvpn                            frames:5 bytes:280
      ntp                                frames:21 bytes:2770
        vssmonitoring                    frames:7 bytes:392
        _ws.malformed                    frames:1 bytes:56
      nbns                               frames:6 bytes:552
      ssdp                               frames:8 bytes:1096
      nat-pmp                            frames:2 bytes:112
        vssmonitoring                    frames:1 bytes:56
      coap                               frames:4 bytes:238
        _ws.malformed                    frames:1 bytes:56
      dtls                               frames:1 bytes:181
      bvlc                               frames:3 bytes:177
        bacnet                           frames:3 bytes:177
          bacapp                         frames:3 bytes:177
      rmcp                               frames:3 bytes:195
        ipmi_session                     frames:3 bytes:195
          ipmb                           frames:3 bytes:195
            data                         frames:3 bytes:195
      chargen                            frames:2 bytes:112
      l2tp                               frames:1 bytes:98
      mdns                               frames:2 bytes:176
      xdmcp                              frames:1 bytes:56
      memcache                           frames:1 bytes:56
        vssmonitoring                    frames:1 bytes:56
      quake3                             frames:1 bytes:56
        _ws.malformed                    frames:1 bytes:56
      rip                                frames:1 bytes:66
      cflow                              frames:21 bytes:14530
    icmp                                 frames:974 bytes:141791
      vssmonitoring                      frames:3 bytes:168
  arp                                    frames:4698 bytes:209862
  ipv6                                   frames:1157 bytes:2493613
    icmpv6                               frames:505 bytes:38222
    udp                                  frames:78 bytes:7687
      ntp                                frames:59 bytes:6490
      data                               frames:19 bytes:1197
    tcp                                  frames:574 bytes:2447704
      http                               frames:276 bytes:2414646
        data                             frames:7 bytes:99171
        data-text-lines                  frames:3 bytes:8826
      tls                                frames:9 bytes:10612
  llc                                    frames:32 bytes:2320
    stp                                  frames:31 bytes:1860
    cdp                                  frames:1 bytes:460
  loop                                   frames:6 bytes:360
    data                                 frames:6 bytes:360
  lldp                                   frames:2 bytes:834
===================================================================

Now that we got the lay of the land, seeing what our pcap is made up of, let’s get into what we came to do! Using tshark to parse some packets 🙂

Enter tshark! Tshark is the command line tool for Wireshark. It’s core switches are very close to what you would use with tcpdump. To read in a file you would use ‘-r <filename>’ or to sniff you’d use ‘-i <int name>’

I’m going to read in the value with the -c option which stands for count, so since I’m using ‘-c 1’ I’ll just get the first packet. If you were capturing traffic with the -i option and use the -c you’ll limit how many packets you’ll capture, just like tcpdump.

$ tshark -r ctf.pcap -c 1
1   0.000000 194.147.140.98 → 157.230.15.223 TCP 52138 33895 52138 → 33895 [SYN] Seq=0 Win=1024 Len=0

Do you remember how Wireshark has three separate panes by default? The first pane is the packet list, the second is the packet details, and the third is the packet bytes. In tshark, just reading in the file would get you the packet list. If you use the -V option you’ll get everything in the packet details pane and the -x option will give you the packet bytes section.

In the following example i’ll also use the ‘-Vx’ as well as the ‘-c 1’ option which will just display the first packet in all it’s glory (frame 1).

$ tshark -r ctf.pcap -Vxc 1
Frame 1: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
        .... .... .... .... .... ...0 000. .... = FCS length: 0
        .... .... .... .... 0000 000. .... .... = Reserved: 0
        .... ...0 .... .... .... .... .... .... = CRC error: Not set
        .... ..0. .... .... .... .... .... .... = Packet too long error: Not set
        .... .0.. .... .... .... .... .... .... = Packet too short error: Not set
        .... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
        ...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
        ..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
        .0.. .... .... .... .... .... .... .... = Preamble error: Not set
        0... .... .... .... .... .... .... .... = Symbol error: Not set
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 12, 2021 19:44:00.093265000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1613159040.093265000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 56 bytes (448 bits)
    Capture Length: 56 bytes (448 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:vssmonitoring]
Ethernet II, Src: fe:00:00:00:01:01, Dst: 00:00:00:00:00:00
    Destination: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: fe:00:00:00:01:01
        Address: fe:00:00:00:01:01
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 194.147.140.98, Dst: 157.230.15.223
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 40
    Identification: 0x8079 (32889)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 244
    Protocol: TCP (6)
    Header checksum: 0x499b [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x499b]
    Source: 194.147.140.98
    Destination: 157.230.15.223
Transmission Control Protocol, Src Port: 52138, Dst Port: 33895, Seq: 0, Len: 0
    Source Port: 52138
    Destination Port: 33895
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence number: 0    (relative sequence number)
    Sequence number (raw): 3764456385
    [Next sequence number: 1    (relative sequence number)]
    Acknowledgment number: 0
    Acknowledgment number (raw): 0
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x002 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgment: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 33895]
                [Connection establish request (SYN): server port 33895]
                [Severity level: Chat]
                [Group: Sequence]
        .... .... ...0 = Fin: Not set
        [TCP Flags: ··········S·]
    Window size value: 1024
    [Calculated window size: 1024]
    Checksum: 0x72f2 [correct]
    [Checksum Status: Good]
    [Calculated Checksum: 0x72f2]
    Urgent pointer: 0
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
VSS Monitoring Ethernet trailer, Source Port: 0
    Src Port: 0
0000  00 00 00 00 00 00 fe 00 00 00 01 01 08 00 45 00   ..............E.
0010  00 28 80 79 00 00 f4 06 49 9b c2 93 8c 62 9d e6   .(.y....I....b..
0020  0f df cb aa 84 67 e0 61 0b c1 00 00 00 00 50 02   .....g.a......P.
0030  04 00 72 f2 00 00 00 00                           ..r.....

That’s pretty neat right? You can see all the way into the first packet and get a bunch of information. Well, turning back to using Wireshark, remember how you would filter packets based on DNS or ICMP or what have you in the ‘display filter’? Well you can do that, with the same exact syntax, by using the -Y ‘<search_term>’ option. It’s best practice to put your search term inside of quotes, so if you have more than one word or periods, strange bash things won’t take place. Let’s take a look:

$ tshark -r ctf.pcap -Y 'dns' | head
  312 422.644017    127.0.0.1 → 127.0.0.53   DNS 42891 53 Standard query 0xb27a PTR 223.15.230.157.in-addr.arpa OPT
  313 422.644227 157.230.15.223 → 67.207.67.2  DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa OPT
  314 422.644279 157.230.15.223 → 67.207.67.3  DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa OPT
  315 422.653585  67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
  316 422.653761 157.230.15.223 → 67.207.67.3  DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa
  317 422.656415  67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
  318 422.656588 157.230.15.223 → 67.207.67.2  DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa
  319 422.659817  67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
  320 422.662693  67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
  321 422.663035   127.0.0.53 → 127.0.0.1    DNS 53 42891 Standard query response 0xb27a PTR 223.15.230.157.in-addr.arpa PTR ubuntu-s-1vcpu-2gb-nyc1-01 PTR ubuntu-s-1vcpu-2gb-nyc1-01.local OPT

We can use our -xV options to look in the first packet displayed. If you look at the first packet you can see it’s ‘frame 312’ and we will use the -c option to look just at this packet:

$ tshark -r ctf.pcap -Y 'dns' -xVc 312
Frame 312: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
        .... .... .... .... .... ...0 000. .... = FCS length: 0
        .... .... .... .... 0000 000. .... .... = Reserved: 0
        .... ...0 .... .... .... .... .... .... = CRC error: Not set
        .... ..0. .... .... .... .... .... .... = Packet too long error: Not set
        .... .0.. .... .... .... .... .... .... = Packet too short error: Not set
        .... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
        ...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
        ..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
        .0.. .... .... .... .... .... .... .... = Preamble error: Not set
        0... .... .... .... .... .... .... .... = Symbol error: Not set
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 12, 2021 19:51:02.737282000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1613159462.737282000 seconds
    [Time delta from previous captured frame: 9.688921000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 422.644017000 seconds]
    Frame Number: 312
    Frame Length: 98 bytes (784 bits)
    Capture Length: 98 bytes (784 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:dns]
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
    Destination: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00:00:00:00
        Address: 00:00:00:00:00:00
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.53
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x16bf (5823)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0x25a4 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x25a4]
    Source: 127.0.0.1
    Destination: 127.0.0.53
User Datagram Protocol, Src Port: 42891, Dst Port: 53
    Source Port: 42891
    Destination Port: 53
    Length: 64
    Checksum: 0xfe87 incorrect, should be 0x1e09 (maybe caused by "UDP checksum offload"?)
        [Expert Info (Error/Checksum): Bad checksum [should be 0x1e09]]
            [Bad checksum [should be 0x1e09]]
            [Severity level: Error]
            [Group: Checksum]
        [Calculated Checksum: 0x1e09]
    [Checksum Status: Bad]
    [Stream index: 2]
    [Timestamps]
        [Time since first frame: 0.000000000 seconds]
        [Time since previous frame: 0.000000000 seconds]
Domain Name System (query)
    Transaction ID: 0xb27a
    Flags: 0x0100 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        223.15.230.157.in-addr.arpa: type PTR, class IN
            Name: 223.15.230.157.in-addr.arpa
            [Name Length: 27]
            [Label Count: 6]
            Type: PTR (domain name PoinTeR) (12)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 1200
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 0
0000  00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00   ..............E.
0010  00 54 16 bf 40 00 40 11 25 a4 7f 00 00 01 7f 00   .T..@.@.%.......
0020  00 35 a7 8b 00 35 00 40 fe 87 b2 7a 01 00 00 01   .5...5.@...z....
0030  00 00 00 00 00 01 03 32 32 33 02 31 35 03 32 33   .......223.15.23
0040  30 03 31 35 37 07 69 6e 2d 61 64 64 72 04 61 72   0.157.in-addr.ar
0050  70 61 00 00 0c 00 01 00 00 29 04 b0 00 00 00 00   pa.......)......
0060  00 00

A common thing one may want to take a look at regarding DNS is what domain names are people trying to resolve. A cool thing about tshark is that you can specify what columns you want it to display. This is where I think tshark, and it’s usability really separates itself from tcpdump. You can do the same sort of things in tcpdump, but it will take a lot more work and will be messier using cut multiple times and what not. Using the ‘-T fields’ followed by the ‘-e <field_name> you can get something very specific and usable really fast. I’m going to pipe this to head simply for brevity, I don’t want to have so many lines to distract from simply what the command is doing:

tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e ip.src -e ip.dst -e dns.qry.name | head | sort | uniq
127.0.0.1	127.0.0.53	www.internetbadguys.com
157.230.15.223	67.207.67.2	zg-1218a-214.stretchoid.com
157.230.15.223	67.207.67.3	www.internetbadguys.com
172.17.0.2	67.207.67.2	zg-1218a-214.stretchoid.com
67.207.67.2	157.230.15.223	zg-1218a-214.stretchoid.com
67.207.67.2	172.17.0.2	zg-1218a-214.stretchoid.com
67.207.67.3	157.230.15.223	www.internetbadguys.com

Look how fast that was. If we have an idea of what we are looking for we can do so very efficiently inside of tshark. We can search for very specific things and drill down very fast. We can use other Linux text applications like sort, uniq and grep with ease. Let’s continue.

From here we can see someone is trying to resolve ‘www.internetbadguys.com’ which doesn’t look good. What are all the IPs trying to resolve this name? We can use our handy Linux tool grep to help us here:

$ tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e ip.src -e ip.dst -e dns.qry.name | sort | uniq -c | grep 'www.internetbadguys.com'
      1 127.0.0.1	127.0.0.53	www.internetbadguys.com
      1 127.0.0.53	127.0.0.1	www.internetbadguys.com
      2 157.230.15.223	67.207.67.3	www.internetbadguys.com
      2 67.207.67.3	157.230.15.223	www.internetbadguys.com

We could extract just the ‘dns.qry.name’ field and save them to a file for later analysis.

$ tshark -r ctf.pcap -Y 'dns.qry.type == 1' -T fields -e dns.qry.name | sort | uniq -c > dns.qry.txt

What is another thing that’s really useful with tshark, is you can grep things. How is your grep game? I’d say I’m a beginner in all the things but I’ll let you know about three options with grep I use most. The first option is ‘-i’ which simply ignores case when searching for matches.

$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -i ctf
0460  63 6f 43 54 46 7b 40 70 6f 72 74 63 75 6c 6c 69   coCTF{@portculli

The next options with grep I use the most are the -A and -B which will display the lines above and below your match. This can give you more context to your match, which is very useful when looking at logs and packets.

$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -i ctf
0460$ tshark -r ctf.pcap -Y 'mysql' -xV | grep -A 10 -B 10 -i ctf
03c0  3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f 75   :/nonexistent:/u
03d0  73 72 2f 73 62 69 6e 2f 6e 6f 6c 6f 67 69 6e 0a   sr/sbin/nologin.
03e0  5f 61 70 74 3a 78 3a 31 30 30 3a 36 35 35 33 34   _apt:x:100:65534
03f0  3a 3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f   ::/nonexistent:/
0400  75 73 72 2f 73 62 69 6e 2f 6e 6f 6c 6f 67 69 6e   usr/sbin/nologin
0410  0a 6d 79 73 71 6c 3a 78 3a 31 30 31 3a 31 30 31   .mysql:x:101:101
0420  3a 4d 79 53 51 4c 20 53 65 72 76 65 72 2c 2c 2c   :MySQL Server,,,
0430  3a 2f 6e 6f 6e 65 78 69 73 74 65 6e 74 3a 2f 62   :/nonexistent:/b
0440  69 6e 2f 66 61 6c 73 65 0a 73 75 70 70 6f 72 74   in/false.support
0450  3a 78 3a 31 30 30 30 3a 31 30 30 30 3a 43 69 73   :x:1000:1000:Cis
0460  63 6f 43 54 46 7b 40 70 6f 72 74 63 75 6c 6c 69   coCTF{@portculli
0470  73 6c 61 62 73 7d 3a 2f 68 6f 6d 65 2f 73 75 70   slabs}:/home/sup
0480  70 6f 72 74 3a 2f 62 69 6e 2f 73 68 0a 07 00 00   port:/bin/sh....
0490  04 fe 00 00 22 00 00 00                           ...."...
Frame 25202: 71 bytes on wire (568 bits), 71 bytes captured (568 bits) on interface unknown, id 0
    Interface id: 0 (unknown)
        Interface name: unknown
    Packet flags: 0x00000000
        .... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
        .... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)

We can see that the packet following our match is ‘Frame 25202’ so if we know our match was in Frame 25201. We can also increase our -A or -B to get more context.

Given everything that we have learned so far, It would take us less than 20 seconds if someone asked you for all the mysql usernames and passwords found in a pcap. Or, if a certain user had attempted to login, etc. Sure you may have to open up Wireshark or google to get the correct syntax of the columns; but that’s easy.

$ tshark -r ctf.pcap -Y 'mysql' -T fields -e mysql.user -e mysql.passwd | sort | uniq 
	
8TmveSod	3305460ddd8e2cc1321a487ebfe4dc8fc9a2d20c5e30485ee382eccfa38f9863
admin	360435d4b3015b249066fe99636aecd8aa3fdb0c36d9e3f6a3a3251209aae0ac
admin	66afa1f2f5f9f5043ff31bd90ddac1ed90bab5f52457c234d0a2a71c9b8ff3dd
admin	b47dee5a3824dcf6f18d2a40abeac5e9259999b639c10d1b91057c3c157f5cfe
admin	c9990930240171b021e8ca57bea4c0f5dec51eba06637a92b7f194348da81c94
admin	dd73c7a5465cfd8bef44bc8b995619fb6e82e36e3da1ee39a159f7e36ee2c4c8
admin@example.com	2a80ec0decb594885667e5aa9b07d97bb4de2b0f8bda631737c790cf9bf562fd
admin@example.com	b722bcf91d9ed81e1160f20a810be143899d6b61cf81d2bb7ba0c770f99f3d74
admin	fc90eb0b8bfbb9c9f7c467cc7ee739b470835bedc1790d81dc2d46a880ba2b7d
flag	1148ed45984fd9b1e5ee7ee8dabde90d8c8ad768dbf47315feb48323e6c55111

I hope, if you’ve never used tshark, or hell, tcpdump for that matter, that you can see the utility of being able to parse packets at the command line. People are very into scripting with python these days, you could do some bash scripting here for things if you end up doing the same sorts of inquiries over and over again. And of course, if you want to open up Wireshark to take a look, you can do it from the command line as well 🙂

$ wireshark ctf.pcap &

That’s all for today. I’m going to focus on Zeek for the next post. Let’s see if I can get some zeek scripts off the ground. That should be bunches of fun! Till next time.

Ep 38 – Bart Castle Part 2

We are back this episode with Part 2 of our conversation with Bart Castle! Bart, Andy, and Aaron talk about the benefits of the cloud to software devs, Bart’s roots in networking, and a whole lot more in this week’s episode!

Follow Bart!
Twitter: @cloudbart
YouTube: youtube.com/c/bartcastle

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

CCNA Series – Overview

Here at AONE, we believe in continuous learning and development. We also want to do what we can help those trying to break into the network engineering field. While by no means the only factor, certifications can help you gain applicable knowledge for a specific career path. They can also be used to prove to employers that you have the ability and desire to learn and grow. For those trying to get into a network infrastructure profession or are early on in their careers, the Cisco Certified Network Associate (CCNA) program can be a great way to go. It is by means the only path, as their are other certification providers, but it is the one that we are going to highlight in this series.

This upcoming series is meant for those that are interested in, or are working toward achieving the CCNA certification. The approach for this series is that we will take a look a multiple topics in the CCNA “blueprint” and try to provide potentially supplemental knowledge and perspective to be used along with your other study materials. Before we dive into content in the next post, here are some example materials that you can look into if you are preparing for the CCNA certification. This is not an exhaustive list, just a few options that you can look into as you are trying to get started.

  • CCNA 200-301 Official Cert Guide
    • Commonly referred to as the CCNA “OCG”, this book covers CCNA exam topics and provides suggestions for study methods.
    • The book can be purchased in physical form, digital form, or both. There is also an option to get access to bonus material.
  • CBT Nuggets
    • CBT Nuggets provides on-demand video and lab training for many topics and certifications, including the CCNA.
    • Currently, there is an opportunity for some free training via this offer. This offer was released via the Packet Pushers Heavy Networking podcast.
  • Boson
    • Boson offers practice tests and a lab simulator (among other materials) to help you prepare for the CCNA (and other certifications).
  • Make It Stick
    • This book does not specifically pertain to IT, but can give you some tips to help you learn and retain knowledge.
  • It’s All About The Journey Community
    • As always, you can check out the IAATJ Discord Community to communicate with others that are also going after the CCNA certification, and those who are willing to help you.

We look forward to you joining us throughout this series!

Ep 37 – Bart Castle Part 1

In this week’s episode we talk to musician, artist, and Cloud Guru – Bart Castle! Bart weaves an engaging and brilliant tapestry of music, yurts, wanderlust and cloud stories. Buckle up and get ready to learn some cool stuff on this one!

Follow Bart!
Twitter: @cloudbart
YouTube: youtube.com/c/bartcastle

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Faces of the Journey – Chris Randall

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Chris!

Chris Randall, also known as @Bites_to_Bits, is an up and coming individual to the IT profession, originally from Michigan. At the age of 25, Chris moved to Southern Georgia to pursue career opportunities. However, at the time, the aspirations were not around network engineering or even information technology as a whole. Chris has spent the last 13 years in the culinary industry at different levels. He is currently a Food Service Director for a Fortune 500 client, where he oversees four onsite cafes. At their peak, they served over 2,000 guests per day! Before his current role, he also spent a short time at the former #1 restaurant in the world, Eleven Madison Park, in New York City. Previous to cooking for a living, when he was younger, Chris spent summers helping on his Aunt and Uncle’s potato farm. Growing up, Chris never felt that an IT career was a viable option, because they never had a reliable internet connection in the country and the family computer was outdated. However, a few years ago, he came into contact with Python for a college course and found it interesting. This led to some research into computer networking, which was very eye opening. Although not currently in an IT role, Chris spent the last six months studying for the CCNA exam, which he recently passed! As of now, the focus has been on the Cisco Devnet Associate certification and working through a Python #100DaysOfCode challenge. Chris is also working on a blog, playing around with some vlog ideas, and staying active on different social media platforms to help grow his network. Professionally, the next step is to break into the world of network engineering. The long term goal is to get into the DevOps or security disciplines.

Follow Chris:

Twitter

LinkedIn

Blog

Alright Chris, We’ve Got Some Questions

What is something you enjoy to do outside of work? As of late, my wife and I have begun hiking. We have some pretty decent local trails and are heading to Flagstaff, Arizona in April to hike some pretty unique areas. It is nice to be able to unplug for a few hours and spend quality time in some serene landscapes.

What is the next big thing that you are working toward? DevNet Associate and becoming fluent in Python. I want to be an asset as companies continue to implement Network Automation tools.

How did you figure out that information technology was the best career path for you? Cooking was always a means to an end for me, and after getting an Accounting Degree I knew that I needed something more challenging, something that wasn’t going to be redundant for the next 40 years of my life. IT continues to challenge me as I learn everyday, and from everything I see the industry never stops growing, which is exactly what I have been looking for.

When learning something new, what methods work best for you? I have found success in blending different methods together. I tend to watch videos on a new topic to get a baseline reference, and then I move to any sort of print material or online documentation. This helps me have a reference point when reading over the new topic. I will then use ANKI to develop flashcards of what I believe are key topics and then review them frequently. Lab-ing was a big help in my CCNA studies to solidify topics and really tie together how protocols functioned.

What motivates you on a daily basis? I am blessed to have a wonderful wife who deserves so much. She has persevered through even the toughest of times with me, without question, and for that I owe her the world. We are very fortunate to be in the situation we are where she is growing in her field and I have the ability to pivot to a new one. My current industry is very volatile, and I am fortunate to still have such a great job with so many restaurants closing these days. So I am taking advantage of the situation to ensure I do not have to endure such volatility in the future.

Bert’s Brief

I absolutely love to hear these “types” of stories. I am referring to the situations where people pivot their careers. The reason is because doing so takes has a take a large amount of courage, drive, endurance, and really knowing “who you are” as a person. Chris definitely has all of these traits. I cannot even begin to fathom trying to change career paths at this point in my life. The ability and drive to see that you want a change in life and actually going through the process to accomplish that goal is incredible. Chris is definitely someone who has proven that he is willing to put in the time and effort to become an IT professional. Seeing him document his progress over the last six months has been really cool. I cannot wait to see Chris break into network engineering!

Ep 36 – Siloed vs Jack of All Trades

In this episode A.J., Andy, and Dan discuss the differences in being a siloed engineer vs a jack of all trades. There are certainly pros and cons to each of these approaches. The team leverages and shares their experience with each of these approaches.

