In this episode, A.J. and Tim are joined by Lexie (@TracketPacer) and they discuss their goals for the upcoming year! Hear how each of them goes about goal planning and the goals they’ve set for themselves for the coming year.
Studying for certifications is hard, and a lot of people are studying for certifications. It would be great to be able to leverage the thinking of other people: their viewpoints, opinions, ways of solving problems you might not have thought about.
You’d like to join a study group for the cert you are working on, but everyone else is just looking for a group too, and there isn’t an active one to join. Lots of people express interest in joining a study group, but no one seems to know how to set one up. Never fear, we’ve put together some suggestions that will help you start a group and keep it working like a well-oiled machine, carrying the occupants to Certification Valhalla.
Getting Started
The first step in starting a study group is trying to find a group of people looking to join a study group. Thank God for the Internet. There’s Twitter, Facebook, Slack, Discord (shameless plug for IAATJ) and other social media platforms out there where people are studying and collaborating already. You pretty much can’t throw a rock without hitting people looking to study for certifications. Now stop throwing rocks at people, you monster.
Study Group Do’s and Don’ts
Starting and running a study group requires a very different set of skills than joining and participating in the same group. Just like Dungeons and Dragons, someone has to be the Dungeon Master so everyone can play. Here’s a list of suggestions on creating a running a successful study group:
DO:
Decide on a common platform for collaboration
Whether it be Discord, Slack, Google Hangouts, Facetime or Webex, the first step in forming a group is establishing what technology you use to meet/collaborate.
Decide on common training materials, or agree to focus on the exam blueprint agnostically
This is where a lot of study groups tend to stumble right out of the gate. Let’s be honest, all training materials are not created equal, and people may have acquired their study materials any number of ways. This could be a constraint on your group and the first hurdle to clear.
As a group, it’s better to decide if the group prefers to stick to one provider or approach the topics vendor-agnostically. There are pros and cons to each. One of the biggest pros is that it makes cadence easier and focuses the entire group on the exact same topics and labs. The biggest con of going with this approach is it could be exclusive to people who don’t have and can’t acquire the agreed-upon materials, and thus the group misses out on the added value that some might otherwise bring.
Develop ground rules early in the process
Here is another large stumbling block that most don’t even see. So much is assumed that often causes problems down the line, and when dealing with people of different cultures and expectations, it’s really imperative to declare the ground rules for the group and make it accessible to anyone who wants to join. This isn’t just administration for its own sake, it helps defuse arguments before they arise and streamlines the whole process.
Ground rules cover the basic expectations of the group and how it will interact. Cameras on or off? Mute when not talking? What common language will the group work in? Do we raise our hands (digitally or otherwise) and wait to be recognized or can we be more freeform? What is the expectation if late? Is there a consequence for habitual lateness?
Establish the frequency of meetings
This seems like a no-brainer, but it can get complex. How often will the group meet? Weekly? Twice a month? Monthly? The frequency influences a lot, including expectations of what can be accomplished outside the group meetings, and the the target dates for taking the exam.
Scheduling the meetings
What day of the week should the group aim to meet? What time? Which time zone will the group use as the reference? This could be very simple or extremely complicated depending on where study group members live. Some groups that want to be hyper-focused restrict membership to within 2-3 hours of the reference time zone. Some are more loose but place the burden of making it to meetings on time on the members who live far outside the reference time zone. There’s no right answer here, but in general, the closer the group is to the reference time zone, the easier scheduling the meetings (and making them) will be in the long run.
Agree upon the group’s topic format
It would be foolish to study only when the group meets. However, a pace must be set to keep the group somewhat synchronized. To ensure optimal study time when the group is together, it’s important to establish what should be covered in the group and what should be covered on your own between meetings.
For example, simply reading a chapter of a certification guide together in a meeting is a waste of time. It would be more efficient if everyone reads the chapter ahead of time and brings certain review items to the group. That could be questions on the text for review, it could be creating some sort of virtual lab based on the chapter(s) and reviewing that with the group. Generally, reading should be done outside the group and discussion should be the goal of the group meetings. The whole reason to join a study group is for accountability and exchange of ideas, after all.