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Gitlab + Hugo = Website Magic Happy Time

I should let you know right off the top, this is not a ‘how-to’ from an expert. Instead, this is a how I was able to do something cool for the first time, article. The reason for this post is that I had to use multiple different how-to sites and was still left to troubleshoot multiple things. I’m writing this so a person in the same position as myself can hopefully get up and running in less time. So, with that in mind, if you are an expert in the tools used later on in this post I welcome some feedback on what I could have done better or what simply didn’t matter as I made my way through creating my first website since the GeoCities days (a Chicago Bulls tribute fan page).

About six months ago I was talking with a friend on twitter and we were discussing creating a website, a blog and video tutorial site together at some point. Life, projects, kids, COVID and home ownership got in the way and we never really got around to tackling it. Then, about 3 weeks ago I saw a post on my timeline discussing docs as code. I read into it, and watched a conference video that really got me excited. Watch this presentation! Now that you are as excited as me, let’s dive in!

The first thing I did was look to see if any of my mutuals that I talk to a little bit use GitHub to host their website and check in, see what they used or thought about their site. Tony E aka shoipintbri has such a site, hosted on GitHub. I reached out and he said if he had to do it all over again he’d use: GitLabs, Hugo and RestructuredText.

Step 1: So, I created a GitLabs account

After you create an account, it’s time to check our git version and or install it. I was working on Ubuntu 18.04 and the following commands will correspond as such.

Step 2: Install/Upgrade Git, for me I just had to upgrade

sudo apt update
sudo apt upgrade git
git --version

The next step is installing Hugo. Most of the documentation just says install the latest version of Hugo, which I did. But, once you get to looking at Hugo themes most of the new ones will want you to have the ‘extended version’ installed. The first time I stepped through this and my theme wasn’t working, it was because I didn’t have the ‘extended version’ installed. So, to save you a possible step, let’s just install the latest Hugo extended version straight away (I’m writing this to save the next person starting from scratch a little time). You won’t get the latest version using your package manager so we’ll pull it down with wget.

Step 3: Install the latest Hugo extended version (make sure you are downloading the version associated with your architecture/operating system)

wget https://github.com/gohugoio/hugo/releases/download/v0.81.0/hugo_extended_0.81.0_Linux-64bit.deb
sudo dpkg -i hugo_extended_0.81.0_Linux-64bit.deb
Hugo version # verify your version/install
rm hugo_extended_0.81.0_Linux-64bit.deb 

At this point you have everything you need except for your Hugo theme, but we will get there. At this point move into a working directory you’ll want to use for your project. This is not necessarily needed but I like it.

Step 4: Make a working directory for your project and move into it

mkdir ~/Desktop/hugofthunder
cd ~/Desktop/hugofthunder

At this point, I set up git on my local machine to talk to the master of my newly created GitLabs account using SSH authentication.

Step 5: Create a public/private key pair

cd ~/.ssh/
ssh-keygen -t rsa -b 2048
cat id_rsa.pub
ssh -T git@gitlab.com/<your_username>
cd ~/<your_project_working_directory>

When you are logged into GitLabs you can paste the .pub you echoed above under your profile -> preferences -> ssh keys. The next thing to do before we start setting up Hugo is to set some global git configurations that correspond to your GitLab account.

Step 6: configure git

git config --global user.name "<your_username>"
git config --global user.email "<your_email_with_GitLab>"
git config --global --list # verify settings

If we are in the root of our working directory, it should literally be empty if you do an ls command, we can now do a git init command.

Step 7: git init

git init

If you’ve made it this far, it’s time to do our first Hugo command. Congratulations, you are almost to website creation time! The first command you run will name your project and create a new directory with that projects name.

Step 8: Time to fire up Hugo! Name it whatever you want, you don’t have to go with hello-world 🙂 After you run your Hugo new site command move into the newly created directory.

hugo new site hello-world
cd hello-world 

If you ll or ls in your newly created directory you’ll see you have some basic files that associated with the barest of bare bones needed for your upcoming site.

This is a very exciting point in the project and this post. Here is where you will decide on what Hugo theme you want to run on your site. This is a configuration that will give a certain look/layout/feel to your website. Each theme has varying degrees of associated documentation but installing them all is pretty much the same. You either git clone or git submodule the theme as follows, and for demonstration purposes, I went with the codex theme.

Step 9: Install your Hugo theme

git submodule add https://github.com/jakewies/hugo-theme-codex.git themes/hugo-theme-codex

Alright, at this point you will have a pretty basic page with placeholder text. This is still pretty cool right? How do you get this up on your GitLabs for everyone to see?! You are about to find out!

The first thing we will need to do is decide on a project name as it will appear on GitLabs. For my website I chose the name ‘jobapp’ and used the following command to create it.

Step 10: Your first git push

# this will be down from the <working directory>/<your project> directory (the root of your project)
git add .
git remote add origin git@gitlab.com:<gitlabs_group_name/project_name>
git commit -m "init commit for project"
git push -u origin master

In about 30 – 90 seconds you should be able to refresh your GitLabs account and see your newly created project created along with the files and directories that were in the root of your project locally. The next thing to do is to talk about the files associated with getting this website up and running. There are two main files, the first I will discuss is called ‘config.toml’ and should be seen in the root of your project if you do an ls. If you go back to your themes documentation, which in my case was the Codex theme they will usually have a .toml config file to copy and paste into your .toml

I found my sample toml on the codex theme’s GitHub. I simply cut and paste their sample file same into my own .toml.

Step 11: Edit your .toml config file

# DO NOT REMOVE THIS
theme = "hugo-theme-codex" 

# Override these settings with your own
title = "codex"
languageCode = "en-us"
baseURL = "https://githugs.gitlab.io/jobapp"
copyright = "© {year}"

In the .toml the only other thing you HAVE to change is the ‘baseURL’ to match what will be your URL on GitLabs. This will be the ‘root’ level so to speak of your website and all the sub directories will fall off this base. If this isn’t set correctly your website will not render correctly on GitLabs. I’ll show you in a few steps where to find this address.

The second configuration file is what GitLabs uses to create your site. You create this file on the root of your project locally as well, same place the .toml is located and name it ‘.gitlab-ci.yml’ I used vim for this task but you can use any other txt editing application without any judgment (from me anyway).

Step 12: Create a .gitlab-ci.yml file

vim .gitlab-ci.yml

Let me show you what’s in my gitlab-ci.yml file and explain the most important part.

image: registry.gitlab.com/pages/hugo/hugo_extended:latest

variables:
  GIT_SUBMODULE_STRATEGY: recursive

test:
  script:
  - hugo
  except:
  - master

pages:
  script:
  - hugo
  artifacts:
    paths:
    - public
  only:
  - master

For just about every theme I tested out, as mentioned earlier, uses a Hugo extended version. Most of the how-to documentation for setting up your first site doesn’t have you install the extended version locally or call an extended version in your .yml file on GitLabs. Instead, they simply have you call the latest version of Hugo. This didn’t work for me, so to save you an hour of troubleshooting you can either navigate to the exact version of Hugo you want to spin up on GitLabs or simply cut and paste ‘image: registry.gitlab.com/pages/hugo/hugo_extended:latest’ and make sure you are using the extended version.

What GitLabs does, to my understanding, is run a script that spins up a Hugo image and runs a script to create and render your website whenever there is a change. Alternatively, you can run Hugo locally to create your .html files and upload those to GitLab but I won’t be covering that here.

At this point, we can do another git commit to add our edited .toml and newly created .yml to our GitLabs project. This .yml is what GitLabs will use to create your page so after this commit we will be able to verify what our URL is and verify we have the correct address in your .toml config file under baseURL.

Step 13: Let’s commit our local changes to GitLab

git add .
git commit -m "adding .yml // edit .toml"
git push -u origin master

Now it is time to go to your GitLab project. On the left side you can scroll down to Settings -> Pages. It is in this location you can verify your baseURL. You can also go to this url to see how your site is currently looking. If you need to change your baseURL in your .toml file you simply make your changes and then push them to GitLabs.

From this point you should have a working site on GitLabs. You’ll need to read your themes documentation on how to create additional posts and how to further edit and personalize your site. Each theme may do things a little different so it is of no use to continue down that train as the documentation for the theme is what you should follow.

I ended up creating https://githugs.gitlab.io/jobapp/ in which I have a simple homepage and then two blog posts. This took me about 8 hours but if I was to follow what I just wrote I could probably accomplish the same thing in 30-45 minutes.


If you made it this far, thanks for reading and I hope you got something out of it. The following is a quick aside as to why I created a site in the first place 🙂

As you can see from the website I created I was trying to get Pete Lumbis’ (who works at Cumulus/NVIDA networking) attention in hopes to start a conversation for a job ask he posted publicly. I’ve been a fan of Cumulus Linux since I first started learning about networking. Most of all, I like that they have their VMs and vagrant boxes publicly available. You don’t have to have a previous relationship with a sales rep to get access or worry about a 30 day license or something. Secondly, their VM can run on less on GB of RAM. This is huge, you can have a little lab going with 6 devices easily with a regular old laptop. No expensive hardware needed. Lastly, both layer 2 and layer 3 work great. With Junos you have to have two VMs up with an internal bridge to do what Cumulus Linux does right out of the box. Cisco VMs are hard to come by and want all of the resources. Thus, Cumulus Linux is great for those that want to spin something up fast and have all the features you are looking for to learn networking fundamentals. If you are up for learning Cumulus check out my friend Aninda Chatterjee‘s new PluralSight course: Cumulus – The Big Picture.


If you’d like to simply clone my site, you can do so here: https://gitlab.com/githugs/jobapp

Ep 35 – FortiJeff

In this episode we talk to Jeff Clark, a Sales Engineer at Fortinet. Jeff discusses how he went from a mortgage broker, to Network Engineer, to SE, as well as what the SE role is all about.

You can find more of Jeff online at:
http://www.fortijeff.com/

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Network Troubleshooting Tip – Model Driven

No matter what the specific role, as an IT professional, you are going to be tasked to solve problems. Whether you are in a direct support role, part of an escalation team, or on the architecture/engineering team, you are potentially seen as someone who “fixes all the things”. Sometimes though, I think it can be easy for us to fall into a trap of quickly jumping to conclusions and getting “into the weeds” in potentially an incorrect direction. I’ll admit, I am definitely guilty of this from time to time. This can be for many reasons, from we feel pressured to find a resolution quickly, to assuming that problem is more technical than it is just because it seems somewhat similar to something that happened in the past. In this post, we’ll go through a high-level troubleshooting method that I like to use when problems arise.

In our studies to become IT/Network professionals, one thing that is good to learn or at least know of, is the OSI (Open Systems Interconnection) Model. The OSI Model is a framework that can be used to standardize and understand the different components of a network or computing system. Here is a list of the layers of the OSI model and how they are displayed.

  • 7 – Application
  • 6 – Presentation
  • 5 – Session
  • 4 – Transport
  • 3 – Network
  • 2 – Data Link
  • 1 – Physical

Now, don’t worry. I’m not going to go in depth on each layer, nor am I an expert in each. I mainly just wanted to show the full model list to help explain my thought process when troubleshooting. I will not say that I use this as a definitive method and have to exhaust each layer before even thinking about the next. I merely like to think of the OSI Model as a high level guide to help get mind right went sifting through problems. Thinking through at least parts of this model give me a starting point and keep me in check from getting deep “into the weeds” before it is necessary to do so. An example of this is, for a connectivity issue, should I really be looking in routing tables for a potential problem before I’ve even validated power and physical connectivity of the problem device(s)? At least keeping the OSI Model in mind can keep me on a more narrow path to trying to find that problem resolution quickly. Here are some examples (not an exhaustive list) that can be used in troubleshooting when thinking about some of these layers (typically in this layer order). Like eluded to in the previous example, I find it helpful to take a bottom-up approach when looking at the OSI Model.

  1. Physical
    • Is all of necessary equipment powered and booted properly?
    • Are all of the proper physical connections made and functioning without apparent errors?
    • For wireless, is the device (or devices) able to associate and authenticate to the proper SSID?
  2. Data Link
    • Are MAC addresses being learned on switchports?
    • Is Spanning Tree Protocol configured and functioning the way we expect?
  3. Network (this a “fun” one)
    • IP Addressing
      • Are devices that are configured for DHCP receiving IP addresses?
      • Are devices that are set statically configured properly? By properly, I mean with:
        • A unique IP address.
        • A correct subnet mask.
        • A correct default gateway address.
        • Correct DNS servers.
        • A good reason to be set with a static address.
          • I bring this up with just a slight bit of snark here. Statically configuring devices with IP information adds a level of complexity and extra room for error (and I am specifically referencing static configuration, not DHCP reservations by MAC address). There are however, reasons to leverage statically configured IP addresses, so I will not say that they are no use cases.
    • Routing
      • Does the router have a correct ARP entry for the device(s).
      • Are routes being learned or statically defined correctly?
      • Ping and traceroute are your friends.
    • Security
      • Layer 3 (Network Layer) and above is where I really start to consider security factors in troubleshooting such as access control lists (ACLs) and/or true firewall rules.
  4. Transport
    • Security/ACL/Firewalling.
  5. Session
    • Not a layer I specifically consider in at least initial, high level troubleshooting.
  6. Presentation
    • Not a layer I specifically consider in at least initial, high level troubleshooting.
  7. Application
    • Is the application functioning or being used/accessed as expected?
    • Security/ACL/Firewalling.

To close this out, I am by no means saying to print out the OSI Model, keep it next to you always, and follow it as an exact step by step troubleshooting method. I am more suggesting to leverage this model to give yourself somewhere to start, and some guidelines, when troubleshooting. We all want to resolve issues quickly and efficiently to keep our customers/clients/co-workers happy, and so we can get on to the next fun and exciting adventure!

Faces of the Journey – Christine Pappas

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Christine!

Christine Pappas, also known as @networkgeekgirl, is a network engineer in Maryland, USA. Christine has spent much of her life in Maryland, leaving for just four years to pursue higher education at Ferrum College in southwest Virginia. Prometric, LLC is the company Christine works for currently and has for twenty one years now. Prometric is a leading provider of technology-enabled testing and assessment solutions worldwide. Christine started at Prometric as an administrative assistant to the IT department with minimal tech knowledge. As she saw the operations of the department, she asked to learn more, and they were more than happy to oblige. First, Christine worked additional hours on the weekends, providing Level 1 support in the data center by monitoring processes and engaging the on-call staff to respond to issues that arose. She then expanded her responsibilities by becoming the technical writer for the processes that she had been monitoring by creating clear instructions for all necessary tasks. Continuing her technical growth, Christine spent time as an FTP administrator, and also joined the security team for a period of time, running reports, and checking for security issues on the network. Then, came the biggest career step. Someone was moving out of the network department, which had been an area of interest for Christine. Christine’s manager and director offered her a transition to that team to learn network engineering. This was about thirteen years ago, and Christine jumped at the opportunity, and has been learning ever since. Initially, she handled the “grunt work” and learned about Juniper and Netopia routers. After a few years of learning and growth, she got the opportunity to work daily on the Cisco routers and switches. Christine now works on both the campus and data center Cisco environments, providing design and implementation expertise for the global enterprise. She has also become the SME for the wireless and VPN disciplines. A love for playing in the CLI is what drew Christine to an IT profession. Understanding that the infrastructure that she designs and implements is a lifeline to the business is very rewarding for her. Christine’s goals and next steps are what I would deem well thought out and methodical. The short term goals are to become a senior network engineer, and to obtain a CCNP certification. Christine is taking it one step at a time so that her goals are achievable. She enjoys leveraging the knowledge that she has gained throughout her career and using it to teach up and coming junior engineers.

Follow Christine:

Twitter

LinkedIn

Alright Christine, We’ve Got Some Questions

What do you want to be when you “grow up”? Senior Network Engineer, with CCNP, CCDP and eventually (possibly) CCIE.

What advice do you have for aspiring IT professionals? Study every day, even if it is for only 10 min, make sure you learn one new thing. The best way to learn is to do and do often, so labbing or working on real equipment is key to solidifying that in your brain. Figure out how you retain knowledge best and use that method. Listen in on troubleshooting calls to learn real world issues and how they are resolved. As you grow, help others with your new knowledge, don’t keep it all inside your own mind.

What is something you enjoy to do outside of work? Spending time with my family is my number one priority. My husband and I love to travel (pre-COVID). Reading and singing (many moons ago I did get a degree in Music) are my passions.

How do you manage your work/life balance? Managing that balance has been more difficult this past year in COVID times. I have learned to work from home full time, while helping my 3 girls do virtual school, and try to keep us all sane from being locked down in the house. I have had to learn to be patient with myself and determine how much work I could get done in a day realistically. Two of my girls have medical issues, so at times I am forced to balance work with doctor appts (my bosses and coworkers are amazing with this). I take time out in the evenings and weekends to watch true crimes or DIY shows with my husband, sit, and talk with him and the kids, plan future travel, and just be around each other. I talk or FaceTime with family and friends. When I need my own space, I will read or scroll social media. Time is a premium around here – I have 3 very different children who all rely on me in various ways. I am also now a passenger as my oldest learns to drive, so that tends to take your mind off everything else!

What motivates you on a daily basis? My kids – seeing them grow and learn and wanting to give them a positive role model. They love me as mom, but also see me studying for exams, and ‘hacking the world’ as they call it when I am connected in CLI. They see a woman in a predominately and historically man’s role, and I hope that they see their own possibilities are endless if they work hard for what they want.

Bert’s Brief

Strength, determination, and compassion are three (among many) traits that Christine Pappas wields on a daily basis. She has seen every challenge in front of her as an opportunity to practice and grow her skill sets. While she been with the same company for the last 20+ years, she has taken different roles to broaden knowledge in different areas. I really think there is a lot to be said for that. Even more so, Christine has been able to advance her career while still making her family and friends priorities, and finding balance, which is very impressive. Christine also finds time to be an active member in the It’s All About the Journey community, providing perspective, guidance, and encouragement. I can’t wait to hear her named called on the AONE podcast when she passes the Cisco ENCOR exam later this year!

Ep 34 – Technical Interviews

In this episode Dan and Andy discuss the technical interview with special guest, Tim McConnaughy. Tim is a Technical Solutions Architect at Cisco who has a lot of experience on both sides of the technical interview table. The guys talk about their personal experiences with technical interviews, how to prepare for one and how to stand out at your next technical interview.

Follow Tim on Twitter: @juangolbez
Checkout Tim’s blog, https://carpe-dmvpn.com/
YouTube: https://www.youtube.com/c/CarpeDMVPN

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Route Summarization (Post 4)

You’ve made it to the 4th and final post in the OSPF Route Optimization series, I’m proud of you! I honestly wasn’t sure if I’d make it this far, myself. Anyway, in this post we will build upon the work we accomplished in post 3, in which we converted our flat, single area OSPF topology into multi-area OSPF with each site having a boundary between area 0 and the local area (1, 2, 3, or 4 per site). By just implementing multiple areas, we do not yet see a large benefit. Our routing table sizes are still larger than they need to be. In this post, we will leverage route summarization in our area border routers to start seeing that benefit of smaller routing tables. Multi-area OSPF is what makes route summarization possible. Just like the last post, to avoid too much clutter, we will focus in on site1-dist and site1-access1. Keep in mind, that the rest of the topology is getting configured also, just behind the scenes. First, let’s get a refresher on our topology.

With OSPF, route summarization is implemented in the area border routers. In our case here, this will be done in the “dist” switch at each site. For the purposes of this demonstration, we will summarize the route advertisements of the entire /16 of each local site network. In the output below, we will take a look at the configuration on site1-dist, then some “show” output from site1-dist and site1-access once the summarization configuration has taken place throughout the entire topology.

site1-dist

site1-dist#configure terminal
 site1-dist(config-router)#area 1 range 10.1.0.0 255.255.0.0
 site1-dist(config-router)#end
 site1-dist#show ip route ospf
   10.0.0.0/8 is variably subnetted, 29 subnets, 4 masks
 O        10.1.0.0/16 is a summary, 00:04:38, Null0
 O        10.1.11.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.12.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.13.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.21.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.22.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.23.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.31.0/24 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.32.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.33.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O        10.1.255.1/32 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
 O        10.1.255.2/32 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
 O        10.1.255.3/32 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
 O IA     10.2.0.0/16 [110/21] via 10.100.0.1, 00:03:32, GigabitEthernet0/1
 O IA     10.3.0.0/16 [110/21] via 10.100.0.1, 00:02:50, GigabitEthernet0/1
 O IA     10.4.0.0/16 [110/21] via 10.100.0.1, 00:01:25, GigabitEthernet0/1
 O        10.100.0.4/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.0.8/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.0.12/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
 O        10.100.255.255/32 
            [110/11] via 10.100.0.1, 00:04:38, GigabitEthernet0/1

As you can see, the configuration itself is simple and done within the router ospf instance. Due to the IP addressing plan we used, combined with multi-area OSPF and route summarization across the topology, we were able to reduce the OSPF routes in this Layer 3 switch from 64 down to 20 (including the /16 null route)!

site1-access1

site1-access1#show ip route ospf
   10.0.0.0/8 is variably subnetted, 28 subnets, 4 masks
 O        10.1.21.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.22.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.23.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.31.0/24 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.32.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.33.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.200.4/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.200.8/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.255.2/32 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O        10.1.255.3/32 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
 O        10.1.255.255/32 [110/11] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O IA     10.2.0.0/16 [110/31] via 10.1.200.1, 00:06:01, GigabitEthernet0/1
 O IA     10.3.0.0/16 [110/31] via 10.1.200.1, 00:05:15, GigabitEthernet0/1
 O IA     10.4.0.0/16 [110/31] via 10.1.200.1, 00:03:45, GigabitEthernet0/1
 O IA     10.100.0.0/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
 O IA     10.100.0.4/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.0.8/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.0.12/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
 O IA     10.100.255.255/32 
            [110/21] via 10.1.200.1, 00:12:42, GigabitEthernet0/1

Here, you can see that the downstream routers from the area border router also benefit from the route summarization as the OSPF routes in the site1-access1 routing table have been reduced to 19. I want to highlight that the routes from areas 2, 3, and 4 are now seen as single /16 routes to routers in area 1. This is a great start to shrinking the routing tables in our topology, but we can go further. Is there really a reason for the access layer switches to have routes to the other sites? I encourage you to take a look at the different stub area types next. Thanks for joining me on this journey, and until next time, happy routing!

Ep 33 – Cord Cutters

In this episode the guys talk about the life of a cord cutter. The advantages and disadvantages of cord cutting over traditional TV, the backend wheelings and dealings that make pay-as-you-go options impossible in traditional distribution models and streaming’s impact on the global network.

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

Starting the GIAC Certification Process

So I’ve made it through just about all of the SANS SEC503 material. That’s no small accomplishment in it of itself and I already feel like I’ve leveled up a bit. I now know some of the secrets about the TCP handshake, checksums and window size 🙂 If you’ve followed me through my first three posts you know I’ve touched a bit on tcpdump, scapy and snort while going through the material.

The next big hurdle, which will be coming up in just over 60 days is my first GIAC exam. For those that don’t know, this is the certifying body that is directly relevant to the SANS courses. As I understand it, it’s a 4-hour exam in a PearsonVue type center that is open book/paper. Since it’s ‘open book’ and I have some 5 books of slides and another two books of labs, there has to be a method to organize this into something efficient and useful to a test taker. I’ve searched the web and watched some YouTube videos about how to prepare for a GIAC exam and I keep coming across the word ‘index.’ While the end of my book 5 does have an index, I looked through the terms and tried to imagine how useful it would be, and my conclusion is not much.

To be fully transparent, I started writing this blog post as something to put out there in public to hold myself to completing this indexing task and I’m currently about 18% through I’d estimate. The plan is to reread each book and then pull out the relevant information I think would be useful if I need to reference something quick related to the topic. I’ve decided I’m going to break up my key terms by protocol and/or tool, sometimes making an entry for both referencing the same page number.

Once I get through rereading all the books and completing my index, I’m going to type it up and sort. From there I’ll deliberate the most useful format for the index and set aside some time for a practice exam. Depending on how the practice test goes will give me an idea of what I need to tinker with to be my most successful test taker self. Luckily, I have two practice exams so I get to try out my improved plan before going in on the actual exam.

I’ll do a post later when I’m further along in the process, but like I mentioned above I’m just writing a quick note and putting this out there to help hold myself accountable. If you see me out there tweeting too much Heat basketball send me a dm and let me know what the real goal is 🙂 Till next time!

Ep 32 – Make it Stick

In this episode, we talk with Peter Brown, co-author of Make it Stick! Peter is one of the team of three authors that wrote Make it Stick: The Science of Successful Learning. Peter explains the original idea for the book, the team discusses many of the tactics for successful learning outlined within the book, and Peter elaborates on the team’s findings.

Peter is a New York Times best selling author. In addition to co-authoring Make It Stick Peter has written several other books. You can find more on Peter and his books, on his website: https://www.petercbrown.com/index.php

To get your copy of Make it Stick: The Science of Successful Learning, grab it here: https://amzn.to/3qKGkl5

For more information on the book, you can check out the website: https://makeitstick.net/

NEW! Like us on Facebook https://www.facebook.com/artofneteng
Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Multi-Area OSPF (Post 3)

In this post of the OSPF Route Optimization series, we take a look at multi-area OSPF. As stated before, while single-area OSPF provides us with global IP reachability, it tends to not scale well from an efficiency standpoint as the network grows. In our sample topology, we will treat the “inside” zone of each site as its own area while leaving the distribution to core layer in area 0. With our IP address design, doing this will allow us to perform IP summarization and shrink the size of our routing tables. Here is an updated view of our topology and in the output shown in the rest of this post, we will work with area 1 (site 1).

As a reminder, here is what the routing table (OSPF routes) looks like on access switch #1 at site #1 with single area OSPF.

site1-access1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.255.255/32
[110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1

We will now start our configuration of multi-area OSPF. For brevity, in this post we will focus on site #1, specifically the distribution switch and one access switch. The configuration is similar for the rest of the network. Disclaimer: similar changes in a production environment should be planned, coordinated, and performed in a maintenance window that allows for downtime.

site1-dist

site1-dist#show ip int brief | exclude unassigned
 Interface              IP-Address      OK? Method Status            Protocol
 GigabitEthernet0/1     10.100.0.2      YES TFTP   up                    up      
 GigabitEthernet0/2     10.1.200.1      YES TFTP   up                    up      
 GigabitEthernet0/3     10.1.200.5      YES TFTP   up                    up      
 GigabitEthernet1/0     10.1.200.9      YES TFTP   up                    up      
 Loopback0              10.1.255.255    YES TFTP   up                    up      
 site1-dist#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.255
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     Loopback0
     GigabitEthernet1/0
     GigabitEthernet0/3
     GigabitEthernet0/2
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      22:12:43
     10.3.255.255         110      22:12:16
     10.4.255.255         110      22:12:16
     10.100.255.255       110      22:12:53
     10.4.255.1           110      22:12:16
     10.4.255.3           110      22:12:05
     10.4.255.2           110      22:12:16
     10.3.255.2           110      22:12:16
     10.2.255.3           110      22:12:43
     10.3.255.3           110      22:12:16
     10.2.255.2           110      22:12:43
     10.1.255.1           110      22:12:53
     10.2.255.1           110      22:12:43
     10.1.255.2           110      22:12:53
     10.3.255.1           110      22:12:16
     10.1.255.3           110      22:12:53
   Distance: (default is 110)
 site1-dist#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 site1-dist(config)#int range gi0/2-3, gi1/0, lo0
 site1-dist(config-if-range)#ip ospf 1 area 1
 site1-dist(config-if-range)#
 *Nov 22 17:17:54.010: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.1 on GigabitEthernet0/2 from FULL to DOWN, Neighbor Down: Interface down or detached
 *Nov 22 17:17:54.018: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.2 on GigabitEthernet0/3 from FULL to DOWN, Neighbor Down: Interface down or detached
 *Nov 22 17:17:54.026: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.3 on GigabitEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
 site1-dist(config-if-range)#
 *Nov 22 17:17:59.544: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID from backbone area from 10.1.200.10, GigabitEthernet1/0

In the above output for site1-dist, we can see that the interface connecting to the core (gi0/1) is left in the backbone area (area 0). All other interfaces that can be seen as “local” to the site (including the router’s loopback 0 interface, which is used as the OSPF router ID) are moved into area 1. For site 2, we are using area 2, site 3 is area 3 and site 4 is area 4. You can see that as soon as the interfaces connecting to the access layer switches are moved into, area 1, we lose OSPF neighborship with them on site1-dist because there is now an area ID mismatch in the hello messages between site1-dist and the access layer switches that are still in area 0. This is why in a production environment, that this would need to be done in a communicated maintenance window. We will now configure the necessary interfaces on site1-access1. The same would be configured on the other access layer switches at site 1 as well as the rest of the access layer switches at the other sites in the topology, just with their respective area IDs.

site1-access1

site1-access1#show ip int brief | exclude unassigned
 Interface              IP-Address      OK? Method Status                Protocol
 GigabitEthernet0/1     10.1.200.2      YES TFTP   up                    up      
 Loopback0              10.1.255.1      YES TFTP   up                    up      
 Loopback11             10.1.11.1       YES TFTP   up                    up      
 Loopback12             10.1.12.1       YES TFTP   up                    up      
 Loopback13             10.1.13.1       YES TFTP   up                    up      
 site1-access1#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.1
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     Loopback0
     Loopback11
     Loopback12
     Loopback13
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      23:43:05
     10.3.255.255         110      23:42:37
     10.1.255.255         110      23:43:16
     10.4.255.255         110      23:42:27
     10.100.255.255       110      23:43:16
     10.4.255.1           110      23:42:27
     10.4.255.3           110      23:42:17
     10.4.255.2           110      23:42:17
     10.3.255.2           110      23:42:37
     10.2.255.3           110      23:43:05
     10.3.255.3           110      23:42:27
     10.2.255.2           110      23:42:55
     10.2.255.1           110      23:43:05
     10.1.255.2           110      23:43:16
     10.3.255.1           110      23:42:27
     10.1.255.3           110      23:43:16
   Distance: (default is 110)
 site1-access1#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 site1-access1(config)#int range gi0/1, lo0, lo11-13
 site1-access1(config-if-range)#ip ospf 1 area 1
 site1-access1(config-if-range)#
 *Nov 22 18:50:38.694: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.255 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
 site1-access1#show ip ospf neighbor 
 Neighbor ID     Pri   State           Dead Time   Address         Interface
 10.1.255.255      0   FULL/  -        00:00:36    10.1.200.1      GigabitEthernet0/1

In this simulation, the client subnets are represented as loopback interfaces. In “real life” they would most likely be switch virtual interfaces (SVIs). As stated in the last post, for the lab, I set the client subnet represented loopback interfaces with the “ip ospf network point-to-point” command. This way, OSPF would advertise the entire /24 subnets rather than just the /32 loopback addresses. We can see that all interfaces on site1-access1 are moved into area 1. As soon as interface gi0/1 (connecting to site1-dist) is added into area 1, the OSPF neighborship comes back online. For all router to router connections in this lab we are leveraging “ip ospf network point-to-point”. That is why we do not see any DRs or BDRs in the “show ip ospf neighbor” outputs.

We are now going to fast forward. All routers (Layer 3 switches) in the topology have been configured properly for multi-area OSPF as shown in the diagram at the beginning of this post. Let’s now take a look at some show commands from site1-dist and site1-access1 now the entire topology has been configured.

site1-dist

site1-dist#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.255
   It is an area border router
   Number of areas in this router is 2. 2 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 0):
     GigabitEthernet0/1
     Routing on Interfaces Configured Explicitly (Area 1):
     Loopback0
     GigabitEthernet1/0
     GigabitEthernet0/3
     GigabitEthernet0/2
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.2.255.255         110      00:04:09
     10.3.255.255         110      00:03:28
     10.4.255.255         110      00:02:53
     10.100.255.255       110      00:17:48
     10.1.255.1           110      00:17:38
     10.1.255.2           110      00:17:48
     10.1.255.3           110      00:17:38
   Distance: (default is 110)
 site1-dist#show ip route ospf
       10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
 O        10.1.11.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.12.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.13.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.21.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.22.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.23.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.31.0/24 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.32.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.33.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O        10.1.255.1/32 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
 O        10.1.255.2/32 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
 O        10.1.255.3/32 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
 O IA     10.2.11.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.12.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.13.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.21.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.22.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.23.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.31.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.32.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.33.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.200.0/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.200.4/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.200.8/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.1/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.2/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
 O IA     10.2.255.3/32 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
 O IA     10.2.255.255/32 [110/21] via 10.100.0.1, 00:04:43, GigabitEthernet0/1
 O IA     10.3.11.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.12.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.13.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.21.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.22.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.23.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.31.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.32.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.33.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.200.0/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.200.4/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.200.8/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.255.1/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.255.2/32 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
 O IA     10.3.255.3/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.3.255.255/32 [110/21] via 10.100.0.1, 00:04:01, GigabitEthernet0/1
 O IA     10.4.11.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.12.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.13.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.21.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.22.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.23.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.31.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.32.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.33.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.200.0/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.200.4/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.200.8/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.255.1/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.255.2/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
 O IA     10.4.255.3/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
 O IA     10.4.255.255/32 [110/21] via 10.100.0.1, 00:03:27, GigabitEthernet0/1
 O        10.100.0.4/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.0.8/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.0.12/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
 O        10.100.255.255/32 
            [110/11] via 10.100.0.1, 00:18:21, GigabitEthernet0/1

site1-access1

site1-access1#show ip protocols
 Routing Protocol is "ospf 1"
   Outgoing update filter list for all interfaces is not set
   Incoming update filter list for all interfaces is not set
   Router ID 10.1.255.1
   Number of areas in this router is 1. 1 normal 0 stub 0 nssa
   Maximum path: 4
   Routing for Networks:
   Routing on Interfaces Configured Explicitly (Area 1):
     Loopback0
     Loopback11
     Loopback12
     Loopback13
     GigabitEthernet0/1
   Routing Information Sources:
     Gateway         Distance      Last Update
     10.1.255.255         110      00:06:19
     10.1.255.2           110      00:22:56
     10.1.255.3           110      00:22:56
   Distance: (default is 110)
 site1-access1#show ip route ospf
       10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
 O        10.1.21.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.22.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.23.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.31.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.32.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.33.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.200.4/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.200.8/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.2/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.3/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O        10.1.255.255/32 [110/11] via 10.1.200.1, 00:09:02, GigabitEthernet0/1
 O IA     10.2.11.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.12.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.13.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.21.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.22.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.23.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.31.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.32.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.33.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.200.0/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.200.4/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.200.8/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.1/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.2/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
 O IA     10.2.255.3/32 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
 O IA     10.2.255.255/32 [110/31] via 10.1.200.1, 00:08:44, GigabitEthernet0/1
 O IA     10.3.11.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.12.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.13.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.21.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.22.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.23.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.31.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.32.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.33.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.200.0/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.200.4/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.200.8/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.255.1/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.255.2/32 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
 O IA     10.3.255.3/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.3.255.255/32 [110/31] via 10.1.200.1, 00:07:59, GigabitEthernet0/1
 O IA     10.4.11.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.12.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.13.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.21.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.22.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.23.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.31.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.32.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.33.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.200.0/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.200.4/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.200.8/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.255.1/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.255.2/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
 O IA     10.4.255.3/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
 O IA     10.4.255.255/32 [110/31] via 10.1.200.1, 00:07:21, GigabitEthernet0/1
 O IA     10.100.0.0/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.4/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.8/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.0.12/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
 O IA     10.100.255.255/32 
            [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1

In conclusion of this post, let’s go over some key takeaways from the perspectives of site1-dist and site1-access1 now that multi-area OSPF has been configured throughout the topology.

site1-dist

  1. In the output of “show ip protocols”, the list of routing information sources has decreased to the following. The reason for this is because site1-dist now has interfaces in area 1 as well as area 0. Routing information will only be seen as sourced from routers within area 1 and area 0.
    • 10.2.255.255 (site2-dist)
    • 10.3.255.255 (site3-dist)
    • 10.4.255.255 (site4-dist)
    • 10.100.255.255 (core)
    • 10.1.255.1 (site1-access1)
    • 10.1.255.2 (site1-access2)
    • 10.1.255.3 (site1-access3)
  2. In the routing table, any route outside of 10.1.x.x (area 1) and 10.100.x.x (area 0) is seen as an inter-area (IA) route.

site1-access

  1. In the output of “show ip protocols”, the list of routing sources has decreased to the following. The reason for this is because site1-access1 now only has interfaces in area 1. Routing information will only be seen as sourced from routers within area 1.
    • 10.1.255.255 (site1-dist)
    • 10.1.255.2 (site1-access2)
    • 10.1.255.3 (site1-access3)
  2. In the routing table, any route outside of 10.1.x.x (area 1) is seen as an inter-area (IA) route.

Alright, we have multi-area OSPF set up across the topology, but our routing tables still look pretty heavy and cluttered. Well, the base multi-area OSPF configuration just set the stage for the next tool in our OSPF toolbox, which is route summarization. Join me in the next post, and we will leverage route summarization in our area border routers (the dist switch at each site) and shrink the size of our routing tables.

Ep 31 – Tim Bertino

In this episode, we talk to Tim Bertino! Tim is part of the AONE family working on our blog. He is the author and creator of the Faces of the Journey series, and he helps to find, and create, binge worth content for our website. When Tim isn’t working on the blog he is working in the healthcare industry. He shares his journey into IT and then he flips the script and starts asking us the questions!

You can find more of Tim on:
Twitter @timbertino https://twitter.com/TimBertino
His blog: https://netication.com/
LinkedIn: https://www.linkedin.com/in/tim-bertino-99378a62/

Follow us on Twitter https://twitter.com/artofneteng​
Follow us on Instagram https://www.instagram.com/artofneteng/​
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Merch Store – https://artofneteng.com/store
Join the Discord Study group – It’s all About the Journey- https://artofneteng.com/iaatj

OSPF Route Optimization – Single Area OSPF (Post 2)

In this second post of the OSPF Route Optimization series, we take a look at our sample topology network configured with a single OSPF area. We will see that while we have global IP reachability throughout the network, the routing tables are not very efficient, and this design may not scale well. Here is another look at our topology, this time showing that the routers in the entire network are all members of the backbone area, OSPF area 0 (zero).

In the following “show” output, we will take a look at the OSPF related configuration for site1-dist and one of the site1-access switches. Remember that in this topology, we are working with a routed access design, so the virtual routers for the client subnets live on the access-layer switches. Rather than using SVIs at the access layer, for this demonstration, we are leveraging loopback interfaces to simulate client routers (each access-layer switch has three client subnets). By default, the loopback OSPF network type will only advertise a /32 host route, so for this demonstration, the OSPF network type on the loopback interfaces has been changed to “point-to-point”. By doing this, although they are loopback interfaces, the full /24 subnets will be advertised.

site1-dist

site1-dist#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 57 subnets, 3 masks
C 10.1.200.0/30 is directly connected, GigabitEthernet0/2
C 10.1.200.4/30 is directly connected, GigabitEthernet0/3
C 10.1.200.8/30 is directly connected, GigabitEthernet1/0
C 10.1.255.255/32 is directly connected, Loopback0
C 10.100.0.0/30 is directly connected, GigabitEthernet0/1

site1-dist#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.255
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
GigabitEthernet1/0
GigabitEthernet0/3
GigabitEthernet0/2
GigabitEthernet0/1

site1-access-1

site1-access1#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
C 10.1.11.0/24 is directly connected, Loopback11
C 10.1.12.0/24 is directly connected, Loopback12
C 10.1.13.0/24 is directly connected, Loopback13
C 10.1.200.0/30 is directly connected, GigabitEthernet0/1
C 10.1.255.1/32 is directly connected, Loopback0

site1-access1#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
Loopback11
Loopback12
Loopback13
GigabitEthernet0/1

site1-access1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.255.255/32
[110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1

You can see the large size of the access-switch routing table in the “show ip route ospf” output at the end. OSPF, like other routing protocols will provide you global reachability, but when left to default settings, it can quickly become cumbersome. In the next post, we will bring out the first tool in our OSPF optimization toolbox, which is leveraging multiple areas.

Ep 30 – Mental Health

In this episode, the boys take a moment to talk about mental health. They stress how important it is to take time and make sure to take good care of your mental health. If you’re going through difficult times it’s okay. It’s okay to have feelings and emotions, don’t hold that stuff in. As always, seek medical help if you’re struggling.

Ten Percent – Meditation App and Podcast https://www.tenpercent.com/
Waking Up – Meditation App https://wakingup.com/

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

OSPF Route Optimization – Background (Post 1)

When it comes to global reachability within an organization, dynamic routing is a beautiful thing. There are multiple internal gateway protocols (IGPs) out there, but in this series of posts, we are going to focus on OSPF. Taking this focus a step further, we will go through IP/subnet design and routing table optimization.

As with any task in network infrastructure, you need to understand your requirements before you can develop and present a design. With dynamic routing implementation, once you understand your requirements, then comes the fun part of design. To me, it’s not just picking a protocol and off you go. You will want a routing domain that is simple, efficient, and scalable. The foundation for these pillars is IP address/subnet design.

Simplicity – Being able to quickly understand a network from a Layer 3 perspective is important when it comes to operations, troubleshooting, and future design. Having a well thought out IP scheme is essential.

Efficiency – Proper IP design allows for route summarization, which leads to smaller routing tables. This is good for both the routers and the network staff. The routers can perform lookups efficiently and the administrators/engineers can more easily understand the routing table. A happy engineer equals a happy network, right?

Scalability – This feeds off of efficiency. Summarization and smaller routing tables can scale well with the organization.

In this series of posts, we will go through an OSPF design example progressing from single area to multi-area OSPF to optimize routing tables throughout the OSPF domain. The topology itself is a simple hub and spoke design with a core at the “hub” connects to multiple outlying sites as the “spokes”. Each spoke has a distribution layer switch with three access layer switches connected to it. This is a routed access design with IP routing all the way to the edge (access layer). This means that we do not have VLANs trunked between the distribution and access layer. In “traditional” routed networks, a strong, well thought out IP address design is incredibly important for efficiency and scalability. I put “traditional” in quotes because software defined networks with overlay technologies are really changing the game when it comes to routing and IP address design. Throughout this series, we will be thinking in terms of a traditional network exclusively.

With IP address design in mind, I decided to set up each site with its own /16 IP network. Each access layer switch has three subnets of the respective /16s attached, that are participating in OSPF. The reason behind this is for summarization and routing table efficiency and scalability. This will be seen and explained throughout this series. In the next post, we will see this topology built out as a single OSPF area to see that improvements can be made to support efficiency and scale.

As a refresher for this series, here is a list of OSPF LSA types:

  • Type 1 – Router LSA
  • Type 2 – Network LSA
  • Type 3 – Summary LSA
  • Type 4 – Summary ASBR LSA
  • Type 5 – AS External LSA
  • Type 7 – NSSA External LSA

Ep 29 – Cable Guys

In this episode, Andy and Aaron discuss their experiences as cable guys and how they contributed to their current IT positions. You’ll hear about the varied skillsets they obtained as cable technicians and how being a cable guy can be a great introduction into the technical arena.

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

scapy or not, here I come!

                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.3
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | Craft me if you can.
       scccccp///pSP///p          p//Y   |                   -- IPv6 layer
      sY/////////y  caa           S//P   |
       cayCyayP//Ya              pY/Ya
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
                                       using IPython 7.11.0

I came across a pretty cool tool during the first part of section 3 of my SANS503 course: Scapy. Using this tool you can do many things, for example, read in packets, edit packets and create entirely new packets just to name a few.

The easiest way to get started it to just type out ‘scapy’ from your Linux cmd prompt and it’ll drop you into a what looks like an interactive python interpreter.

>>>   

From here, you can begin to craft your packet[s]. To do this, you’ll create your packet by specifying values layer by layer. For example, you’ll give arguments for your Ethernet layer, IP layer and application layer. I like to use the built in functions to see what’s possible within a specific layer and view the specific syntax i’ll need:

>>> ls(Ether)                                                                                                           
dst        : DestMACField                        = (None)
src        : SourceMACField                      = (None)
type       : XShortEnumField                     = (36864)

Not that we need to put values in this field as scapy is smart enough to use our own IP stack to fill in the layer two values, with that being said, if we are going to create a packet we still need Ethernet headers. For the sake of this post, lets put some values in there cause it’s fun! Here’s how we do that:

>>> e = Ether(src="11:22:33:44:55:66", dst="77:88:99:AA:BB:CC")

Since we used the ls(Ether) function we know the exact syntax to use when creating our ‘e’ variable, specifically ‘src’ and ‘dst’ in this case. We can simply type our new variable ‘e’ to see it’s contents:

>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>

Next up, let’s build our IP header, again, the easist way to get started and make sure you know the correct syntax is to use the call the ls(IP) function:

>>> ls(IP)                                                                                                              
version    : BitField (4 bits)                   = (4)
ihl        : BitField (4 bits)                   = (None)
tos        : XByteField                          = (0)
len        : ShortField                          = (None)
id         : ShortField                          = (1)
flags      : FlagsField (3 bits)                 = (<Flag 0 ()>)
frag       : BitField (13 bits)                  = (0)
ttl        : ByteField                           = (64)
proto      : ByteEnumField                       = (0)
chksum     : XShortField                         = (None)
src        : SourceIPField                       = (None)
dst        : DestIPField                         = (None)
options    : PacketListField                     = ([])
>>>     

Now we know the syntax for each part of the IP packet when we create our new variable. Let’s just specify the ‘src’ and ‘dst’ and leave every other value the scapy default.