Now, let’s look at a few things we should NOT do.
DON’T:
Establish everything prior to creating the study group and saying, “Take it or leave it”
Study groups aren’t dictatorships. The reward for starting and running a group is that you can drive these discussions, but not decide them alone. Start with finding interested study group members, then start discussing things like ground rules, materials, and let the above details come out of that discussion.
Leave the above unvisited for long
Study groups change over time. Someone may get the cert knocked out before others, others may get refocused to something else. Someone new may join, People change and so must things like scheduling, ground rules, etc. Every 3-4 meetings it’s worth revisiting and ensuring all the details are up to date.
Waste your own time and others’ by being habitually late and/or distracted and failing to do the work
Time is a precious resource for us all. Most of us are busy professionals juggling work, family and other obligations. A study group is an investment of time towards a goal and that investment is easier for some, harder for others. It’s important to be respectful of your time and the time others are investing by being focused when the group meets, on time, and most importantly, on schedule.
Things happen and you may not be able to do the pre-meeting work one week, but it can’t become a habit. If the group is meeting to trade/review OSPF labs, as an example, failing to create your own OSPF lab to share means you’ve failed to contribute to the group’s learning. Once or twice, life can get in the way, but if this happens habitually, you’re taking from the group without giving back. Just don’t.
Forget the point of a study group is to get different ideas and views
IT is full of introverts but there’s a few of us extroverts here too. We extroverts have to be very conscious of ourselves because often, people who are introverted are content to listen. For some, English is a second or third language and they are self -conscious about speaking. The point is, don’t dominate discussions. Make an effort to engage everyone.
Fail to participate in group discussions and activity
On the other side of that coin, failing to share your ideas, views and knowledge also makes for an ineffective group. Teaching others is a powerful way to cement knowledge you have and find your gaps. Don’t deprive yourself of that opportunity. Others also benefit from your questions and clarifications. A lot of times, people are wondering the same things but are not brave enough to speak up thinking they may be the only one who isn’t ‘getting it’. Speak up, the study group is a place to get information you can’t get from a book, video or blog post. It’s real human explanation addressed to your specific question.
I hope this has given a solid framework of things to pay attention to when starting and running a study group. It shouldn’t be a stressful endeavor, though at the outset it can feel like herding cats. Don’t be afraid to do what works for the group as a whole. Don’t be afraid to firmly refer to the ground rules when they are broken. The study group has an ultimate goal of ensuring those within the group get certified. That’s the mission statement and so focus on that.
In this episode, women network engineers discuss the current realities for women in the network engineering space: the challenges, the support they’ve received, and how we can continue to make the industry a place that’s open to everyone. (Step one: ladies’ cut vendor t-shirts.)
In this article, we are going to discuss several parts of Section 6 – Automation and Programmability of Cisco CCNA Syllabus. Programmability and Automation are two huge and very hot topics in the world of Networking. Having Programmability and Automation skills is practically a requirement – so many organizations are adopting it. This article hopes to cover sub-sections 6.1, 6.2, and all of 6.3.
First, we should address the age-old question – Will Network Automation replace Network Engineers? No, this is a very common misconception. Automation is ultimately about consistency. Doing the same task over and over again manually can introduce human error. Sometimes these errors, while not catastrophic in nature, can be problematic and cause downtime.
An infamous example is adding a VLAN to switches throughout your network. In order for the VLAN to work properly, it needs to be created on each switch and then allowed on the trunk links that interconnect the switches. When adding the VLAN to the trunks a very common mistake is to forget the “add” keyword which will remove all VLANs that are tagged on the trunk and then allow the new vlan only. This simple fatal mistake has sent many a network engineers running with their laptop and console cable in hand.
A quick word about the above – This is a very common mistake. You will make this mistake in production and it will cause problems. But, find comfort in the fact knowing that many other network engineers that came before you have made that same mistake.
When using network automation you can get the syntax for the commands you need to send correct once, and then let automation do the rest for you. But, be aware. Automation is the tool that you use to deploy that thing over and over again. If you make a mistake it will do that mistake over and over again. So, always test your code before deploying it.