>>> i = IP(src="10.0.0.1", dst="192.168.0.1")                                                                           
>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i                                                                                                                   
<IP  src=10.0.0.1 dst=192.168.0.1 |>
>>>       

Alright, now we can go up one layer and decide whether we want our packet to have a TCP or UDP header. Feeling inspired by a David Bombal tweet asking a question about traceroute, let’s go the UDP route. Checking out the Cisco documentation it looks like a traceroute is sent via UDP port 33434. If you’ve followed the post this far you should know the drill, let’s ls(UDP) to see what our options are and syntax to use when creating our variable for this header:

>>> ls(UDP)                                                                                                             
sport      : ShortEnumField                      = (53)
dport      : ShortEnumField                      = (53)
len        : ShortField                          = (None)
chksum     : XShortField                         = (None)
>>>    

A couple of things to note at this point. First off, scapy will compute a correct checksum when we end up creating our packet if we don’t specify a value. Secondly, isn’t this fun?! Let’s create a UDP header with the variable ‘u’ and specify simply the destination port in accordance with traceroute documentation and leave everything else the scapy default:

>>> u = UDP(dport=33434)                                                                                                
>>> u                                                                                                                   
<UDP  dport=33434 |>

Last but not least we need an ICMP header to complete our crafted traceroute packet. I’m just going to create the header with scapy defaults throughout.

>>> icmp = ICMP()                                                                                                       
>>> icmp                                                                                                                
<ICMP  |>

I just remembered, if we are going to be ‘crafting’ a traceroute packet we will want to specify the TTL of 1 to start off, we don’t want to keep the default TTL. In order to do this we have to know which header specifies this value. It’s questions like these that I think crafting random packets really shines. We are getting to hammer down on layering, what’s in each header and soon we will be putting all those layers together. Before I get too happy let me go in and change the TTL in the IP header:

>>> i.ttl=1                                                                                                             
>>> i                                                                                                                   
<IP  ttl=1 src=10.0.0.1 dst=192.168.0.1 |>

Before we put it all together let’s take a look at everything we’ve done to this point in the order we will soon specify when we create our packet.

>>> e                                                                                                                   
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i                                                                                                                   
<IP  ttl=1 src=10.0.0.1 dst=192.168.0.1 |>
>>> u                                                                                                                   
<UDP  dport=33434 |>
>>> icmp                                                                                                                
<ICMP  |>

Remember that the order is important because we can tell scapy to smash these together however we want, but if we do that, devices won’t understand our packet. To put all our headers together we will use the variable ‘packet’ and ‘/’ between each variable.

>>> packet=e/i/u/icmp                                                                                                    
>>> packet                                                                                                               
<Ether  dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 type=IPv4 |<IP  frag=0 ttl=1 proto=udp src=10.0.0.1 dst=192.168.0.1 |<UDP  dport=33434 |<ICMP  |>>>>                                         

One last thing, to close this post out, let’s export the viable ‘packet’ as a pcap file and then read in that file with tcpdump. If you need an intro on tcpdump I wrote a quick intro as my first attempt at a ‘technical’ type post a few weeks ago. We write our packet to a file using the wrpcap function:

>>> wrpcap("/tmp/trace.pcap", packet)                                                                                   
>>> exit()   
$ tcpdump -r /tmp/trace.pcap -xXve
reading from file /tmp/trace.pcap, link-type EN10MB (Ethernet)
19:21:03.223806 11:22:33:44:55:66 (oui Unknown) > 77:88:99:aa:bb:cc (oui Unknown), ethertype IPv4 (0x0800), length 50: (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto UDP (17), length 36)
    bigASSpoop.comcast.net.domain > 192.168.0.1.33434: [|domain]
	0x0000:  4500 0024 0001 0000 0111 ef1e 0a00 0001
	0x0010:  c0a8 0001 0035 829a 0010 b254 0800 f7ff  
	0x0020:  0000 0000                                                     

We can see our source and destination MAC addresses have been inserted and it looks like my source IP got changed but the destination IP with the correct source port of 33434 like we specified are there and we can also see that the ttl is 1 like we specified. Hope you enjoyed this little walk through and are excited enough to dig into some reference docs and see all the things you can do with this application. Till next time!

Ep 28 – Before we got into IT

In this episode Andy and A.J. discuss the jobs they had prior to getting into tech, and the decisions that ultimately led them to an IT Career path. You’ll hear the paths we almost took, why we ended up not taking them, and how Andy burned a car to the ground. Yeah you read that right.

Aaron has been busy but rest assured he will return soon, and Dan lost power just before we were scheduled to record. Life happens. Enjoy this episode from A.J. and Andy.

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

new snort rule, who dis?

The third section of my SANS503 course has a huge section, the second biggest of the entire course, dealing with some 110+ slides on snort. I’m not here to give you the history of snort, IDS/IPS placement within your enterprise or any of that, instead I just want to introduce you to the basic structure of a basic snort rule. The most important thing to takeaway from snort rules is that there is no concept of ‘or’ within a rule. It either matches and does the action or it doesn’t.

First things first, if you’re going to create your own custom rules you’ll specify the location of this file in your overall snort configuration file [snort.conf] which is by default ‘local.rules’. At this point you will have to decide upon which text editor you will use to create and edit your new rules. This can become a contentious conversation for some. For me:

vim local.rules

A rule consists of two main parts, a header and a body. The header is mandatory and the body is not. There are seven mandatory options in the snort rule header:

Action | Protocol | SourceIP | SourcePort | Direction | DestIP | DestPort
-------|----------|----------|------------|-----------|--------|----------
alert  | ip       | any      | any        | ->        | same as| any
pass   | tcp      | IP       | #          | <>        | Source | #
log    | udp      | IP/CIDR  |            |           | IP     |
drop   | icmp     | !IP      |            |           | options|
sdrop  |          | $Variable|            |           |        |
reject |          |          |            |           |        |

The above chart doesn’t outline every option within each category but it should give you a pretty good overview of what’s possible within each spot. Most importantly, I’ll explicitly state that you can define vars in your snort.conf file and use those vars in your snort rule instead of hard coding them in the rule itself.

Here is an example of a header, including calling a variable:

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS

Now let’s dig into the body a bit and go over some common options you may find in a rule body. The first thing we need to do is to start the body, and to do this we use a ‘(‘ after the header. Then notice how the keyword and argument are separated by ‘:’ , ended by a ‘;’ and the body is ultimately closed by ‘)’.

alert IP any any <> any any ( \
     keyword:argument; \
     keyword:argument_1,argument_2; )

Below is an example of some keywords and arguments in an actual rule:

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; \
     content:"SmellsBad", nocase; )

I’m pretty new at writing rules myself, but this is the format I like to use. After starting the body, I like to begin the body on a new line by using ‘\’ and having each keyword and it’s associated arguments having it’s own line. I find this much easier to see what’s going on if you have your rules written like this rather than all on one line. The ‘msg’ keyword will display in the log if this rule matches traffic so make sure you make it useful. Custom rules begin with a ‘sid’ of above 1 million and instead of making a new rule or ‘sid’ when you change something you can increment the ‘rev’ to keep track of the revision number. It’s also good practice to store your old rules, perhaps in a folder called rules.old so that you can rollback to a previous configuration of the rule if needed.

Content is probably the most common keyword to use within a snort rule. It will search for the content within the packets payload. The ‘nocase’ keyword simply tells snort that you don’t care about case and will match any case that matches your ‘content’ argument. You can further optimize the rule by telling snort where to look for the content by using the offset and depth keywords. Offset tells snort where to start looking, with offset 0 being the very beginning of the payload and depth tells snort how many bytes to look in.

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; offset:4; depth:20; \
     content:"SmellsBad", nocase; )

Beyond offset and depth, there are two relative pointers you can use. Distance will tell snort where to start looking for the content relative to where snort left off in your previous content argument. The within keyword is designed to be used with distance to instruct snort how many bytes to examine after it determines the starting point to search.

alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
     msg:"I LOVE SNORT"; \
     sid:1000001; rev:1; \
     content:"big_poop"; offset:4; depth:20; \
     content:"SmellsBad", nocase; distance:20; within:10)

Now I know there are a bunch more ways to further optimize or specify your rule but this is only an intro to snort rules in general, not a masters thesis. With that said one fun thing to do when adding on to your rule or creating your rule for the first time is to run it against some traffic. If you have a pcap, look at the details of a packet and try to create a rule that will match that traffic.

You can run snort on a pcap by using the ‘-r <filename>’ option and then point to your snort conf file with the ‘-c <filename>’ option. Furthermore you can specify a filename for your log using the ‘-l <filename>’ option:

snort -r http_extract.pcap -q -c etc-snort/snort.conf -A console \
     -l rule_test.log

One last tip, when creating your rule it’s a good idea to create it line by line. After you add a line, specifying your rule further, test it against the traffic it’s designed to alert and make sure it’s still working they way you want before moving on. This makes troubleshooting your rule easier than if you go all out creating a multiple line rule and then realizing your rule isn’t catching traffic.

If you have further tips, feel free to leave a comment to let me know. I’m just starting myself and understand this is the best time to start building good habits 🙂 Till next time!

Ep 27 – CCENT Emeritus

In this week’s episode, Andy and Aaron are absent, so it’s the Dan and A.J show! Dan and AJ talk about living in rural areas and the various challenges it can pose to the job market. They set the stage by talking about population sizes in their area and compare it to other areas, and then they discuss the related effects that can have on the job market. We also discuss the pros and cons of staying at one employer vs having multiple jobs.

For more info on the JNCIA-Junos exam checkout: https://www.juniper.net/us/en/training/certification/certification-tracks/ent-routing-switching-track/?tab=jnciajunos
ESOP – Employee Stock Ownership Plan
Switchback Brewing – https://www.switchbackvt.com/
Find a VMUG in your area! https://www.vmug.com/home

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Protecting stored Cisco IOS passwords

This article first appeared on Andrew’s blog – andrewroderos.com

As many network professionals know, Type 0 (cleartext) passwords are a big no-no. With that said, Cisco introduced Type 7 and 5 passwords in the early 90s to protect stored passwords.

However, after more than 25 years, the Type 7 password type no longer serves its original purpose of keeping the password secret. That said, it is best practice to avoid it as much as possible.

Nowadays, the majority of network professionals know and use Type 5 passwords. While Type 5 is still sufficient with a strong password, did you know that it seems Cisco has deprecated it in favor of the new hashing algorithms?

Find out more about the new hashing algorithm here. In this article, I also demonstrated how to launch a dictionary attack on the hashing algorithm.

Ep 26 – Goal Hacks

A.J., Dan, and Andy talk strategies for tracking progress on goals. As always, we get off the main topic but we cover a lot of great stuff in this episode, like how to properly use flashcards, using practice exams as a tool, and not waiting until just before your scheduled exam. We also celebrate breaking 30K downloads! All because of ya’ll!

Andy covers the Star-Spangled Banner – https://www.youtube.com/watch?v=azH9bXy2Ojg
A.J. sherpa lined hoodie from LL Bean
Andy’s heated sweatshirt – https://amzn.to/2XqQYjB
Make it stick – https://amzn.to/3seX98T
The AONE Merch store – https://artofneteng.com/store
Andy talks to the winner of his home lab – https://www.youtube.com/watch?v=G2OyMLmcaXs
Anki Flash Cards – https://apps.ankiweb.net/
Alternate iOS (Free) Anki App – https://apps.apple.com/us/app/ankiapp-flashcards/id689185915

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

PIONEERING BLOCKCHAIN TECHNOLOGY BY BECOMING A NETWORK ENGINEER

Bitcoin continues to be pioneering as the currency continues to hit all-time high every new season, particularly in 2020.. As at the time this article was written. It currently trades at $26,765. But one of Crypto’s interesting applications is not that individuals trade it to become richer. It’s about solving big challenges that make money for you. It’s about turning capitalist greed (the burden of making payment across countries) into unselfish open-source software.

Crypto doesn’t really have the best rep in the tech world, just about the same thing that happened when the internet started. But Crypto is just a slice of the cake. People often don’t talk about the technology in which Crypto is built upon, that is called “Blockchain.”

The term “Blockchain” always comes to my mind when I hear or read the word ” Cryptocurrency.” But the media frequently correlates “Cryptocurrency” with “illegal transactions.”

In this article, we will briefly examine how valuable the implementation of blockchain technology is being developed, as well as how this offers an enormous opportunity for individuals who study Network Engineering.

With Blockchain What Can You Achieve?

Beyond cryptocurrency, there are interesting things you can achieve with a blockchain:

  1. A Data Which Does Not Change: A company like Twitter is a privately owned social media company. This means that the data can be changed at any time by anyone who has access to the company’s admin database. Unlike a company like Twitter and other Web 2.0 companies, a blockchain is owned by no one, meaning that no single owner can serve as a single source of information for other users.
  2. Digital Scarcity: In a blockchain network, data may be owned by other users, but cannot be copied and distributed to other users. This gives value to an asset the user owns.
  3. Payments: Since cryptocurrency has been integrated into the blockchain, sending valuable assets in the form of tokens such as Bitcoin, Ethereum, etc. has been made possible and smooth.
  4. User Identification & Data Privacy: This one marvels me a lot because this is what Web 3.0 (Blockchain Web) is built upon. With user identification, a user is given a single blockchain address to sign into all web pages/web applications on the web. We will talk more about this on the next section. With data privacy, a user can control who has access to their information. For instance, if a user logs off a site, the site owners can no longer access their data directly. Unlike Web 2.0 in which the site owners have user credentials stored in their database.

Web 2.0 vs Web 3.0

With Web 2.0 a user has multiple means of identification on the internet. They can also have multiple identification to the same website. One user can have a G-mail, iCloud, or an outlook user identification.

Figure 1: A User with Multiple Identities

But with Web 3.0 which leverages blockchain, the case is different.

On Web 3.0, different blockchain have their network, their community participants and a software which acts as a wallet & form of identification for accessing this network. The most popular blockchain network at the moment is the Ethereum network and it is powered by a popular software called Metamask. This means that on an Ethereum network, they are several websites inside the network. And to log into each of these websites, users only need a single Ethereum blockchain address.

Figure 2: A User with A Single Identity Accessing Multiple Platforms
Figure 3: A User (Me) Accessing a Platform on Web 3.0 With a Blockchain Address

Payments on eCommerce websites are also made with the cryptocurrency of the blockchain network.

Figure 4: A User (Me) Trying to Purchase an Artwork from an E-commerce Website on Web 3.0 Using My Blockchain Address

Users can even build their network, with its own cryptocurrency. That is why you see new cryptocurrencies every day.

Okay, if you are non-IT reader who just wants to know what the future web you might be using soon will look like, you can stop here. One interesting value I feel blockchain is bringing in the telecommunication industry is a proof of location protocol.

FOAM Proof of Location Protocol

Okay, when I say FOAM, I don’t mean the comfy soft material used in making beds. FOAM is a startup who is providing value for people who think that they deserve to have control over who get access to their locations at all time.

For satellites to get the location of a device who has a GPS installed, the GPS sends a signal to the satellite 🛰️, then the satellite calculates the difference in time of arrival, and distance of this signal.

Figure 5: A Satellite Determining the Location of a Device

The FOAM protocol also applies this approach of using four objects (called Zone Anchors) with specialized IoT hardware so they can synchronize themselves over the radio signal they are receiving from the device which came into the area.

Figure 6: Zone Anchors Determining the Location of a Device
Figure 7: Specialized FOAM Zone Anchors Being Installed in Brooklyn, New York

In case you are wondering, why does the satellite or the Zone Anchors have to be four to locate an image?

As each data from one satellite places you in a bubble around the satellite, you need four satellites. You can narrow the possibilities to one single point by evaluating the intersections.

Figure 8: How a Satellite locate an Object

Drawbacks with Depending on GPS

  1. It has a single point of failure, which are satellites. The New York stock exchanges use GPS to automate trades, ATM and card transactions require location data, all transportation machines use GPS, etc. So, having redundancy is extremely important.
  2. It’s susceptible to signal jamming
  3. A GPS received can be deceived with a wrong GPS signal

How Does FOAM Blockchain Provide Opportunity for Network Engineers

This location-based protocol implementation using blockchain proves that a time where all things will be connected securely with 5G is bright and approaching rapidly. And it provides countless opportunities for people who will study network engineering because these engineers will be the one configuring and maintaining these devices.

The first step to starting this journey, is by taking the Cisco Certified Network Associate (CCNA) exam. This is because this certification has a low barrier to entry, it provides a positive force in the society (IoT, Blockchain, etc.), and lastly it has a global impact.

Another reason is that this implementation proves that blockchain technology is promising, and blockchain uses distributed system technology which will sky rocket with 5G, meaning that a lot of automation will be achieved. Network engineers have begun taking on automation, by studying the Cisco Development Network Associate (DEVASC) you have the opportunity to be skilled enough to take on this new opportunity.

Additional Reading & Resources

Apply & Win a complete CCNA kit from The Art of Network Engineering Team

Ep 25 – 2021 Goals

In this episode, the guys discuss goal setting and their goals for 2021. Join them and let us know what you’re committing to in 2021. Hit us up on Twitter @artofneteng or use the hashtag #aone.

This episode is available in video format on our YouTube Channel! Check it out: https://youtu.be/trxfYItKYNA

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

tcpdump filters, an intro

When learning, I often try to do as my teacher. For example, when I went through Kirk Byers free network automation course he used Vim exclusively which meant I got to get pretty comfortable with it myself. Now that I’m on to day 2 materials of my SANS SEC503 course I find myself getting deep into tcpdump. In day 1 a lot of things could either be done with Wireshark or tcpdump but in day 2 there is a bigger emphasis in getting the most out of tcpdump. The instructor seems to really fancy utilizing tcpdump filters over looking things over in Wireshark so I might as well buckle down and do as my instructor once more! Furthermore, as I’ve experienced in person and discussed in this class, attempting to open a very large pcap in Wireshark is most likely not to go well. Instead, we should be able to narrow our search and extract a smaller subset of data in tcpdump before we open it up in Wireshark. What better way to grasp the material than attempt to explain it! Strap in!

To get to where we need to I will need to introduce a few things before we get our hands dirty using filters in tcpdump. To start, let’s explore one of the most famous interview questions, at least at the junior positions in tech, the tcp 3-way handshake. Below is Figure 7 from RFC 793, Transmission Control Protocol.

      TCP A                                                TCP B

  1.  CLOSED                                               LISTEN

  2.  SYN-SENT    --> <SEQ=100><CTL=SYN>               --> SYN-RECEIVED

  3.  ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK>  <-- SYN-RECEIVED

  4.  ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK>       --> ESTABLISHED

  5.  ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK><DATA> --> ESTABLISHED

          Basic 3-Way Handshake for Connection Synchronization

We can see 2 flags being sent along with sequence and acknowledgement numbers to establish the connection, namely, SYN and ACK.

SYN – Session init request by client
SYN/ACK – Server response to SYN, reflecting a listening port
ACK – Acknowledge data, flag should be set on every packet afer the init SYN

Now let us look at the TCP Header to examine where these flags exist, also taken from RFC 793.

TCP Header Format


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             data                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            TCP Header Format

To understand what we are looking at in the header we must first understand how it is broken down. Each number across the top numbering 1 – 8 represents 1 bit. 4 bits = 1 nibble and 2 nibbles = 1 byte. For example, the first field titled ‘source port’ is 2 bytes/4 nibbles/16 bits long.

The next thing we need to understand before we dive into tcpdump is offset numbers. When looking at the tcp header diagram above, starting in the top left corner, every byte will be one offset starting with 0. Thus, if we look at ‘source port’ it’s contents take up both offset 0 and 1. Offset 0 would by the high order byte and offset 1 would be the low order byte for the ‘source port’ part of the TCP header.

Explaining high order vs low order could be a post of it’s own i suppose, but for our purposes here i’ll try to summarize it into two sentences. If a number is on the left it is usually of more importance in that it effects the overall number more than a number on the right. If you change a number in the tens place [left] you cause more overall change than if you change a number in the ones place [right].

To get back to the TCP handshake, we can see all the flags are located in offset 13. Again simply count each byte starting at 0 from the top left to find out your offset number.

TCP Header Byte Offset 13 [1 byte/2 nibbles]

CWR | ECE | URG | ACK | PSH | RST | SYN | FIN

Besides SYN and ACK we find the following additional flags:

PUSH – Send data
URG – Signal for out-of-band data
FIN – Graceful termination
RST – Immediate termination
ECE, CWR – Explicit congestion notification related

Alright, now that we have a bit of background taken care of let us get to our first problem to solve. Use tcpdump commands to find TCP establishment attempts from clients to servers. From this filter we will be able to derive things such as what server ports did the clients attempt to establish a connection with.

First part of the question, find TCP establishment attempts, this would require the SYN bit be set to be turned on. In the following i’ll show you what this will look like in offset 13. First in binary and then converting to hex which we will need for our tcpdump filter.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  0  |  0  |  0  |  1  |  0
          0           |           2
                    0x02

Thus, our first tcpdump command and filter will be a variation of:

tcpdump -r <file.pcap> -nt 'tcp[13] = 0x02'

The ’13’ is the offset within the tcp header we are matching and ‘= 0x02’ means that we are only matching to the SYN packet being set which I think is easy to visualize when looking at the binary conversion we did above. The tcpdump option of ‘-r’ is simply reading the file that follows meanwhile ‘-n’ suppresses hostname lookups and the -t option hides the timestamps in the output.

Sample output from a single matched packet:

IP 192.168.10.59.55796 > 192.168.10.7.25: Flags [S], seq 2766660809, win 29200, options [mss 1460,sackOK,TS val 86960251 ecr 0,nop,wscale 7], length 0

In this request, we can see that the client attempts to connect via port 25

Let’s say we to run through the entire pcap file, pull out the port numbers and only display the unique ones we could run the following:

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x02' | cut -f 4 -d ' ' | cut -f 5 -d '.' | cut -f 1 -d : | sort -n | uniq -c
reading from file <filename.pcap>, link-type EN10MB (Ethernet)
      32  25
      32  53
      384 80
      15  445
      2   999
      1   4444

The cut tool is a fast way to parse text in linux. The -f option specifies which fields you want to capture while the -d option specifies what separates the fields. I created the above command by cutting up the first 20 packets till I got what I was looking for and then ran my filter on the entire file. To limit the amount of packets in the file you can use either the -c [number] option on tcpdump or | head.

To solidify our understanding let’s try to see the servers response or in other words, the classic SYN ACK.