Automation and Network Management
Automation has changed the way we manage networks. In a traditional network, everything is done manually. From the deployment of new switches, updates to standard or baseline configurations, and deploying new network services are all done by the network operator.
In SDN (Software Defined Networking) Controller-based networks, a lot of the mundane repetitive tasks are handled by the controllers. Some examples of controllers in Cisco-based soltuions are: DNA Center in SD-Access, vManage in SD-WAN, and the APIC in ACI. The controllers handle all of the configuration deployment, as well as software upgrades, services deployment, applying security policy, and can even handle deploying new networking devices with Plug-and-Play or ZTP (Zero Touch Provisioning). This allows the network operator to focus on higher-level tasks like designing the network for scale and to best support the business, support operations, and more, like making progress on projects and other tasks.
The 3 Planes
In any networking device there are three planes of operation: The Management Plane, the Control Plane, and the Data Plane.
The Managment Plane is how the Network Operator accesses the devices and manages it. Whether it’s through SSH, HTTPS, or a Secure API and manually or via automation tools the Management Plane is where this takes places. This how the Operator tells the network device to function.
The Control Plane is where the device makes forwarding decisions. If we’re talking about a router then this is where Routing Protcols live, the routing table, and so forth.
The Data Plane is where traffic ingresses and egresses the device. This is literally the data being sent across the network, from an end user device out to a web server on the internet.
In a traditional network these three planes live on each and every device in the network. If you need to deploy a new security policy or update an existing one then you need to access the management plane on EVERY device in the network, or at least where the policy update is applicable, and update or apply the new rules. This is where Controller-Based networks make a huge impact.
In a Controller-based network the Management Plane is the Controller. This is where the Network Operator manages the network, regardless of how many network devices there on. The Control plane pushes the configuration, as described by the network operator, down to the devices. The networking devices themselves are the forwarding plane and just move traffic based on the instructions provided by the Controller. Let’s take a closer look at this in practice in Cisco’s SD-WAN.
In Cisco’s SD-WAN (Software Defined Wide Area Network) you have several pieces that fit within the 3 planes.
Within the Management Plane you have vManage, vBond, and vAnalytics. vManage is administrative interface for the rest of the network. vBond is the Orchestrator. When a device comes online either for the first time or after a reboot the device reports to vBond first and vBond will provide the device with the information on how to reach vManage and the rest. vAnalytics takes in all of the telemetry data and turns that data into useful information to be consumed by the network operator so they can make informed decisions about their network.
Within the Control Plane are vSmart Controllers. These controllers take the instructions from vManage and push the configuration down to the devices. They can also control the routing table for each device.
The Data Plane is composed of the routers themselves. In the above example it’s the vEdges, which is simply a Cisco SD-WAN capable router.
Overlay, Underlays, and Fabrics
Overlays, Underlays and Fabrics are very common terms that you’ll hear when discussing Controller Based networks. If you’ve ever looked at GRE or IPsec Tunnels across a network, like the Internet, then you already familiar with Overlays and Underlays.
In the example of a GRE or IPsec tunnel operating over the Internet, the Internet is the Underlay network. It provides the networking connectivity from one endpoint to the other. The Overlay is the tunnel being formed over top of the internet. The underlay is just forward traffic, it really has no knowledge of the overlay.
In, for example, a Cisco Secure SD-Access network the underlay is composed of network devices that move traffic. They don’t really even need to be Cisco devices, or understand what SD-Access is. However, the edge devices need do, because they use the overlay protocols to initiate communications.
Going back to our previous example of IPsec tunnels across the internet – the internet routers are not speaking or using IPsec to form the tunnel, they are just routing packets using protocols like BGP. The end-point devices like laptop and firewall pictures above are using IPsec in the overlay. In an SD-Access network the underlay is using a routing protocol like OSPF, and the overlay uses protocols like VxLAN or LISP – more on those later. But, only edge switches and routers need to understand LISP and VXLAN in order for the Overlay to work.