To visualize what we need to do in our tcpdump filter let’s break it down to what that would look like in offset 13:

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  1  |  0  |  0  |  1  |  0
          1                       2
                     0x12

Above, we’ve turned on the ACK and SYN bits in accordance with the tcp header diagram. Translating both nibbles into hex we end up with 0x12 and thus our filter would look like ‘tcp[13] = 0x12’

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x12'
reading from file <filename.pcap>
IP 192.168.10.7.25 > 192.168.10.59.59756: Flags [S.], seq 2725832514, ack 2766660810, win 28960, options [mss 1460,sackOK,TS val 85610818 ecr 86920651,nop,wscale 7], length 0

In tcpdump a SYN ACK will be displayed as ‘[S.]’ in the flags section. If you wanted to cut out the specific ports you can use the -c of tcpdump of the first 10 entries until you get your cut filter displaying what you want like we did in the first example but I won’t demonstrate that again here.

Did you know we can use a mask with our search filter in tcpdump?!  Amazing right! This is what actually prompted me to write a blog about tcpdump filters in the first place. As you can see it took a bit of work to make it to this point but here is where things get fun.

Let’s say you wanted to create a filter that will display all packets that has either a FIN or RST flag set.  In other words, we want to look at all the termination packets.

To do this, we want to have a mask that will ignore all of the bits except for what we care about, namely, RST and FIN. In the following I’m going to write out the same visualization I did when we came up with the mask above except I’m going to put an ‘x’ instead of a ‘1’ on our important bits.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  0  |  0  |  x  |  0  |  x
          0                       5
                     0x05

Since we are still in the 13th offset of the tcp header that remains the same. We attach our mask with the ‘&’ operator.

tcpdump -r <filename.pcap> -nt 'tcp[13] & 0x05 != 0'
reading from file <filename.pcap>
IP 192.168.10.61.57956 > 192.168.10.7.25: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 86920662 ecr 85610828], length 0

‘!=’ simply means not equal to. In this specific case we are saying if either of the bits we care about are turned on or both of them are turned on, we want to see them. In the tcpdumps flag section a termination will show either [F.] or [R.]

For our final act let’s write a filter to match on TCP connecting on port 25 with both PUSH and ACK flags set and any other flags maybe set. You can tell hopefully just by reading this that we will need to use a mask since we see a ‘maybe’ in our problem statement.

 8     4     2     1     8     4     2     1
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
 0  |  0  |  0  |  x  |  x  |  0  |  0  |  0
          1                       8
                     0x18

Since we want both flags to be set, not either, we won’t use ‘!= 0’ instead we will make it ‘= 0x18’

tcpdump -r <filename.pcap> -tn 'tcp dst port 25 and tcp[13] & 0x18 = 0x18'
reading from file <filename.pcap>
IP 192.168.10.61.59756 > 192.168.10.7.25: Flags [P.], seq 15:108, ack 118, win 229, options [nop,nop,TS val 86920654 ecr 85610820], length 93: SMTP: MAIL FROM:<andre@bigpoop.net> SIZE=424

‘tcp dst port 25’ is a macro, meaning it can be run it as is instead of writing out which specifc bit in a offset needs to be on or off to work, someone wrote out a macro to make it easier. One other thing to notice in the filter above is that we used ‘and’ to connect the macro with our other search parameter and mask. So you can connect two search parameters with ‘and’ and you connect your search parameter with your mask with ‘&’

Let’s say you didn’t know the macro existed, you could look at the TCP header and see which offset the destination port is. Go ahead, go and count from the top left, each byte and see if you can get the correct offset numbers. Did you get it? Destination port numbers are set in offsets 2 and 3 and to get up to 25 like the original question asked above we only need the low order byte, offset 3.

So instead of writing ‘tcp[13]’ like in all of our previous examples remember that we are in offsets 2 and 3 here. The following is the logical equivilant to ‘tcp dst port 25 and tcp[13] & 0x18 = 0x18’ The purpose of this section is just to specify what is happening under the hood so to speak when you write out ‘tcp dst port 25’

'tcp[2] = 0x00 and tcp[3] = 0x19 and tcp[13] & 0x18 = 0x18'

Also, as is the case in many different aspects of IT, there is more than one way to accomplish the same task. In this case, instead of using ‘tcp[3] = 0x19 and tcp[2] = 0x00’ we can shorten this up as ‘tcp[2:2] = 0x0019’ which means we are starting at the 2nd offset and matching the next 2 offsets.

It’s been pretty fun learning about packet headers, hex and binary conversion, creating filters to include masks as a tcpdump filter option. The best part about learning about packet headers is that you can do so pretty easily. Tcpdump and Wireshark can be installed simply and support is everywhere. You can start capturing your home lab within a few minutes! Also, networking instructors like Nick Russo have made pcaps highlighting certain types of traffic publicly available. I’m planning on updating my progress as it relates to filters as I dive deeper into SEC503. I hope you’ll join me 🙂

Ep 24 – From the Cab to TAC

In this week’s episode we talk to Mansoor. Mansoor works as Cisco TAC HTTS – (High Touch Technical Support) Technical Consulting Engineer dedicated to Google and AT&T. Mansoor started out working in NYC as a Cab driver and eventually found his way into IT.

Todd Lammle CCNA Book – https://amzn.to/38rksmF

Mansoor’s LinkedIn – https://www.linkedin.com/in/mansoor-alam-90b54545/

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Network Adjustments – Reflecting back on 2020

We are about to wrap up a year where the word “unprecedented” has been heard and read by each one of us dozens of times. You’ll hear it once more from me. Many of the plans we made last year were derailed. Families and jobs have been affected. The world has been in turmoil. Even though so much has happened, we have adjusted. We’ve found ways to continue moving forward and that is where we have found our strength, in the adjustment. As people working in IT, we know more than anyone that things can change at the last second. Even when projects seem to be going right on track, a last-minute call can take the team in a different direction. I just wanted to write about two ways IT has adjusted during this unprecedented year. There is value in being able to measure, adjust, and make the change.

BasementVue

Over the years I’ve taken certification tests and they have all been in a quiet controlled environment. I expect to show up, jam my personal belongings into a small locker, and do my best not to make eye contact as I walk to my isolated test center PC. If you’ve taken a certification test, that has most likely been your experience. However, if you have recently taken a test it has probably been in a makeshift test center you created at home. This year I took my Palo Alto Certified Network Security Engineer (PCNSE) exam at home. I could hear the water coming down the pipes above me as the kids took their shower. It was…different. I taped a paper on the basement door that said “Do Not Open – Taking Test!!!” As instructed by the test engine instructions I took pictures of my entire area, submitted them, and waited for the test to begin. I am not sure how many minutes went by, but it felt like the test would never start. I am not sure if that was just me, but I tried not to click on anything just in case. The entire time my mind kept racing “What do I do if my internet starts having issues?” “What if the kids think dad is playing hide-and-seek?” It did not happen though. No fiber cuts and my wife kept the children entertained upstairs. I passed the test. It was different than driving in to the nearby college test center, but it was comfortable. I’d do it again even as things continue to normalize. Or until the fiber cut happens. As you continue to study for your certs, know that taking a test at home is a perfect way to add a win. Depending on your situation, you might not be able to sit at home and take a test.

Short Commute

As the pandemic continued to impact the world, businesses sent their workforce home. Schools were forced to jump into the world of distance learning. Church services were now video-only. For many, it was like an unexpected bucket of cold water being dumped on them. Everyone was scrambling to figure out how to keep things going remotely. IT teams all over the world were at the center of that change. I found myself looking at redundancy and security. While we were not fully remote prior to the pandemic, the framework was already there and being used. Once our offices were told to stay remote, we began to make sure our services were redundant between data centers. A single failure could disconnect our users. We had to ensure the services people used on-prem were available to all. It led to many meetings, change requests, and work. In the end it made the business stronger. These are the opportunities where IT needs to take to come up with solutions that the business can latch on to. How can you help the business adjust? 2020 has opened the eyes of many business globally. Remote work was something that many businesses did not subscribe to or did not know how. Today we are finding out that we can run at the same pace if not faster remotely. As a network engineer, unless I need to physically touch something, I can do my work from anywhere in the world. Being remote has not only extended our network’s reach, it has also placed our focus on security. With people not centralized in offices behind firewalls and other protections, teams have had to figure out how to secure those users while they are at home. A user sitting at home might be a bit more comfortable and let their guard down. Security training, endpoint protection, multi-factor authentication and DNS security existed, but now they really needed to be paid attention to.  Things might eventually go back to normal or they might not. No matter what your business decides to do, be prepared to adjust and provide those needed solutions.

Your guess is as good as mine for what next year will bring. 2020 has been one for the books. One that none of us will easily forget. However, no matter what happens next year always be prepared to adjust. Things can change in minutes and how you react matters. There is value in adjustment.

Ep 23 – of IT

In part two Keith shares insights on how he studies! He recommends reinvesting 2-3% of your income back into yourself, used for video training, lab equipment, and other study materials to help you grow. He goes on to discuss how he stays motived and the rest of the group jumps in. Keith also makes the crew commit to a personal challenge!

Keith’s book recommendation, Atomic Habits: https://amzn.to/3oVYz5s

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!
https://www.amazon.com/shop/keithbarker

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Starting Over

Standing at the bottom of the mountain looking up is where I find myself yet again.

I joined the Air National Guard full-time in the summer of 2018, 36 years old and beginning what is my 4th, 5th or 6th career or life stage so to speak. Getting back into IT wasn’t something I planned on, instead, I found myself at a pretty ‘OK’ job with benefits going into my mid 30s but not really gaining any transferable skills if I were to lose said job.

Starting as a 3d1x1, or in regular type talk, I was a generalist help-desk person. If you can’t get your email to load, send or save you called my office. If a certain website isn’t loading to your liking, you call my office. If you can’t access a certain file, you contact my office. Basically, if anything doesn’t work to what you’d expect my office would be the first to hear about it. This was my introduction back into IT, and to be quite honest, it was a nice way to be eased back in. I got to see and diagnose a wide variety of issues and learned who did what beyond my scope of responsibilities.

Before long, I started studying networking during my off time. It all started by attending a Cisco CCNA Security Cohort training. This training also came with an ICND1 and CCNA Security exam voucher. I was once CCNA certified way back in 2002 so a lot of old neurons began reconnecting and I was able to make gains rather quickly. In 2019, I cleared CCNA Security, Cloud and Routing & Switching. I moved to Junos and cleared JNCIA Junos, DevOps, Design and Cloud. I did a bunch of other training but nothing that lead to clearing any more certifications yet most importantly, my confidence was starting to grow.

A job opportunity opened up in my organizations infrastructure shop as a 3d1x2 in late 2019 and after a short interview process I was added to the team. Due to being short staffed I worked in both my previous position and my new position for months before being allowed to fully relocate. I got to do a whole bunch of new things, such as, racking and stacking equipment, running cables and on-box troubleshooting/configuration. This was a very fun and welcomed change of pace and yet another opportunity presented itself, a position on my organizations Mission Defense Team. I started on this team, albeit remotely for the most part, about 10 weeks ago.

It is here where I find myself in what feels like the bottom of the mountain again. The Mission Defense Team is a new type of position/shop being developed within the Air Force providing everything a ‘Security Operations Center’ would do. I’m to stand up this shop with five other individuals, of which, most have never been security analysts up to this point. So the task is a large one. We have our equipment but have a lot to learn to truly harness our equipments capabilities.

Where to Start?

There is soooooooo much more to learn to feel like i’m even at the ground level of where I need to be. I read one post that laid out a four year learning plan. Since starting, another thought that continually enters my head is: How does someone jump straight into security. I know security is a ‘hot job’ and what not so a lot of people are going after that money but I can’t for the life of me understand how some ‘starts’ with security. There is so much ground work to be done. In short, it seems like to be proficient, you have to be pretty good at all the things.

Since I’ve been somewhat tied to learning a lot of Cisco due to being on their e-learning platform, I went through their CyberOps Associate training. I found this training to be a great introduction to a Security Operations Center and thought the labs shined as they were the best part and key to learning the basic principles presented.

I’ve also dived into two books:

Network Intrusion Detection, Third Edition by Stephen Northcutt and Judy Novak

– I’ve made it through the first 2 chapters and I really love this book. A lot of the first two chapters was review but the way it was presented with just the slight bits of humer was delightful.

Applied Incident Response by Steve Anson

– I made it to chapter 6 of this book and it was at this point I switched to reading the book just previously discussed. The fact that I switched books doesn’t mean this book is ‘bad’ and I will come back to tackle this one! This book is a bit more advanced and you can really just take your time going through a good three paragraphs as you go on and read all the linked to references.

Where to Go?

pexels-wilson-vitorino-3260090

This is quite possibly the most important question. I’m always tinkering with my ‘study plan’ and how I should go about sharpening my toolset. My work is going to put me through a SANS course, specifically SEC503 which should take up most of my time.

Besides that, I’ve started trying to follow and locate different ‘InfoSec’ people on the InterWebs. Most notably, I’ve started watching a few YouTube video’s on the Cyber Mentor’s page.

What I’d really like to know, and the purpose of this post, is to ask you, the reader, what do you think I NEED to study/do as a person just getting into this security domain? If you have any suggestions, feel free to hit me up on the twitter and let me know. I plan to keep posting along this journey and let you know what mile posts are in the rearview. Till next time!

Exciting Announcement!!!

We are super excited to announce that we’ve been named a finalist in the 2020 Cisco IT Blog Awards, for the category Best Podcast or Video Series!

So what happens now? We need your help to vote for your favorite video series or podcast! To vote go here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180 and vote for your favorites! If you love what we’re doing we would really appreciate your vote!

Winners will be announced in early 2021!

We are so honored for this nomination! In our inaugural year to recieve this kind of recognition is truly amazing! We’ve only been doing this for 6 months! In that 6 months we’ve interviewed some truly amazing people in our industry, we’ve achieved more 26,000 downloads of our podcast, and obtained a listenership of 1000+ clearly devoted subscribers of our podcast. Thank you so much for following, listening, and showing your love for us on social media. All the comments and emails keep us motivated to create new episodes and keep the content coming!

In other categories you’ll find some people you recognize. For the category of Best Cert Journey you’ll find our very own creator/co-host A.J. Murray’s blog, NoBlinkyBlinky! Along side him in that category is recent AONE guest, YouTuber, and CBT Nuggets Trainer – Knox Hutchinson!

In the category of Most Inspirational you’ll find AONE guest author, blogger, Faces of the Journey member David Alicea!

Also featured in the category of Best New Comer – IAATJ Discord staffer, DevNet celebrity, and everybody’s favorite Butcher turned Network Engineer – Chris Dedman-Rollet!

So, as you can see the competition is fierce, and there’s a lot of faces we recognize on this ballot. Please do your part and vote for your favorites today!

Ep 22 – The OG

In this episode, we talk to The OG himself, Keith Barker! Keith, very openly, shares his journey into tech, and then into teaching. Keith also shares his experience obtaining not one, but two CCIEs – and this was all in just part one of this exciting two-part series!

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!
https://www.amazon.com/shop/keithbarker

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Ep 21 – He Automates a LAN Down Unda

This week we talk with Daniel Teycheney, all the way from Australia! Daniel talks about life as a Network Engineer in Australia, the similarities and differences. Daniel is a Network Automation Engineer for a global company. He shares his journey with us, and offers some advice on getting started with your Network Automation journey!

You can find more of Daniel:
Twitter – @DanielTeycheney
Blog – https://blog.danielteycheney.com/
GitHub – https://github.com/writememe/
LinkedIn – https://www.linkedin.com/in/danielfjteycheney/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Faces of the Journey – Carl Zellers

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Carl F. Zellers IV (NO_DTP) was featured on Episode 18 of the Art of Network Engineering podcast. If you follow Carl on Twitter, or interact with him in the It’s All About the Journey Discord community, you would probably think that he has been a network engineer since before he learned to walk. However, IT/network engineering was not Carl’s first career path. After high school, he pursued general education and vocational studies at a local community college. Carl started to feel like a career student, and ended up finishing with an associate’s degree in construction management. He also completed several certificate programs in the same general field of study. While in school, Carl was working for FedEx Express, experiencing corporate structure and many other real-world realities. He felt comfortable with the long term promise he had with the company, but ultimately felt the need for a bachelor’s degree to round it all out. While Carl didn’t feel the bachelor’s degree was necessarily required, it was part of his personal plan. Then, in 2011, a good friend was finishing up a computer science degree and got Carl interested in IT. So naturally, he headed back to school to investigate the opportunities. Three years later, with his AS degree in hand, he found himself leaving a significant opportunity on the table at FedEx to take an entry level managed security services role. This was a very scary move for multiple reasons, but he knew it was the right move, and has never looked back. Then, in 2017, Carl finished up his BS degree. Through his first six years in IT, he has rarely (if ever) said “no” to an opportunity or shied away from something that he knew he could learn from. Carl is now a Senior Solutions Engineer and really enjoys his work and pace of life and study. He gets to be involved in new and emerging technologies as well as work on a wide portfolio of products and platforms. He is a self-proclaimed “lifelong learner” and embraces that as a self-fulfilling (and never-ending) goal.

Follow Carl:

Twitter

LinkedIn

Alright Carl, We’ve Got Some Questions

What did you want to be when you “grew up”?
Age 9 – A pirate.
Age 16 – Totally unsure.
Age 18 – Still not sure, but I was aware of how I would approach my future, and that was simply “hard work”. That was the plan no matter the application.
Age 23 – Career FedEx employee.
Age 26 – In “IT”. I was beginning my journey into IT and didn’t know the job landscape > titles, roles, responsibilities, specializations, etc.

What advice do you have for aspiring IT professionals? Don’t neglect the soft skills. You’re a human being and as such be fluid, flexible, and know how to effectively deliver information to a diverse set of people. You can add so much value to your junior team members, colleagues, seniors, managers and beyond simply by building your ‘best self’. Timely/effective communications, willingness to accept/admit faults, and common courtesies are all a massive part of who you aim to become personally and professionally.

How did you figure out that information technology was the best career path for you? I spent a good deal of time, effort and energy applying my strengths to various disciplines. I’ve always been very good with ‘how things work’. I decided that once I thought IT would be a good fit for me, I enrolled in some courses at my local community college and happened to fall into a networking centric program. In taking these classes, I realized very early on that I really liked networking and was the perfect “work smarter, not harder” type scenario.

What is your strongest “on the job” skill? Critical thinking. Although not specific to IT, it’s my opinion that critical thinking is of the utmost importance, especially in IT. It might translate to the most efficient way to go about a process, or a calculated approach to troubleshooting. The ability to think critically in a myriad of situations is generally what I would attribute most of my successes to both personally and professionally. A great tool/methodology that ultimately, I use as a loose framework for how I approach a situation or absorb advise, just to name a few examples.

What motivates you on a daily basis? I got into IT “late” (at 29 years old). The reason for that is prior to getting into IT, I still wasn’t 100% sure what I wanted to do career wise. Because I was essentially starting my career over at a “later” age, I always felt I needed to keep a pretty aggressive pace in my development. Looking back, I’m glad I did, however that feeling of wanting to continue to learn and experience new challenges has never left me. I value and embrace all that I have learned so far and humbly accept the vast expanse of what is yet to come. I really love learning and contributing which keeps me on a steady trajectory of growth, and in doing inevitably exposes new opportunities!

Bert’s Brief

Carl has quickly become an absolute legend in the network engineering community. His drive for continuous learning and development is truly inspiring. Very often, when scrolling through the Twitter feed, I see Carl answering quiz questions from people around networking topics. As stated in the bio above, he doesn’t shy away from challenges and has a skill for either knowing or being able to figure out how things work, which are incredible qualities for a network engineer to possess. Not only is Carl dedicated to his career and constant education, he is also dedicated to the community. He is often providing insight and assistance in the It’s All About the Journey Discord channels. I remember shortly after I joined the community on Discord, one of the members had questions around a scenario they were facing. Carl got involved by asking questions and providing suggestions and advice immediately. In fact, the conversation went back and forth, on and off, for the better part of a day and Carl stayed engaged with it. I thought that was so cool to see and is a prototypical example of “community”, and the value that Carl provides. His episode on the AONE podcast is one of my favorites to date. Before listening to that episode, in my head, Carl was this network engineering machine that just never turned “it” off and was always in a book or a lab environment outside of work. That’s really not him, though. Yes he is dedicated, yes he works hard, but is also a proponent of the fact that we are all human and need to find the best habits that work for us. We don’t have to be “go, go, go” all of the time to be successful. I really needed to hear that episode. Anyway, if you haven’t already, get to know Carl F. Zellers IV. You will not regret it.

Ep 20 – Top 10 Questions

In this episode the guys answer the top 10 questions about getting started in networking. What study materials should I use? Physical vs. virtual lab? What are some good study habits? And, so much more!

This episode runs a little longer than usual, we had a lot to say.

Sign up for Cisco’s Packet Tracer at https://www.netacad.com/
Visit CiscoPress.com for all your Official Cert Guide needs! https://www.ciscopress.com/
Read more on the Pomodoro Technique here: https://en.wikipedia.org/wiki/Pomodoro_Technique
CCAr – Cisco Certified Architect – Higher than the CCIE. https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/architect/ccar.html
Anki Flashcards – Free flashcard app. https://apps.ankiweb.net/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

The Art of Automation – Getting Started

I imagine if you’re here you just got done with a hellacious week of updating 100’s of switches, 1000’s of config directives, or your fingers are bleeding from hammering away all week. However, you may just very well be more proactive than I was. Automation for me was born out of necessity. Without automation, I think I would have burned out. It’s simple, automation makes my job easier, more rewarding, and manageable. If you’ve decided automation is something you want to learn then this article is for you. I wish this article was the first one I read when I started my journey into DevOps, and subsequently NetDevOps.

First Steps

The first thing I would be deciding on is what is the problem to solve? Next, you need to decide on, what outcome you’d like. For me, it was helping to manage a VMware environment and the array of VM’s within it. It could be as simple as you want to set up a web server in your home lab and that’s alright. Once you start understanding the concepts of automation you’ll see 100’s opportunities to use it.

Now it’s time for you to sink your teeth into the tech, my favorite part. The first three things I would focus on is YAML( YAML Ain’t Markup Language ), Jinja, and Ansible. The first two are large components of Ansible. Therefore will be needed in almost any Ansible Project. YAML is what you’ll use to tell Ansible what to do. However, don’t fear this does not require any software development experience. Here is a brief example of YAML in an ansible-playbook.

- name: Install the latest version of Apache
  yum:
    name: httpd
    state: latest

As you can figure out from the name, this will install the latest version of Apache. It really is that simple, you’re now automating.

Now continuing the example of installing Apache, the next step is configuration. Similarly, we have another tool that can help, Jinja2. With Jinja2 we have a powerful templating engine. In addition here is an example of Jinja for configuring the Apache configuration.

NameVirtualHost *:80
{% for vhost in apache_vhost %}
<VirtualHost *:80>
ServerName {{ vhost.servername }}
DocumentRoot {{ vhost.documentroot }}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
{% endfor %}

Contained within the double curly brackets {{ }} is the name of a variable. Ansible passes these variables to the Jinja engine and then spits out our completed configuration file for us. As you can see this is not software development and something you can learn.