Finally, the Fabric. This term is used often and simply refers to the network where the overlay and the underlay are operating. Once you exit that you have left the fabric and are back in a traditional network, or perhaps a different fabric. Again, back to the IPsec tunnel examples, once the packet has arrived to the destination firewall it is exiting the fabric and entering the Enterprise network. That network maybe a Cisco SD-Access Fabric, so it’s exiting one Fabric and entering another one. The Fabric is just a term for controller based networks, and not just a traditional network.
APIs
First off, what is an API – an API stands for Application Programming Interface. It’s a way for someone to interact with a piece of software and APIs can even be configured to interact with each other. The API enables automation and programmability, as well as Orchestration. API’s typically use standard HTTP calls, which are verbs like GET, POST, PUT, DELETE, and PATCH. This of the HTTP GET like the Cisco CLI version of show. The show command lets you view configuration. The HTTP GET will let you view information as well.
The network operator can use tools and the verbs to get information and then send configuration changes. Automation and scripting can be used to make these changes as well. Additionally, when one system sees certain changes or things happening in the network they can be configured to send API calls to other APIs on other controllers. This is very common in the Data Center. You’ll have an API on the ACI controller, called the APIC that interacts with the virtualization controller, in VMware known as vCenter.
These are two different interactions. When a Network Operator is interacting with an API, or two APIs are interacting with each other, this is a Northbound API interaction. When the API is interacting with network, or other, devices that it controls, this is the Southboud API interaction.
Summary
In this article we discussed sub-sections 6.1, 6.2, and 6.3 including 6.3a and b of the Cisco CCNA 200-301 Syllabus. This article should be considered a starting point for the topic and may not be comprehensive enough to fully prepare the learner for the Cisco 200-301 CCNA exam.
In this episode, we interview author Eric Chou. Eric has written one of the most important books in Network Automation – Master Python Networking. Eric shares his career journey which includes working for two of the largest cloud service providers! Eric also shares with us all of the other content he is working to create for the community.
Competition is everywhere. Sometimes it is unavoidable. For instance, when you are looking for a job. You want to focus on you, skill up, and set yourself apart from the rest that are competing for that same job. It is definitely stressful, but can also be necessary when it comes to career advancement. Not always, but sometimes. However, job hunting is not the scenario that I want to cover in this post. In this one, I want to go over the scenario in which you are already in the role that you want. You are not only bright, established, driven, and hard-working, but you are also a part of a team. Let’s say in that team, there are some new, up-and-coming, less experienced members. Or maybe, there is someone within another department in the company that is looking for a change, and wants to explore your specialty. How would you handle something like that?
The Reflex? This obviously isn’t ‘one size fits all’, but I think a natural reaction could be to want to protect yourself. That first reflex might be to immediately enter the competition mode that was brought up earlier. Your mind could quickly take you to a far-end, worst case scenario spectrum quickly, if you let it. You could find your brain starting to race with questions such as:
Well, who is this new and ambitious person?
Why do they want to get into, and familiar with my responsibilities?
Do they think they are better than me?
Are they trying to take my job?
What if I train them and my boss likes them better than me?
Honestly, I think it’s fine if this is the first place your mind goes when this situation comes up. This competitive instinct pops up in me fairly often. I think it’s important however, to realize this happening, and shift the energy elsewhere.
Flip the Script As stated earlier, the strong competitive spirit, and looking out mainly for yourself has its time and place (job searching for example), but successfully functioning in a team environment is definitely not it. Let’s turn the tables on the situation. If you were the one that was new and trying to better yourself, would you rather have a role model/mentor to look up to and get assistance from, or a standoffish, information hoarding co-worker who looks down on you and pays you minimal attention? I’m hoping we all agree that we would want the former, rather than the latter. The ol’ golden rule seems to fit nicely here. Treat others the way you want to be treated.
Be the Ally Being an ally, a mentor, or even just someone who is helpful when needed can make a big impact on someone’s career and life in general. For me, the first step is to be observant. This could happen directly and obviously, with someone new joining the team. Or, you may just happen to see someone outside your direct team that is showing an interest in what you do and potentially wants to be a part of it some day. If you have the time and energy to spend, I encourage you to key in on that observation and reach out to that person. Some newcomers may reach out to you, but others might be a little more reserved. If you start the conversation, that can be the spark to making a real impact on someone’s career. Again, there is no ‘one size fits all’ here, your involvement can be varied based on your judgement. It can range from just making it known that you see that this person has an interest in career growth and you are willing to help out and answer questions; all the way to setting up recurring meetings with this person to provide assistance and advice. I assure you that any degree of assistance you give to someone in this scenario will be appreciated.
The Win-Win Now, this could be seen as selfish on my part, but I see no shame in gaining a benefit from helping or mentoring someone else. Now, if you get into a trend of only providing assistance when you know it will benefit you is another story. No, the win-wins I am talking about here are the indirect benefits you can gain from being that helping hand, and mentoring someone:
Teaching something is a great way to help you solidify your knowledge in a concept, and practice gathering your thoughts to present them to someone else.
Taking time for others can build upon the image that people see of you. You will be seen as a kind, thoughtful, and helpful person. People will want to share ideas and work with you.
To add on to the previous point, your management will see what you are doing. You will be seen as a team player, and maybe even a leader.
Again, try not to get the goal skewed. The goal is to show that you care and are willing to give back, with time and effort to someone who needs it. That might be because someone else did the same for you, or because you wish you had someone like that when you were coming up and now you want to be the difference maker for someone else, that you never had. Either way, the end result is the same. Someone that wanted or needed some help to further their career got it. I just wanted to highlight some indirect benefits that you could see by helping others.
Bert’s Brief I seem to often say this phrase on the podcast: “just be cool”. What I really mean by that is to be kind, considerate, and helpful. You never really know what someone else might be going through, and you can easily help be a reason that things get better, or at least pointed in the right direction. There are many different ways to help, but I think the most important thing to do is to just start. Don’t wait for someone to ask a question. Be proactive and start the conversation. Share that knowledge and experience, don’t hoard it. Be the ally, not the ego.
For years now, the ability to be productive has been changing. In many cases, you do not need to be tethered to a desk working off of a computer that is wired into the network to get things done. We have evolved from that practice, to leveraging laptops, tablets, and even smaller mobile devices such as phones to get work done and stay connected, not to mention the growing plethora of Wi-Fi connected IoT devices. Supporting a mobile workforce is key, and how do we do that? This is accomplished by building, maintaining, and enhancing robust wireless networks. Wireless networks and RF environments can be more difficult to plan, maintain, and troubleshoot in respect to their wired counterparts. As an engineer, you need to understand many factors such as:
What kinds of devices and applications will the wireless network support (ex: voice, video, location services)?
What is the layout of the space that needs to be supported with wireless coverage?
Are there walled offices with cubicles?
Is it a large open space with a high ceiling?
Are there long, narrow hallways?
Understanding the physical environment helps determine what AP and antenna type will make the most sense.
How many access points will be needed to provide both RF coverage and capacity support? With having to support the Internet of Things, having just enough access points to provide sufficient wireless coverage is not good enough anymore. We also have to be able to support large amounts of clients simultaneously, and that can mean that we need more APs due to capacity rather than RF coverage.
So, how do we plan out our wireless design? Then, once deployed, how do we validate the design to make sure it is functioning as expected? These common scenarios are exactly where NetAlly can help. For wireless network planning, the AirMagnet SurveyPRO is the application to use. For post-validation and troubleshooting, the AirMapper™ Site Survey application runs on both the AirCheck™ G2 and EtherScope® nXG to collect performance metrics and upload them to the Link-Live Cloud Service. This cloud service is included with the purchase of a device in the network tester portfolio. Within Link-Live you can create and view visual heat maps to see how the design measures up. If it is determined that the design needs to be modified; once the changes are implemented, you can run through the Air Mapper process again to check the results of your modifications. The goal of AirMapper™ Site Survey is to take the stress out of wireless site surveys by allowing you to gain meaningful data quickly and easily. The primary features of AirMapper™ Site Survey include:
The ability to view SNR, noise, and interference measurements directly on the AirCheck™ G2 or EtherScope® nXG devices.