To help you grasp these concepts I recommend you setup a small lab. I found having an ansible host and 2 nodes under its control was useful. You can create these on Centos 7 hosts using your preferred virtualization platform. In my case, I set up a load balancer with 2 web servers behind it using Ansible only.

Running with it

Once you’re comfortable with the basics you could start implementing this at work. If you’re a network engineer you can start with small things such as updating NTP, DNS, even changing a VLAN on a switchport. Eventually, you can move up to more advanced configurations, generating BGP and OSPF configuration with Jinga and using Netbox as your source of truth for configuration data.

A hurdle you may face when bringing these new found skills to work is buy-in from co-workers/managers. Take these situations in stride. I recommend showing them the small things you’ve automated. In addition, show them the time it’s saved. Explain to them how you learned to do it, and why you think they should.

After tackling some of the simpler things in your network it’s time to move on to some more advanced projects. A task I was highly motivated to automate was the provisioning of resources, in my case VMs, and assigning network resources to it ( vlans, addresses, hostname). This required a bit more than Ansible, enter Terraform. However that is beyond the scope of this article, I did create a Git repo showing a simple version of this you can check out. You may also find you like the concepts of NetDevOps so much that you’ll want to implement IaC ( infrastructure as code) to manage your entire network. This offers many benefits beyond simply automation. It allows you to implement development and QA environments for testing changes.

Final Thoughts

I’d like to leave you with some of the final tips, tools, and general advice I’ve gained. Here is a very non-comprehensive list of tools and resources I’ve found that I use quite often if not daily.

  • Validyaml – A CLI tool for validating your YAML files
  • Jinja2-CLI – A CLI tool for validating your Jinja templates and checking the outcome is as expected.
  • Ansible Template Tester – Similar to Jinja2-CLI, just in the browser, sometimes easier to see formatting errors on output.
  • Ansible Docs – Self-explanatory, but this tab is almost always open in my browser.

One of the most important tips I can provide is to find a good community to ask questions. Getting feedback from how others are doing things is important especially with tools such as Ansible. It is a community-driven project that means there are some really smart people willing to help. Most importantly is enjoy the journey, it takes time, it will be frustrating, but you’ll get there. Enjoy the benefits when you do!

Ep 19 – She’s got jobs!

In this episode we speak to our resident technical recruiter, Brittany! Brittany is a Lead Technology Recruiter at Oscar Technology. She focuses mostly on the network industry and primarily helps to fill network engineering related positions. Brittany talks about her process and makes some fantastic recommendations for people seeking new roles as a network engineer.

ITGuyBlake’s Redit post on passing the CCNA: https://www.reddit.com/r/ccna/comments/j7njmw/i_passed_ccna_9241000_first_time_its_doable/?utm_medium=android_app&utm_source=share

You can find Brittany:
LinkedIn: https://www.linkedin.com/in/brittany-mussett-6836a2146/
Twitter: @NetEngRecruiter https://twitter.com/NetEngRecruiter
Current openings Brittany has: https://www.oscar-tech.com/consultants/brittany-Mussett
You can also find Brittany in our Discord Server, It’s All About the Journey!

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

10 Pieces of Advice for Network Engineers

This article first appeared on Tim’s blog, carpe-dmvpn.com

Recently I saw a post where different network engineers I really respect gave advice for new network engineers and it got me thinking. What would my own rules be, if I were trying to hand down some wisdom (as if I were wise) to someone starting in the field?

Credibility is the most important thing you possess.

  • More important than knowledge, connections, recognition and fame. Knowledge, connections, recognition and fame can be gained, lost, and regained. Credibility is a one-use item. Once lost, it is gone forever.

Own every mistake, no matter how stupid, no matter how large.

  • Even if it means getting fired. The truth always comes out, somewhere things are logged, evidence can be correlated, etc. A mistake is a mistake and can be forgiven or at least understood. Hiding it, covering it up, and denying it will damage your career far more than a human error ever would. This industry is smaller than you think, you don’t want that reputation to follow you.

Trust but verify.

  • If the sysadmin says the DHCP server is ‘having issues’, if the DBA says the database replication is ‘running slow’, if the infosec guy says there are strange traffic patterns, trust their expertise as you expect them to trust yours. Don’t be in such a hurry to push them away so you can get back to your own work. Be methodical. Take the extra time. If you give a noncommittal ‘No one else is having problems’ all you’ve done is ensure that person will be back with potentially useless evidence in five minutes, or worse, a critical incident is opened and it might be the network after all. Tell them what you need to further investigate, help them help you prove it’s not the network.

When there’s a fire, be the firefighter, not the police.

  • In places with very punitive leadership, often a critical incident is less about restoring services than it is about clearing yourself as a suspect. If the hot potato is yours, there’s no point trying to hand it off, so don’t waste time. Similarly, when another team is desperately trying to blame you to save themselves, don’t panic. The root cause is the root cause already, it’s not going to change. Get services restored. Investigation comes later. By the time you are working on a critical incident it’s too late to panic about whether or not it’s the network. Above all, remember Rule #1 and Rule #2.

Wireshark doesn’t lie.

  • No matter what strange things are happening, no matter how much it seems to be the network causing a problem, get a packet capture. I once implemented DHCP snooping and the next day DHCP was failing everywhere. After a Wireshark capture, it was proven to be an infosec security scanning application that locked the DHCP database on a Windows server so no new leases could be recorded. Wireshark showed the NACKs from the DHCP server rescinding the leases because it was unable to record the lease in the database. Critical incident root cause determined, not the network even though all the ‘evidence’ pointed that way. Get a packet capture.

When you are proven right, don’t be a jerk about it.

  • Everybody gets to ride the Right and Wrong carousel from time to time. Your coworkers will appreciate the humility and understanding, and you’ll strengthen bonds instead of cutting them. There’s rarely a prize for being right, but there’s always one for being a jerk about it. Hint: It’s not a prize you want.

When you are proven wrong, don’t be a jerk about it.

  • Don’t make up excuses for it. Don’t blame others (even if you believe others are to blame). It’s not a good look. If someone throws you under the bus, that will come out later when they do it to another. Guard your credibility. Everyone is wrong eventually, but how you act when wrong is how people will remember you.

There’s no such thing as being irreplaceable.

  • Don’t hoard knowledge and don’t try to become Brent from the Phoenix Project. If Brent had been a cantankerous ass who refused to train anyone, he would have been a liability, not irreplaceable. In short: Job security is in sharing what you know and helping the team succeed, not in being the only one with the keys to the kingdom. Someone like that is a threat to an organization, not an asset, and they will be dealt with eventually.

Automation isn’t the cure for human error.

  • It can minimize the occurrence, but make the blast radius global. Say it once more, with feeling. Automation allows you to screw up at scale. As the industry embraces network automation, remember that without understanding networking, how can you trust what you are automating?

Expertise is the result of experience.

  • All experience is useful. I’ve learned a lot from labs, from production, consulting, reading, watching videos. I’ve learned more from failure than success. Those who shortcut expertise doom themselves to a career of chicanery. Yes, I’m talking about cheating. Stop a moment and consider the end result of passing a test without the expertise associated. What is the next step, exactly? Will your next job have a dump of their network for you? The sad fate of these people is they tend to bounce from job to job quickly, as their lack of expertise is uncovered. Don’t doom yourself to a career of jumping around as you get discovered as a fraud. It’s far easier to just learn expertise than to fake it.

So, I came up with ten. I could have done far more but that was the idea, 10 essential rules. I’ll present them here, and I’m curious how you feel about them. So curious that I’m actually updating my blog.

By the way, here’s a link to that post, it’s far better than anything I can write. https://twitter.com/rowelldionicio/status/1262874206233980928

Faces of the Journey – Charles Uneze

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Charles!

Charles Uneze (network_charles) is from Nigeria, currently working as a freelance copywriter for an ISP in the western part of the country, in the city of Lagos. Back in 2013, Charles entered university to study agricultural engineering. He had applied for electrical/electronics engineering, but didn’t quite meet the marks for entry. The agricultural engineering program did not feel like a good fit for Charles, but it’s not always often for students who apply for public university to get admitted, so he took the opportunity. Private university can be easier to get into, but the cost was much more than Charles was willing to deal with. After running into some issues, in 2015, Charles made the decision to leave the agricultural engineering program to pursue something he really loved. By then he knew he had a passion for IT, reapplied for that program, and was admitted in 2016. The draw to network engineering came in the form of an IP addressing and subnetting class one semester in university. The interest only grew as Charles found like minded people on social media. He even found a Cisco Netacad instructor in the same city as him! Charles is striving to become a network automation engineer.

Follow Charles:

Blog

Twitter

Lost in Networking on Twitter

Alright Charles, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? IT is an intricate field where sub-fields are complicated, mixed up, and shiny. I will recommend they visit www.cybrary.it and watch a free course titled “Introduction to IT & Cybersecurity.” The course speaks about fields like System Administration, Network Engineering, Penetration Testing, etc. After they have found the field which suits their personality, it may feel like suffering when they see the books to read because they are stepping into a strong current. I want them to understand that no heart suffers when it goes in search of its dreams, because every second of the search is a second’s encounter with God and eternity. COURAGE IS ESSENTIAL.

What is something you enjoy to do outside of work? I watch a lot of movies. I’m currently watching a new drama series called “We Are Who We Are”. Everyone in the series is still figuring out who they are by testing boundaries. Aside from movies, I enjoy playing board games like Scrabble or strolling to clear my head at the beach.

Charles and his sister.

What is the next big thing that you are working toward? The next big thing I am working towards is improving my Python, Linux, and Git skills. Currently, the big thing I am working on is understanding Computer Networking Technology via the CCNA certification. If I combine that knowledge with Python, Linux, and Git, my Infrastructure as a Code skill will be ripe to dive into certifications like Cisco DevNet without stress.

When learning something new, what methods work best for you? First, I make a list of things to be done, to avoid being misled/distracted by another shiny task. Next, I read a chapter and make highlights of new things I have learned. Then, I buy a full 60 leaves notebook where I write down summaries of highlighted texts from the book. Lastly, I lab it up, over and over again until I am comfortable with the concept. Often, I also blog about the extremely difficult topics which stress me. Blogging about it also feels like a second note taking to me, because I refine again how I have previously written the concept.

What motivates you on a daily basis? I don’t want to be imprisoned in my immediate world and get stuck with a daily routine of having the same kind of conversations with friends around me. I want to expand my mind and nurture this gift God has given to me. Also as the first son of my family, I have to carry others along and provide for their needs when it is required. So I must work hard and smart.

Bert’s Brief

It’s always a fun conversation with Charles. He is very active in the “It’s All About the Journey” community and often joins the weekly happy hour chats in the Discord channel as well. I absolutely love the curiosity and enthusiasm from Charles. It’s almost like he comes to conversations prepared with questions to ask and thoughts to share. How he uses blogging as a method of studying and retaining knowledge is creative and incredibly smart. He is a very driven person who is constantly chasing his passion. If you ever get a chance to have a conversation with Charles, I strongly recommend it. I cannot wait to hear what is next for Charles!

Ep 18 – Carl!

This week we talk to Carl! Carl shares his journey from the Marines, to FedEx, and then into IT. Carl also shares his experience preparing for, and taking, certification exams.

Check out Carl’s article on the AONE Blog – The Art of Preparing for a Cisco Exam.

You can follow Carl on Twitter, he is @cfzellars4 (https://twitter.com/cfzellers4)

Cisco Press Enterprise Design Book – https://amzn.to/2IHvA63
300-730 – Implementing Secure Solutions with Virtual Private Networks (https://learningnetwork.cisco.com/s/svpn-exam-topics)

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

My Advice on being a Traveling Parent

This article first appeared on A.J.’s blog, blog.noblinkyblinky.com

In my position I travel a fair amount for work. This is certainly not a new thing for me, I have traveled in the past for previous employers. What is new, however, is that my youngest son is getting older and has become more aware of my absence. With that has come more emotions, understandably. One trip, however, changed everything.

This image has an empty alt attribute; its file name is img_1532.jpg

Meet Astro. If you work in IT or with Enterprise Applications you may recognize him as one of the furry mascots for Salesforce. I attended Dream Force in 2017 and ever since I brought Astro home my youngest son fell in love with him. They go everywhere together, and now he goes everywhere with me.

My son would get really, really sad when I was gone. So sad it would make my travel extra difficult for my wife. One trip we decided to try something new. We let my son pick a cuddly friend that would travel with me. Of course, he picked Astro. I brought Astro on my trip and took pictures of him on our journey. Here he is on the coast of Maine.

This image has an empty alt attribute; its file name is img_1542.jpg

Viewing the outdoors is not the only thing Astro likes doing, he also likes getting into trouble. He really loves to trash my hotel rooms.

This image has an empty alt attribute; its file name is 57818571645__b3f4cb7f-b0d5-4306-b53d-dfa7ec896166.jpg

Seeing these pictures and FaceTiming with Astro and I has made a significant improvement in my son’s mood while I’m away. He seemingly looks forward to my trips now because he is so curious and excited about what Astro is going to do next. This helps ease the anxiety and sadness exponentially.

We even kept the magic alive during a recent family trip where my son brought his Astros – yes we have 3 of them, Red, Blue, and Black. The three of them really did a number on our hotel room! The magic and wonder in his eyes upon our return was more than worth it!

This image has an empty alt attribute; its file name is img_3780.jpg

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

This image has an empty alt attribute; its file name is img_3603.jpg
This image has an empty alt attribute; its file name is img_3605.jpg

The best part is that I’ve also started sharing some of these photos on my social media accounts and my friends and family love keeping tabs on Astro as well! I was recently at a family BBQ where several people asked me about Astro and told me that they love seeing the pictures and get a good laugh out of what I post.

Besides traveling with a stuffed co-pilot…

The only other advice I’d give, that seems to work for me and my family, is be more present. When you’re gone it’s noticed. So, when you’re home make sure it’s noticed.

I try to help out more around the house, be the one to handle daycare drop offs and pick ups, and do more of the bed time routine. I typically ramp up prior to leaving and after my return. If my schedule will permit me to be home for a longer period of time then my wife and I tend to load-balance all of these things – work gets done and no one person is over saturated.

What about older kids?

In addition to a four year old I also have a teenager. The teenager misses me just as much as the four year old. However, my teenager isn’t as interested in pictucres of a stuffed animal doing funny things. What helps with him are phone calls, FaceTime, text messaging, and I keep an eye out for things that interest him.

For example, like most teenage boys he’s into fancy exotic cars. I was recently traveling in San Jose, CA for Network Field Day 21. As we were leaving a venue there were three cool looking cars parked out front. I was sure to snap a photo and text it to him.

This image has an empty alt attribute; its file name is img_0165.jpg

Doing little things like this helps show him that he’s on my mind even while I travel.

What else?

If you travel for work I’d love to hear what works for you. Shout it out in the comments or tweet me on Twitter!

As always, thanks for stopping by!

Ep 17 – The A.J. and Aaron Show

In this episode, you guessed, it’s just A.J. and Aaron. A.J. shares the latest journey he’s begun, discussing physical vs digital books, and more. The guys also discuss study habits and styles, and the idea of “total compensation” with your employer.

Apologies for the poor audio on A.J’s side – he had the wrong input device selected when they recorded…

DevNet Associate OCG – https://amzn.to/2ThDBQO
Post it note flags – https://amzn.to/31yJZYE
ACM Professional Membership regularly $99/yr, and Student is $19/yr!
Profesional: https://services.acm.org/public/qj/profqj/qjprof_control.cfm?promo=PWEBTOP&form_type=Professional
Student: https://services.acm.org/public/qj/quickjoin/qj_control.cfm?promo=PWEBTOP&form_type=Student

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

2020 Geek to Geek Pick Me Up Exchange

This article first appeared on Ben’s blog – packitforwarding.com

I don’t know about you, but this year has really kept me kind of down. I really missed seeing friends at tech conferences this year and I’m starting to go a bit stir crazy limiting my travels to about 10 miles from home. That’s why I am inviting you all to participate in a little fun.

I’m proposing a Geek to Geek exchange. Starting now and until November 13th, I will be accepting participants using this form.

I want this to be fun for all so please be considerate of others. Only sign up if you can commit to sending something (possibly internationally) by December 15th. The packages don’t have to be elaborate, just a little fun to make someone’s day. Who doesn’t like getting a package in the mail? Please no bag of dicks or other such “novelty” sites.

I promise that all data collected will only be shared with your secret Geek match and that it will all be securely deleted after the event is over.

Faces of the Journey – Eugene Byers Jr

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Eugene!

Eugene Byers Jr, also known as Rize2Grind, was born in Brooklyn, NY and currently lives in Queens. Eugene is a tech support analyst for a nonprofit healthcare organization. For many years, he thought his career goal was to become an executive in the music industry, starting his own management company and music label. For a while, he did manage a few local artists in the gospel music industry. While he enjoyed learning how to manage artists and concerts, it didn’t end up being Eugene’s destination career. Before his current role, Eugene found himself playing with ROMs on his Samsung device, tinkering with computers, and becoming the family tech support guy. Over time, he built relationships with members of the IT staff and eventually an opportunity opened up within the department. Knowing he did not yet have the relevant experience, he took a shot and applied. Eugene was told that they really needed someone with desktop support and server experience. While he knew that was going to be the answer, it still hit hard. A few years later, while still in his original role, the company lost some contracts and was going to need to reduce staff. Without even knowing that he was at risk of losing his existing job, he was told by the head of IT that he was going to be transferred into the department as a computer operator! Eugene took this opportunity and made the decision to continue to grow himself and his career. He began studying for the CompTIA A+ and Network+ certifications. While doing that, he started seeing YouTube videos from people such as Network Chuck, Jeremy Cioara, Du’An Lightfoot, and Hank Preston. From there, his interest in networking skyrocketed. Eugene’s goal is to become a hybrid network engineer who inspires others to go after their dreams, no matter the career choice or age.

Follow Eugene:

Twitter

LinkedIn

Alright Eugene, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Get at least two to three people in your corner who know you well, that will cheer you on, hold you up when you fall and tell you the real deal when you need a reality check. At work, talk to your IT coworkers. Let them know you want to learn more about IT. Ask them what they do, how they got started. Just strike up a conversation and let them know you want to transition to the IT department. You will gain valuable information that will help you along your IT journey. Join the tech community on Twitter and network, ask more questions. Subscribe to the AONE podcast and join the Discord.

What is something you enjoy to do outside of work? I enjoy working out and running Spartan Races. I hope to complete my 1st Trifecta in the 2021 season. We shall see.

How do you manage your work/life balance? It’s a moment by moment thing. I don’t think I manage well at all. Discipline has to be extremely high to knock out a new/current project, or study session and then also have that same energy when I am engaged with my wife and kids. It’s a constant battle that you have to prepare for daily.

When learning something new, what methods work best for you? I have figured out that watching a video on the topic and then labbing it up is what makes it stick for me. Hands on repetition in a lab is a great teacher.

What motivates you on a daily basis? My faith in God to become a better man to my wife, kids, family and to the community. I have purpose on this earth and I would be doing a disservice to just be mediocre daily and not strive to be the best person I can be to everyone I come in contact with.

Bert’s Brief

In all honesty, I could have just written “Rize2Grind” at the beginning of this article and called it good. Eugene, with his passion to excel at everything he does, writes his own story every day. All you need to do is scroll through his Twitter profile and you’ll be ready to take on whatever life throws at you. He teaches us how important it is to make connections with people. I love that Eugene doesn’t keep his passion to himself. He uses it as a tool to motivate others, and as someone who follows his Twitter feed, I’m here to tell you it works. I don’t post a lot on Twitter at the moment, but I’ve found that from time to time, I’ve become Eugene’s hype man in the back of the room throwing my hands up, pacing back and forth, retweeting and liking his posts. In all seriousness, this was a fun article to write because Eugene is living proof that if you set your mind to something you can accomplish your goals.

Ep 16 – What is a Network Engineer?

This week Zig Zsiga joins the crew as we discuss – What is a Network Engineer? Zig is a Customer Delivery Architect at Cisco. Outside of Cisco he runs his own blog, YouTube Channel, and Podcast. Zig is also developing and running course on being a Network Designer/Architect. Additionally, Zig is a Dual CCIE in both Routing and Switching and Service Provider, as well as the CCDE (Cisco Certified Design Expert).

You can find more of Zig:
Twitter: https://twitter.com/Zig_Zsiga
Youtube: https://youtube.com/c/Zigbits
LinkedIn: https://linkedin.com/in/ZigZag
Website: https://zigbits.tech/
Email: Zig@Zigbits.tech
Podcast: https://podcasts.apple.com/us/podcast/zigbits-network-design-podcast/id1236400835

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Study Tips for the Time Challenged

This article first appeared on David’s blog, https://zerosandwon.blog/.

If you are reading this, you are probably trying to study and a very important question has come up: “How do I even make time?”. I look across social media and that is one question that seems to be a concern for many of us. Whether you are studying for a certification, class or even to acquire a new skill, time must be dedicated. If you can show up at every test without taking the time to study and you ace each test, there is no need to read further. However, if you are like the rest of us who often struggle juggling work, family, and everything else that comes behind it, the next few paragraphs will hopefully provide some encouragement.

I’ll be honest, I can be a bit lazy at times. Why not? I deserve it don’t I? Don’t we all? My main struggle when it comes to studying is a mix of procrastination and laziness. “Tomorrow is a better day!”. “I am starting next week!” “I am going to start the week after!” These are some of the things that come to mind when I want to sit down and dive in to any type of study. However, I’ll then turn around and burn through a couple hours of Xbox. It makes no sense. Gaming is great, but gaming is not teaching me the necessary skills I need to progress at work or to implement a specific project. Studying will. Yet, my approach to studying is often lackadaisical. When I started studying for the Cisco Certified Network Associate (CCNA) years back, procrastination was my main problem. The appetite for studying was not really there. Since there was no hunger for it, other things began to distract me. At work, other’s would fill me in on how their studies were going. One thing I noticed about those that were studying…they were learning. They were able to apply what they learned at work. That flipped a switch. For myself, recognizing that the journey to the CCNA was slightly more important than the CCNA itself made a difference. Sure, you can take a test and pass it…but did you learn anything? Are you able to apply the concepts you learned to real-life business scenarios? Memorizing terms is one thing, but knowing what those terms are is another. Having the need to apply what I learned to make myself and the business better pushed me to complete the CCNA. I was already in a Network Engineering role when I started the CCNA journey so it was a little easier to apply learned topics to those real life scenarios. Many who are reading this might be working their way towards their role of choice and studying at the same time. There might not be a place right now where you can apply the learned concepts. There will be. Those doors will open up. The important part is getting the hunger to study. If you do not make it a priority, something else will fall in its place.

When it came to pursuing my Cisco Certified Network Professional (CCNP) cert, the problem was no longer procrastination. I was on fire to reach another level and continue learning. However, mine and my wife’s time was now spent on learning how to be parents. My son was just born when I started studying for the CCNP Route exam. There was a new priority, my son and he needed to remain the priority. No matter what, family will always come first. Studying, gaming, even coffee will come after. So now it was a matter of finding the time to fit in studies where I could. I would return from work and I wanted to help my wife with my son. She was tired and I wanted to give her a break. The studying happened, but it was not as much as I wanted. I would find time at night before sleep, during the baby’s naps, and on the weekends. I’d say no to hanging out with friends just because that was valuable time I could use to try and lab subjects I was reading on. It took me three tries to pass the Route exam. Now, I am not going to blame my son for that (maybe), but I was able to pass it. Each time I failed I made sure to double-up on studies on the areas I felt weak in. Each time I failed I did feel a little deflated. My wife always encouraged me to go study and to not worry about everything else. At this point, my purpose for passing was just not to apply learned concepts to business scenarios, but it was also to obtain new opportunities that would benefit my family. I continued to study and was able to pass the Switch exam as well as the Tshoot. You might be dealing with a similar scenario. The time to study is rare because there are other important things going on. Don’t let that discourage you. Take advantage of the available time you have. You might have failed an exam once, twice or however many times. Keep studying, keep going! One thing I did not do that I would (and will) is wake up earlier. I love sleep. Especially since the kids wake up early; any opportunity I can take to sleep an extra minute or two, I am taking. However, that can be valuable study time right there.

This year I took Palo Alto’s PCNSA and PCNSE exams. Now there are two kids running around! Thankfully they are slightly older and have set bed times. As soon as they were in bed, I jumped straight to the material. Some people prefer to study in the mornings. Some people prefer to study at night. I am more of a night owl. I usually go to sleep late. I feel more comfortable staying up late, reading and making notes. Some people do not. You have to see what fits your schedule and more importantly, what is comfortable. If it is difficult for you to study at night, don’t do it. Try to find time earlier in the day. As I mentioned before, waking up earlier is a dreadful option, but some people are into it. If you are not able to study comfortably, it will be more difficult to retain the information. I took advantage of the evenings and was able to pass the PCNSA. I followed the same schedules and studied for the PCNSE. This evening thing seemed to work out for me! I passed the PCNSE. One things I did not do is study more than 4 hours each day. My study time during the week was between 2-4 hours. This worked for those particular tests. I had previous experience on Palo Alto, so that also helped. On the weekends I would spend more time studying. If you are studying for something completely new, you will probably have to make more time for the material and labs. Don’t try to jam in all that time into one day, space topics out to several days if needed. The important piece is to make sure you are comfortable and well rested. This will help you mentally capture more information.

Sometimes I compare studying to health. The same medicine that works for one person might not work for the next. Everyone is different. Everyone studies differently, takes notes differently and labs differently. Don’t feel discouraged if your journey is taking a little longer than someone else. If you sit down and look at social media, people are passing tests left and right. It’s great! However, don’t compare your progress to someone else. You are at the right place at the right time. Find the time you can and fill it, even if it means getting up early (ugh!). Always keep in mind why you are studying. What is the endgame? Use that as your motivation. Keep studying and good luck!

Faces of the Journey – David Alicea

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet David!

David Alicea was born and raised in Chicago, home to the best pizza in the nation (his words, I’m not here to start fights!). He and his wife moved out to the suburbs a few years back and now have two kids who love to wake them up early. In his professional life, David is the lead network engineer on a team of three in the manufacturing industry. David’s team is responsible for route/switch, telephony, firewalls, and other security solutions for sites all over the world! Before his current role, David spent about a decade working in education for a nation-wide university. Enrolling in the Cisco Network Academy for two years in high school is when David got his first opportunity to configure switches and routers. Even though he got an early introduction into network infrastructure, he was not 100% sold on network engineering as a career path. After graduating high school, he decided to pursue database administration and programming in college. While there, David was able to obtain a student worker position at the helpdesk as a technician. This position built the foundation for his career. He is a firm believer that if you give 100% to everything you do, doors will open, and this is exactly what happened. First, David was offered a full-time desktop support position with the university. Then, he was eventually given a management position over the helpdesk and student workers! While in the management role, David branched out, assisting the network team with small projects at the campus. He continued to be noticed by administration and was offered a position as a network engineer. By that time, David had graduated with a Bachelor’s Degree in Computer Information Systems. Networking continued to interest David and he began studying for certifications. David’s advice is that while sometimes we might feel like we are stuck or going nowhere, we have to be patient. Doors will open when you least expect it. The important part is to continue learning and being an asset.

Follow David:

Blog

Twitter

LinkedIn

Alright David, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? If there is one thing you take away from my short bio is that you should always try to give that 100% effort in what you do. You might not like what you are doing right now and that is perfectly fine. However, working hard, showing up on time and just being humble does get noticed.

What is something you enjoy to do outside of work? I love gaming. I might not have as much time to do it now, but I still try to dedicate a couple of hours a week to it. I find it is a good way to relax and clear the mind. I play RPGs on the Nintendo Switch and sports games on the Xbox.

What is the next big thing that you are working toward? Automation. This seems to be the next big thing that everyone is going towards. I started travelling the Python path as well as digging into Ansible. There are use-cases at work I can try to weave automation into that will be beneficial. With a small team, it will be great to automate the little things where possible.

How do you manage your work/life balance? Forcefully. If you do not take steps to separate work and the rest of life, it is possible for work to take over completely. Some places do a great job in making sure you do have that work/life balance and some do not. For those in IT, we know that IT is not just 9am-5pm. There are projects that require overnight or weekend work. There are on call rotations. The important part is to always make time for the family. Go on trips when possible, even if it just a weekend getaway across town. I occasionally take random days off to do something with the family. Whenever we take a vacation we usually try to go on cruises or camping. Why? No cell signal 😊.

What is your favorite part about working in IT? I like making an impact. The things I do in IT make a global impact across the company. People rely on my skillset to design, implement and support solutions that benefit the company and allow growth. It is a lot of pressure. Sometimes I think, “Do I deserve to be here or do this?”, but I shake that away and continue marching on making an impact.

Bert’s Brief

I really enjoyed writing this because I found that David and I are a lot alike both in how we got our start and our mindset towards our careers. We both got started in college as student workers in helpdesk/desktop support roles and we agree that it’s important to give 100% and find ways to provide value in everything you do. David has a really good head on his shoulders and has proven that he is a versatile asset. He has held both technical and leadership positions, which is incredibly valuable in my opinion. Not only can he provide technical value, but he can communicate effectively and articulate expectations to others. Having a technical resource on a team with strong leadership qualities is very beneficial and that is exactly what David is and has been in his roles. My prediction is that David will continue his upward trajectory throughout his career. I do have a craving for some good pizza now, too.

Ep 15 – Knox

This week’s episode is part 2 of our interview with Knox Hutchinson. Check it out!

This episode was not sponsored by CBT Nuggets. Knox just happens to be big fan of the podcast and we’re are a big fan of him, so this just made sense!

To get more Knox check him out on:
YouTube: https://www.youtube.com/c/DataKnox
Twitter: @Data_Knox (https://twitter.com/Data_Knox)
LinkedIn: https://www.linkedin.com/in/knox-hutchinson/
CBT Nuggets: http://learn.gg/dataknox

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

SD WAN Underlay Options

This article was first written by @aaronengineered and posted to his blog aaronengineered.com.

SD WAN typically consists of two parts. An overlay and an underlay. This article will cover the underlay.

And we can kick this off by saying that underlay is just a fancy term for connectivity. 

I would hope this goes without saying but here it goes anyway, we need connectivity for SDWAN to work at all. Yes, you read that right. We need external connectivity to the outside world. 

I know. EARTH shattering stuff there.

After all, the idea here is to get you off and running with your first WAN or to give you a nice shiny new version of the one you have now. 

Take note of the image below. This is an Edgeconnect SD ROUTER from Silverpeak – an SDWAN vendor. You can see that even on this device there are two dedicated WAN ports, wan0 and wan1. We know that these are clearly WAN ports because it’s telling us that(obviously). What we don’t know is what are we allowed to plug into those ports?

In this image we can see that we have two different Internet connections. Specifically, a Cable and DSL internet connection.

That being said, we aren’t limited to just using internet connections like the example. We have options and I have narrowed down them down to two distinct categories.

The first is just a standard internet connection, sometimes referred to as a “public” connection. The other is some type of managed wan or leased line often referred to as a “private” connection. I want to point out too that the options listed below are based in the United States. Names and connection types can vary from country to country.

Typical Internet connection types

For the most part, these are geographically dependent. Meaning, if you live in a large metropolitan area you may be lucky enough to have all of these options at your fingertips. If you don’t live in a large city you might be in a different situation so T1’s and 4G LTE connections become the primary option. Normally that might be pretty limiting but with SDWAN we will see that it isn’t so much of a big deal any more. 

Here are some of the main Internet connection types:

  • Cable internet 
  • DSL
  • Fiber based Ethernet 
  • T1 
  • 4G LTE 

All of these vary in their delivery method and price but most importantly their speed and quality. (Which are a big deal to Network Engineers like us)

There are other factors at play here as well and any good WAN architect will tell you it’s not all about the speed. So of course latency, jitter, and packet loss will all be considered as well. 

Managed connectivity options from your ISP

  • Metro Ethernet
  • MPLS

*There are other flavors of these connection types that are slightly different but the idea is pretty much the same so I have left those off the list. For a better look at some of the offerings, click here.

In the past, as a WAN architect, it would be your job to make sure that you aligned the company’s goals and the company’s budget into a nice pretty little package. It’s your job to sell the trade-offs. To better understand what this means, take a look at the above connectivity options. If you did not know, there is quite the price difference between a managed connectivity product like an MPLS and a cable modem that brings you Internet connectivity. 

BUT…. we know that the reason you pay for a managed service is so that you can get things that you need. Those things are usually guarantees around up time, packet loss, jitter and latency just to name a few. 

You see the applications that enterprises are using in todays networks are all very unique. Sometimes they come with strict requirements in the network and can’t tolerate any sort of inconsistency. And that’s ok because managed connectivity solves for that by basically guaranteeing that our traffic will get the white glove treatment. 

The opposite end of this of course, is just a standard broadband internet connection. (See list above) 

These are typically high-bandwidth and low-cost. That’s great if those are my only two requirements but as we read earlier, but that’s not always the case. 

OK let’s make sure we are all on the same page here. 

Private managed WAN’s – typically higher in price but definitely get you the guaranteed delivery you need.

Public Internet connections – low price, high bandwidth, low reliability.

I have to decide between the two options here. Or do I… 

Well my friend, another feather in the cap of the SDWAN router is that it’s often underlay agnostic. Meaning, it doesn’t care what you plug into it. All connections are created equal. 

Well not completely equal but pretty darn close. This just means that the SD Router is going to be looking at whatever you plug into it with a watchful eye. It’s going to be monitoring it for packet loss, jitter, and latency and report back to you with what it finds. On top of that, it’s going to make QoS decisions about what traffic to send and how much of it based on the current health of that link. Again, it doesn’t matter what that link does. 

RAD. 

Putting it all together.

So how does this change the role of the WAN architect? Well for one, it makes the job a lot easier. Since I now have the freedom of picking whatever connection fits the budget best or picking the only service available to me based on geography I can get a LOT more creative in solving for the organizational goals of the company. 

Remember from my previous articles that SDWAN is all about efficiency. How it accomplishes that is by using insights and control. Putting that into context with the underlay – we have insights on how those regular internet connections are performing and make different QoS decisions based off that information to prioritize mission critical traffic in our WAN.

What being ‘underlay agnostic’ means to the SDWAN router is being able to compensate for some of the short-comings of lesser guaranteed connections. This is achieved by having multiple WAN links that are closely monitored. This in turn allows the router to make application routing decisions on the fly if one or more of the connections are not performing up to your pre-defined standards.

Hopefully this has given a bit more insight than you may have had previously. If you enjoyed what you read and would like to learn about something WAN or SDWAN related, find me on twitter at @aaronengineered.

Enjoy responsibly!

Faces of the Journey – Robin Canela

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Robin!

Robin Canela, originally from New York City, is a Unified Communications Engineer for a software company based in Florida. While the company is based in Florida, he has been working remotely in Virginia since 2017. Robin has been no stranger to hard work. At just fifteen years old, he started a part time job at a pharmacy. After three years, Robin ventured into retail, and eventually began training as a pharmacy technician. He had aspired to become a pharmacist, but found that school really wasn’t for him. When he turned twenty, Robin made a bold and risky decision to move to Virginia. There, he went back to retail for about a year with Toys R Us, then became a utility locater for around two years. Robin then decided it was time for a change. He updated his resume, and began interviewing. His break into IT came in the form of a contract position imaging computers, that kept getting extended until he was hired on full time as a Desktop Support technician! Robin was drawn to IT by being an avid gamer when growing up. His enjoyment of video game consoles led to the building of his own computers and getting exposure to programming languages. He began to love technology and became more invested in learning and growing. Robin has an aspiration to become CCIE certified and is currently studying for the CCNP certification (he became CCNA certified in February of this year). Eventually, he wants to design networks and travel the world!

Follow Robin:

Blog

Twitter

LinkedIn

YouTube (under construction)

Alright Robin, We’ve Got Some Questions

When learning something new, what methods work best for you? Hands-on learning works best for me. The method I use when studying:
1 – Read
2 – Watch Videos
3 – Practice/labs
4 – Teach others

What advice do you have for aspiring IT professionals? Hard work, enthusiasm and dedication. Don’t compare yourself with others, and most importantly, believe in yourself. One thing I always remember and hold on to is that “every expert was once a beginner”.

What is something you enjoy to do outside of work? This past year I got into woodworking and I absolutely love it. So far I have built an arbor for my wedding (article about it on my blog), storage compartment in my garage, two dog feeding stations, built-in bench with batten boards, and the list keeps growing for things to do. I also love learning new technologies so much that I have invested in a home lab. I have a couple of servers, routers, switches, etc. Virtualization is amazing.

How do you manage your work/life balance? Haha, feels like a trick question. In my relationship the most important things are communication and boundaries. Letting my wife know ahead of time my plans, goals, and schedule for the day really helps. When I don’t communicate, oh boy. Since I have been working remotely for over three years, setting boundaries between work/life is very important. I make sure to stop working when work is over and stop checking work emails after hours. It doesn’t always happen but I am getting there.

What motivates you on a daily basis? Challenging myself to become a better person today than I was yesterday and coffee, coffee, coffee.

Bert’s Brief

If I had a pick a few words to describe Robin Canela, they would be “balanced” and “well-rounded”. It can be very difficult for many of us to find the right balance between work, professional/career development, and personal life. Robin just seems to have it all figured out, and that is excellent. He is extremely down to earth and willing to carry on a discussion with anyone. Robin also has a skill that I think is very important which is determining goals. He figures out some future direction, sets a plan, and sticks to it. While maintaining and building on his life, Robin takes the time to remain active in the “It’s All About the Journey” community. He is often sharing ideas, providing encouragement, and just being an all around nice guy. Keep an eye out, I’m seeing big things on the horizon for Robin Canela!

Ep 14 – Data

In this week’s episode we talk to Knox Hutchinson. That’s right, CBT Trainer, Knox joins us and tells us about how he got into IT and eventually IT Training at CBT. We had such a great conversation we had to break it up over two episodes! So, check out part one this week and come back next week for part two!

This episode was not sponsored by CBT Nuggets. Knox just happens to be big fan of the podcast and we’re are a big fan of him, so this just made sense!

To get more Knox check him out on:
YouTube: https://www.youtube.com/c/DataKnox
Twitter: @Data_Knox (https://twitter.com/Data_Knox)
LinkedIn: https://www.linkedin.com/in/knox-hutchinson/
CBT Nuggets: http://learn.gg/dataknox

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Why people go for Network+ before CCNA?

This article was written by Chris and first appeared on his blog christechjourney.wordpress.com

This week, I tweeted about my career goals and I got some interesting comments about people’s goals (tweet link). I can see that a lot of you are choosing to go for Network+ before CCNA, I asked why to some of you, and here I will try to summarize what I got:

First of all, N+ provides foundations/general network fundamentals for Neutral Vendors- that can be a very good point if your goal is to work with different vendors (list of every networking hardware vendor)- and the CCNA is specific to Cisco Material. CCNA provides principal Network fundamentals but with more depth into Cisco materials (specific Cisco commands, for example, you will not learn that in N+, but you will learn Subnetting, for example, in both certificates because that is universal).

By comparing the two blueprints, you can see that CCNA details many in-depth non-cisco topics: IPv6, Interface issues, etc. Check it out:

Network+ Topics
CCNA Topics

You can download the blueprints here for more information about the topics:BluePrint N+DownloadBluePrint CCNADownload

I got a comment from Carl (@cfzellers4 on Twitter) and I want to share with you his words:

He doesn’t suggest any order, but he said that the way he would lay out a Zero to Certified ~ Networking ~ plan would be like:

  1. CompTIA ITF+
  2. CompTIA N+
  3. JNCIA-Junos (*Optional*)
  4. Cisco CCT R/S
  5. Cisco CCNA

This is the pathway he would choose if he had to start over, but not a specific pathway.

A lot choose to go into N+ at first because it’s a general entry-level for Networking, and Cisco more a Specialization, but keep in mind that the new CCNA is an entry-level as well.

Besides N+ and CCNA, the new DEVNETAS and CyberOps are both entry-level as well. After my CCNA, I plan to get those two certificates in this order.

Keep in mind that Cisco is the leader on the market but it’s not the only vendor. They are many out there, but if you want to choose the CCNA, are motivated and passionate, go for it. You are on the right track.

Don’t forget, if you’re studying, for whatever IT certification, you can get support on our discord channel ~ It’s All About the Journey! ~, Reach me on Twitter, and of course, listen ~ The Art of Network Engineering Podcast ~.

Faces of the Journey – Luis F Garcia Jr

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Luis!

Luis, a.k.a NetSecWheezy, has a very busy life all of the sudden. He is in the process of starting a new professional journey. Not only is he going from a SOC Analyst to a Network/Security Administrator, but he is moving from South Texas to Arizona to do so! Previous to the most recent roles, Luis got his start in IT with a helpdesk role. Before venturing into IT, Luis sold ice cream. One day while working at a baseball game, Luis ran into someone who worked in IT at a company where Luis once had an internship. After exchanging information, Luis ended up getting a call and got his start as a contractor with a helpdesk. Outside of Luis’ control, the beginning was not exactly smooth. Many times he was told that it could be his last week or even last day! Eventually he was brought on into a full-time role managing fifteen sites and two mobile units on his own. Luis has had a passion for IT since around the age of eight. He started watching YouTube videos to see how computers work, and then would play some harmless pranks on his family. Security was Luis’ main love, then in college, he was introduced to Cisco. He was fascinated by what he was learning, which led him to achieve the CCNA certification. Luis has been striving to get into a network/security role and is very excited to get started in his new position. Being able to support his family and live a good life in which he can travel is the ultimate goal.

Wheezy at the Grand Canyon

Follow Luis:

Blog

Twitter

Alright Luis, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? The advice I have for aspiring IT professionals is to never give up. I know it is very easy to doubt yourself, but we must break down these walls if we want to follow our dreams. We can all succeed in this field, there are more than enough opportunities if you want them. I will be honest in that self-doubt slowed down me following my dreams. It does not have to slow you down. I believe in each one of you.

What is something you enjoy doing outside of work? Something I really enjoy outside of work is to travel. I have not been many places, but it feels surreal when I get to travel and see new places and experience new things. I always dreamed of traveling and thanks to the IT field I have been able to follow through on my dreams. I also love the Dallas cowboys and consider myself a super fan. Every game I’ll be watching no matter the outcome. I have been to their stadium a few times and it is mind blowing to me each time.

How did you figure out that information technology was the best career path for you? I just realized it was something I wanted to do. It just was amazing to me. I wasn’t always sure exactly what I wanted to do but I knew that it had to be something with computers. I was always trying to learn about them and learn what they did. I still remember using a computer we had that was Windows 95. I think my big moment came when I got into college that realized I could do this. I went through a cybersecurity and networking degree program at a local community college and if I remember correctly, we had about 60-70 students and only 8 graduated. I admit I struggled a lot that first semester but after that I really started hitting the books and managed to excel after that. I knew that I could do this from that moment on. Eventually it lead to me getting my CCNA and Security+ certifications.

What is your favorite part about working in IT? My favorite part of working in this field is that it seems that two days are never the same and there’s always so much to learn. This field is constantly growing everyday and it is amazing to be a part of it. When I was in helpdesk, I loved being able to solve people’s issues and just speaking to them. I went through so many experiences in my time working in this field. My favorite thing is just learning about all the new security trends and things that are happening in security and knowing that I’m a line in the defense against malicious actors makes me feel proud.

What motivates you on a daily basis? What motivates me is my wonderful girlfriend. She stood by me when I did not make enough money to buy food sometimes and she has been with me through so much. She has always pushed me to follow my dreams and aspirations and has always taught me to believe in myself even when times are hard. I owe a lot of my success to her and to my family for all the support. I am nowhere close to being done with my journey yet though. Another motivation is when someone tells me that I cannot do something, I tend to draw a lot of energy from those words to prove them wrong not for them but for myself. You should never listen when someone tries to put you down.

Bert’s Brief

Luis is an incredible person with a story that proves that the journey is rarely a straight and narrow path. He has been through so much throughout his life and doesn’t seem to waste time complaining, but rather focuses his energy on growing professionally. The production of this article came during a really exciting time for Luis. I started talking with him right before he interviewed for his new position so I got to hear about the entire process. It was really neat for me to essentially get to experience the suspense and eventual joy when he was awarded the job. With the effort and passion he has put into his career, it is awesome to see him get to take this next step. Luis, however, is not selfish with his passion for IT/networking. He is constantly contributing to the “It’s All About the Journey” Discord channel by providing thoughts, insight, and endless encouragement to others in the community. It has been a pleasure getting to know Wheezy. We all wish him luck with the next chapter in his life, and know that he will excel.

Ep 13 – Deirra Footman, CCIEby30

In this episode Aaron returns, and along with Dan and Andy they chat with Deirra Footman, CCIEby30! Deirra shares her journey on getting into IT and finding her way into Network Engineering. Along the way she shares some great advice, that we haven’t yet heard on the show yet! And, Dan learns a lesson he shouldn’t soon forget…

You can find Deirra on:
Twitter @CCIEby30 https://twitter.com/ccieby30
Instagram @CCIEby30 https://www.instagram.com/ccieby30/
Her Blog https://www.ccieby30.com/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Real World Experience

This article first appeared on Girard Kavelines’s blog techhouse570.wordpress.com/

In our industry nothing is more valuable than that real world experience. The opportunity to work on real hardware, troubleshooting real problems and facing those challenges everyday. So now the questions left: How do you seize those opportunities? Where do you look first to begin?

For me getting into the industry my path, like everyone’s, was faced with hardships and obstacles, and though you’ll overcome them getting there seems like it takes forever. I’ve said most recently this past week while talking to a good friend – “It’s amazing how far we’ve come as a community its indescribable.”

When I got into this industry YouTubers weren’t a thing, communities were hard to come by, and knowledge that those did have was guarded like pentagon secrets! But today as technology has grown, the people, the professionals that have made this industry what it is and have given so much are now sharing that wealth of knowledge with the next generation and those to come after it.

My foot in the door for me was working in retail. Working in those different organizations gave me that sense of growth, and for that I’m forever grateful. It was a way for me to take those skills I already possessed to a whole new level, and as I’ve mentioned before where I both personally and professionally found my love of networking. That led me into my many other opportunities and now I share with you – How do you make your own path ?

Apply yourself. In todays world we have so many outlets to explore from social media, internships, both paid and unpaid, and more. They say also its about who you know and in some cases… it is. Word of mouth is a powerful thing, and the more you network the more opportunities it can present you. If you have or are given an opportunity to showcase your skills do it my friends, cause you never know if you’ll be given another. Showcase that passion, that drive, that desire to be the best in whatever you do cause it shows and those that are the hungriest. The ones who thrive on learning at every opportunity given to them, they prove it. Times are changing and the technology with it. If I can ever help any of you in anyway, please don’t hesitate to reach out to me! Whether you’re finding that first or that next opportunity or studying to get those certifications. Remember to study hard, and win harder. Whatever it is you look to achieve your drive will continue to take you.

Best Regards,

Girard

Faces of the Journey – Chris Dedman-Rollet

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Chris!

Chris Dedman-Rollet is a country boy from France who recently immigrated to the United States of America and resides in Los Angeles, California. He is currently a full time student, covering a vast amount of content ranging from computer information systems, CCNA study, and English as a Second language, all while working toward obtaining a GED. Chris is also a self taught Python programmer. Just recently, Chris received a work permit and is now eligible in the job market! There has been no shortage of life experience for Chris. While in France, he worked as butcher for twelve years and spent a couple of months pulling cable for a fiber optic cable company. Chris had also spent four months in the French Army as a paratrooper, but had to be discharged due to injury. In search of the next chapter in his journey, in late 2019, Chris asked his wife (a software developer) to teach him programming. He was introduced to Python and immediately fell in love with the language. In February of 2020, Chris moved to the USA and got the opportunity to enroll in an academy program to prepare for the new CCNA exam. Through the education program Chris has been going through, he has been presented with four paths that include careers as a nurse, CNC technician, network engineer, or a career in child development. Being a lover of technology, Chris wanted to pursue the network engineering path and immediately began learning more about the CCNA certification and network engineering in general. Chris appreciates the power of connecting devices together, controlling the security of the network, and automating tasks.

Follow Chris:

Blog

Twitter

GitHub

LinkedIn

Alright Chris, We’ve Got Some Questions

What do you want to be when you “grow up”? I want to be a lot of things LOL. I want to be a network engineer with programming and cyber security skills. My goal is to be able to be where I am needed and assist a company that needs help in any department. For example, let’s say I’m a Network Engineer, and tomorrow my company needs someone to do a programming or cybersecurity job. I want to be the guy whom they can count on. And, more skills mean a secure job. Besides, I want to be able to help a maximum number of people through my blog and my Twitter, like learning help or motivation. If I can help even one person, it will already be a victory for me.

What is something you enjoy to do outside of work? To be honest, studying is a kind of hobby for me. I love to learn new stuff; I try to learn something new at least every day. Maybe because when I was younger I wasn’t a school guy. I dropped out pretty early, when I was fourteen years old. I’m a Sci-Fi TV show lover, I’m currently watching “The 100” on Netflix (best show ever). I love programming, I play a lot with Python and automate everything I can. Besides all of that, I love sport (even if since the pandemic I practice a lot less), and I have been a CrossFitter for four years now. On the weekends I love to go to the beach for a walk with my wife and my dog.

What is the next big thing that you are working toward? After the CCNA, I’m going to work on the DevNet Associate certification, I’ve already pre-ordered the book on Cisco Press. Then, it’s onto the CyberOps Associate certification. Networking, programming/automation, and cyber security are three positions that I will be working toward. I’m actively working on my English, I would like to share more, for example in video interviews, and share with the community.

When learning something new, what methods work best for you? The best thing that works for me, is practice. I’m a true believer in “learning by doing”. I’m learning with books, and I practice everything that I read. I love to ask questions as well. No one should be afraid to ask for help when they are stuck on something. I recently bought the Unifi Dream Machine and put it to the test (my wife goes crazy when I mess up the network LOL). I asked for some help on the Discord channel “It’s All About the Journey”. Shout out to Carl, he’s the real MVP.

What motivates you on a daily basis? My past life as a butcher, I don’t want to go back to where I came from. It’s difficult and you don’t have really the opportunity to grow as an employee. If you get a position, you keep the same position for the rest of your career.
Now, I’m freshly married and have two pets (a young puppy and a cat☺). I want to take care of my family by growing as a husband and becoming someone better every day. The Twitter and Discord community motivates me a lot as well. It’s always good to see when other folks succeed at what they are working on. The happiness of others makes me feel good.

Bert’s Brief

Chris’ life is the epitome of “the journey”, not just figuratively, but also literally. He has traveled from France to the USA and is now working on becoming a network engineer. Chris is always looking for that next opportunity to make himself better, and seeing him learn and grow through the “It’s All About the Journey” Discord channel is truly inspiring. He always brings his positive attitude to discussions and is constantly encouraging others. Chris is definitely someone you will want to connect with and I can’t wait to see him begin his professional IT journey.

Ep 12 – The Packet Pilot!

Matt is a Cisco Champion and he currently works as a Deployment Engineer working for a large Cisco Partner where he focuses on Enterprise Networking and SD-WAN. Matt is also a huge hockey fan and really enjoys playing the drums.

ATA = Analog Telephone Adapter, see also: https://www.cisco.com/c/en/us/products/collateral/unified-communications/ata-190-series-analog-telephone-adapters/datasheet-c78-739907.html#:~:text=The%20Cisco%20ATA%20191%20Analog,devices%20into%20the%20IP%20world.&text=Customers%20can%20take%20advantage%20of,to%20Cisco%20analog%20telephone%20adapters.

Matt’s article on structured cabling: https://www.packetpilot.com/back-to-basics-patching-a-switch/#more-806

You can find Matt on Twitter https://twitter.com/mattouellette, and if you’re going to follow him you need to follow his dog to https://twitter.com/WoofAurora. Also, be sure to checkout Matt’s blog https://www.packetpilot.com.

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Adopting the Mindset of the IT Ninja

This article first appeared on A.J.’s blog, blog.noblinkyblinky.com

Adopting the Mindset of the IT Ninja

Lately I see a lot of people, IT Professionals and others, seeking (not always giving) gratitude online for their hard work. Now, first off, it’s certainly earned during these trying times. With everyone working, learning, and, well, living at home – all the time – we are putting the internet, remote access related resources, and various SaaS to a serious test and with few exceptions they really haven’t skipped a beat. IT Professionals are doing amazing things right now to help keep life going throughout this pandemic. But if I’ve learned anything from working in IT for the last 15 plus years it’s that silence is the highest form of gratitude.

I didn’t always feel this way. I, too, often sought feedback and gratitude as a greenhorn Help Desk’er. Gratitude meant happy customers and if people weren’t happy with my work I took it as a learning experience. However, that all changed one day thanks to a promotion from SolarWinds.

I got this promotional email one day. If I signed up for a free trial of some product, participated in a webinar, I’d get an IT Ninja sticker. Nearly identical to the Ninja pictured here:

This image has an empty alt attribute; its file name is switninja.jpg

Now, what I thought I was getting was a sticker small enough to slap on the lid of my laptop, so I filled out the form and downloaded the promotional stuff. Six to eight weeks later I had nearly forgotten about the sticker when a long tube arrived in my mailbox. Puzzled, because I didn’t order anything that I was expecting to show up in a tube, I opened it and BAM! It’s a giant wall sized sticker of this IT Ninja! It was about two feet or so wide and three feet from head to toe. It was amazing!

For years this IT Ninja lived in the tube as I tried to find the perfect home for it. So, one day I just decided to bring it to work and I hung it up in the office. At the time as I was an IT Manager for a global manufacturing company. Members of my team were starting to get frustrated. They’d spend literally hours and days working away on projects for people or departments and then receive next to nothing in return for their hard work, often not even a simple “thank you.”

If you can’t change your situation, change your attitude.

One day, as this IT Ninja and I were having our regularly schedule staring contest I realized – we are Ninjas! Ninjas do their jobs undetected! They get in, do their job, and then they get out! They lurk in the shadows and only other Ninjas would truly understand and appreciate the effort that they put in, and the training, discipline, and dedication it takes to be a Ninja.

This image has an empty alt attribute; its file name is screen-shot-2020-05-17-at-9.04.53-pm.png

I shared my thoughts with my team one day during our weekly team meeting and we all agreed and adopted the mantra of the IT Ninja. We understood that fewer help desk calls and complaints meant that people were, generally speaking, happy and able to work with few to no interruptions. We worked hard, we stayed late to do maintenance windows, and we did it mostly without thanks or praises from anyone other than each other. This paid off! We helped each other, we thanked each other, we kept tickets to a minimum and basked in the glow that was the silence from those around us. Our spirits rose and we felt better and more appreciated for the work we were doing.

People that don’t work in IT often can’t even begin to understand what we do. But, that can also be said about jobs outside of IT that we, as IT Professionals, just don’t understand. We often don’t appreciate as much what we don’t understand. We take for granted the stuff that just works and don’t care to peak behind the curtain until it stops working.

So, before you go seeking thanks and praise, pandemic or not, think of the IT Ninja. If you don’t have anyone knocking down your door, blowing up your inbox or phone then you’re doing your job! Bask in the quiet and enjoy being undetected. Show gratitude to your fellow IT Ninjas because only you know what it took to get here.

This image has an empty alt attribute; its file name is ninja-bow-prints.jpg

In, closing, I do want to take a minute to thank everyone for their hard work. I know a lot of people that have been working very hard to transition entire workforces to work from home. Building the laptops, deploying the upgraded firewalls to support additional VPN connections. Rushing through SaaS migrations. Stretching already thin budgets to make it work. You’ve taken entire school districts and moved their curriculum online. Taught your co-workers how to use Zoom, Webex or [insert online meeting tool here]. The late nights. The early mornings. All while home schooling your kids. And the list of extraordinary work goes on. Keep up the amazing work and stay safe my fellow Ninjas!

Ep 11 – Gifted Lane!

You can find Shala everywhere using her handle @GiftedLane.

Twitter: https://twitter.com/giftedlane
Instagram: https://www.instagram.com/giftedlane/
Twitch: https://www.twitch.tv/giftedlane
YouTube: https://www.youtube.com/channel/UCCNvBz8s77j2AMI_p_m9B0g
Website: https://giftedlane.com/

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Conversation Starter: What do certs mean to you?

This article first appeared on Tim Bert’s blog neticaded.com

Over the years, I have had an “on again, off again” relationship with IT certifications. I tend to take what I think is a long time to prepare, and I’m not a fan of failing when I have dedicated so much time to preparation. I won’t say that my reasoning for pursuing certifications has changed over the years, but rather evolved. My reasoning started with trying to advance my career and get that next job. While that reasoning continues, I have also added the concept of certifications as an “insurance policy”. The primary goal of my career is to be able to provide for my family. If that worse case scenario were to happen and I need a new job tomorrow, I want as much as I can put on my resume to help it float to the top of the stack with hiring companies, and I believe that certifications are a part of that. I still believe that knowledge and experience are key, which you can have without certifications, but I want that “insurance”.

I would say that career insurance and progression are my main reasons for pursuing certifications as this point in my career. That being said, there were multiple times over that last ten or so years that I wasn’t sure if that was enough. Was learning the certification curriculum for the given cert the best way to learn applicable skills to my current job or the next one that I wanted? This is where I think it’s important to do at least a bit of high level planning. I think you need to know what you want out of a certification and the training that comes with it to decide if knowing that curriculum is “enough” for you to be satisfied. For now and the immediate future, I’ve decided to be focused on Cisco Enterprise technologies. Between CCNA and now CCNP studies, I have been happy with what is in the curriculum. I am learning things in the curriculum that I didn’t know in depth before, but are applicable to my current role. That is very rewarding for me and is part of what makes this whole process worth it.

I would love to hear what your reasoning is to, or to not, pursue IT certifications. I think there is a lot of good conversation around this topic.

Faces of the Journey – Girard Kavelines

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Girard!

Girard Kavelines is an IT Specialist in the healthcare industry in Dunmore, Pennsylvania, USA. He has been an IT Professional for fourteen years, in roles ranging from PC Technician, IT/Sales Professional, and Network Technician, to IT Specialist. He has also owned and operated a successful IT support and consulting company! In his current role, he is a “jack of all trades” in an IT department of twelve people. Girard prides himself on being personable. In fact, he is such a people person, that he runs the new employee orientation within his organization. He sets up accounts, prepares the necessary IT equipment and provides knowledge to the new hires so they can get started in their own roles. Girard earned an Associate’s Degree in Network Administration from McCann School of Business and Technology and a Bachelor’s Degree in Network Security from Central Penn College. He has a passion for network engineering and is currently working toward a Cisco Certified Network Associate (CCNA) certification to be followed up by a Cisco Certified Network Professional (CCNP) certification. Girard shares his life and journey with his wife and FOUR children!

Follow Girard:

Twitter: @GKavelines

Blog: TechHouse570

Alright Girard, We’ve Got Some Questions

What advice do you have for aspiring IT Professionals? Never stop learning! Change is constant in this industry. There are so many different paths to follow and today we have so many different outlets to learn than when I was first starting. Your path and your journey are all decided by you. Stay positive! Always ask questions and most importantly keep an open mind! There are many great professionals and resources out there and you’ll always have a new challenge awaiting you.

What is something you enjoy to do outside of work? I love spending time with my family. I have 4 beautiful children of all different ages, so for me, I take it in every day. From playing Minecraft, having tea parties, and chasing my one year old around, to just watching movies and holding my 3 month old. Time with them and my wife is priceless.

What is the next big thing that you are working toward? Right now, my two biggest goals are my CCNA and becoming Cisco Champion this year. They both mean a great deal to me and I know I can achieve both! Once that’s done I’ll begin focusing on my CCNP!

How do you manage your work/life balance? I believe you have to give 200% to everything you do, and with my professional & personal commitments, it’s no different. It’s managing your time as effectively as possible! With four kids, time for things can be limited. Planning is key! But, I set aside all my time for labbing, studying, etc then commit the rest of it to my family. My current regimen now is weekends anywhere from 1-3 hours of study time. Then another two or so labbing. The rest of my weekend is time with the family.

When learning something new, what methods work best for you? For me, no doubt, hands on learning is the most effective way! Especially when learning about different topologies, etc. I feel you can retain information many ways, set a good study regimen, watch videos, etc. But in my opinion the best way to fully grasp a concept is to apply it physically in a lab! Now, everyone has their own opinions and different methods that work for them and may help them learn differently, which is awesome too! I’ve always loved being able to take those concepts, power on my switches, and apply it hands on to fully grasp what I’m learning.

Bert’s Brief

I obviously cannot just offer this up, but if you are ever having a rough time, just reach out to Girard for a chat! He is an incredible wealth of positivity and drive. I mean, how cool is it to be able to list “CEO” of a company on your LinkedIn profile? One of my biggest takeaways from my multiple chats with Girard is that he never sees challenges as burdens, but rather as opportunities. Girard is also always working on perfecting his craft and climbing that next step. He is currently blogging and technical writing at his site listed above in the “Follow” section. I cannot wait to hear what Girard does next. We’ll have to share a follow up when he passes the CCNA exam and becomes a Cisco Champion!

Ep – 10 – Single pa… I won’t say it

Brittany Mussett, Technical Recruiter – https://www.linkedin.com/in/brittany-mussett-6836a2146/

Knox Hutchinson, aka Data Knox
Twitter: https://twitter.com/Data_Knox
YouTube: https://www.youtube.com/c/DataKnox

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Simple Cisco Text File Changes

This article first appeared on David’s blog, zerosandwon.blog.

As we are busy diving into the world of programming and automation, I’d like to remind everyone of a way to make simple config changes to a Cisco switch or router using a text file. This might not be a breakthrough, but it helps when making changes to switches or routers when those changes can possibly disconnect you from the device. Imagine working on a re-IP of a switch or even a point to point link. You have your notepad ready to go. There is a new IP and default route and all you have to do is copy/paste. You paste in the IP and lose connection. Your default route change never actually pasted because you lost connection right after the IP change. You can no longer connect to the device; panic ensues. What might be a better way to make this change and avoid the “Uh oh!” moment?

In this scenario, we need to re-IP an administrative network, specifically a switch from the 192.168.50.64/26 network to 192.168.35.0/24 network. For the example, our switch has an IP on VLAN1 of 192.168.50.112. The default-gateway command is pointing to 192.168.50.65.

I would like to re-IP the switch to 192.168.35.5/24 with the gateway of 192.168.35.100 on another network that exists on the switch, VLAN 21. If I was onsite, I might just console in and make the changes. Sometimes this is not possible. You might be remote or the switch might not be in a convenient or accessible area to let you setup a console connection. I’ll create a notepad with the following config:

Let’s save that notepad file as NewConfig.txt. Now we need to send the file over to the switch. You can use FTP or whatever method you normally transfer files to devices with. My goal is to send the file over to this switch’s Flash.

Once the file is there we are ready to go. Perhaps we need to wait for a specific change window for the re-IP. Either way, you will have the text file ready to make the changes for you. Once the change window is active, login to the switch and run the following command: copy <file path>\NewConfig.txt running-config. For this switch specifically, it is copy flash:\NewConfig.txt running-config. This will copy the config changes into your device’s running configuration. As I was connected to the old IP, I will lose connection and have to reconnect to the new IP address. You can see the change in pings below.

That is it! Using the notepad file I was able to re-IP the switch on a different interface VLAN and change the default-gateway.

There is plenty more you can do with a notepad. Years back, I’ve had some scenarios were multiple devices needed to be re-IP’d in a certain window and this helped complete the project in a couple of clicks. You can save some time and pre-stage some changes for an upcoming change window and run the notepad files. I am sure software can take care of most scenarios, but for now this has been your old-school tip.

MPLS for Dummies

This article first appeared on Aaron’s Blog – aaronengineered.com

MPLS can be a bit confusing because a technology… and well, it’s kind of a product too.

Hear me out.

In this post we will try to nail down exactly what it is even though that can be quite complex given that it can be a number of different things. The goal here is to make this less confusing and easy to comprehend.

That being said, there are two different ways to look at MPLS. One if you are a consumer, and one if you are a network engineer. We will look at both here.

MPLS stands for Multi Protocol Label Switching

MPLS is a very common WAN technology that is sold by ISP’s (internet service providers).

If you are a business/consumer trying to create a WAN between your branches, the main goals of MPLS are to provide guaranteed traffic delivery, up time, and in most cases QoS metrics. All of this is achieved using the service providers network as your own private network.

As you can see, what you get here are a lot of guarantees and the use of a gigantic network as your own. That should be enough right there to get you excited. This is the core foundation of MPLS as a product. Being able to reliably deliver a service that is seemingly transparent to the end user.

The ISP is using a cool little technique called an ‘LSP’ – Label Switched Path to get your traffic from one site to another. When traffic enters the MPLS cloud, its first stop is an LSR – Label Switched Router (so appropriately named) where it is identified as a certain customer. Next, a label is applied to the customer traffic. That label is what will get you from one of your sites to the other.

Pretty straight forward stuff.

Here is a visual representation of the Label Switched Path, marked by the dotted purple line. The ISP network as represented by the cloud is full of Label Switched Routers which forward the customer traffic from London to New York.

Let us now look at the exact same visual but instead this is what the customer perceives. Identified below by the red dotted line, is a conceptual view of what the private MPLS network looks like to each customer. It appears that the London and New York offices are directly connected! The MPLS behind the scenes magic is pretty much invisible to the end user!

Rad!

It shouldn’t matter to you as a customer what’s happening behind the scenes, necessarily. You just want to make sure that your traffic arrives guaranteed and private.

To sum it up, the ISP has created a label switched path between two of my branch offices making it a direct route. This was accomplished by wrapping my traffic in a label.

And really, unless you are the ISP, why do you care how the traffic gets from London to New York just as long as it gets there?

Let’s stop there for a second. Are there other ways to make two geographically distant sites appear as one? Absolutely! You can learn more about those types here. Now lets take a peek under the hood.

A bit more for the current and aspiring networking engineers

Of course this wouldn’t be complete without a few juicy details of how this works and why it’s so popular.

The first is the use of labels and why it’s more efficient than normal routing… well… used to be. In traditional routing there is a lookup done at each router to determine where that traffic has to be sent. That lookup takes some processing power from our routers CPU and that in turn takes a little time (think milliseconds). If this lookup happens at every router, we start adding up milliseconds pretty quickly and taxing our routers CPU. Now if you have 100,000 customers all trying to do the same thing you can see how this could get sticky, very quickly.

Since the label is already mapped to a predetermined path, the lookup time is much faster and as a result the forwarding of the packet or frame is much quicker. It’s almost like having one of those passes that gets you to the beginning of the line at Disney Land even when there’s a hundred people standing in front of you.

There are some technologies that exist that can make the speed advantage a non-issue these days. So while speed was a clear selling point in the past, it’s no longer something that can only be achieved by MPLS. However, other MPLS benefits like guaranteed up time and traffic segregation still exist making it a great technology still.

MPLS allows encapsulation of many different protocols since it’s protocol independent. Think, ‘multi’ in multi protocol label switching. This is why some consider it a layer 2.5 protocol. Referring to the OSI model, we know that routers look at layer 3 and switches look at layer 2 to make forwarding decisions. Since label switched routers look at a label injected between layers 2 and 3 instead and can encapsulate both Ethernet frames (layer 2) and IP (layer 3) we then arrive at layer 2.5. Seems logical.

Being able to encapsulate layer 3 and layer 2 gives the ISP the ability to provide different products using the MPLS technology. An example would be the encapsulation of layer 2. With that, they could provide one big ethernet domain for your sites. If the MPLS label was added to my ethernet frame, I could maintain the same broadcast domain between all of my sites if I wanted. The ISP network would still be transparent to me and all of my devices across all of the sites would be on the same subnet. It’s sort of like having one long private cable stretched between all of my sites no matter where they are or how far away from each other they are. That of course, is just one example of MPLS being a product and there are many although beyond the scope of this article.

Final thoughts

I hear a lot of talk about MPLS not being a viable solution in today’s networks. That simply is just not the case for every network. While new technologies come out all the time all promising to make things easier or to be better, they are really just new tools to use. There isn’t and never has been a “one-size-fits-all” solution. Having guaranteed service metrics is a must-have for a lot networks today and that will continue to let MPLS be a viable solution for years to come.

Perhaps this will give you a new outlook on MPLS and how it could be beneficial in meeting your WAN needs.

Thanks for readaing!