Comfort of completing full enterprise site surveys without balancing (potentially clumsily) a laptop and multiple external antennas.
Find rogue devices with automatic triangulation of wireless access points on a floor plan with the use of the Link-Live Cloud Service.
Even complete Bluetooth/BLE surveys with the EtherScope® nXG to gauge Bluetooth coverage areas.
Automatically find typical Wi-Fi issues with the new InSites™ feature in the Link-Live Cloud Service.
A versatile feature of the AirMapper™ integration with Link-Live is the ability to view different types of heat maps. Typically, when I think of a wireless heat map, it is just strictly the AP coverage, or essentially a visual representation of each access point’s signal strength. Well, that is just one of the many pre-configured heat map visualizations that exist within Link-Live. The pre-configured heat maps that you can choose from include:
Signal (dBm)
Noise (dBm), SNR (dB)
Co-Channel Interference
Adjacent Channel Interference
AP Coverage
Min Basic Rate (Mbps)
Beacon Overhead
Max Tx, Max Rx Rates (Mbps)
Max, Min MCS
In addition to the existing features, NetAlly recently released the InSites™ Intelligence feature into the AirMapper™ platform by directly integrating it into the Link-Live Cloud Service. The InSites™ Intelligence feature allows customers to create custom pass/fail thresholds so that when survey data gets imported into Link-Live, users can quickly and easily see where potential issues reside in the Wi-Fi environment. In addition, InSites™ will also automatically filter and show the problem areas right there on the floor plan. A major goal of this feature is to provide actionable data to IT generalist teams so they can make intelligent wireless decisions without needing to be Wi-Fi experts. This can be a simple, yet powerful way to get through root cause analysis.
The different customizable threshold categories include:
First AP Coverage
Secondary AP Coverage
SNR (dB)
Co-Channel Interference
Adjacent Channel Interference
Beacon Overhead
Max TX Rates (Mbps)
InSites™ Intelligence takes the data supplied to the Link-Live Cloud Service from the AirCheck™ G2 and EtherScope® nXG analyzers and provides an easy to digest view into the ‘goods and bads’ of the wireless infrastructure. For each metric category, you can simply see if the environment test is a pass or fail, what the threshold limit is set at to determine a failure, and the value of the worst reading in the environment.
Let’s face it, gaining actionable insights into RF environments can be difficult without the right tools and applications to help. It can force you to spend time inefficiently guessing and checking to try to get to the root of the problem and implement proper resolution. In some cases, you just need a visual representation of the physical RF environment with metrics that can allow you to see problems and data to help point you in the correct direction to resolve those issues. The combination of the NetAlly network testers, AirMagnet SurveyPRO, AirMapper™ Site Survey software, and the Link-Live Cloud Service can help you do just that. For more information, check out this introduction video to NetAlly and their products.
For more information on NetAlly network testers and analysis solutions visit www.netally.com/products
***This article was written by Patrick Kinane. We thank Patrick for this contribution!***
I recently used my Cisco Time2Give to help families in my local community via Toys For Tots. While I was there volunteering for 7 days, I was fortunate enough to do a little of everything from receiving toys at the warehouse to sorting the toys and filling orders, even delivering toys to a family. I will elaborate on my experience, but here is a short list of cool things that happened throughout my Time2Give.
Working with Toys For Tots, in general, was pretty cool (details and pictures later)
Seeing fellow Marines I’ve not seen since 2012
Working alongside my new team (which we are all remote) and working with Cisco Partners from ePlus
Getting to know people who were delivering toys (I always asked where the toys were coming from)
My Toys For Tots journey
Delivering toys to the house of a recipient family
Shout out to fellow Cisco employees
Let’s go on down to the unit and dive into things. Note: I am a Marine; I like books/blogs/reading material that has plenty of pictures… That’s right, reading material = pictures. Other note: I promise there will be a lesson here for people working in (or aspiring to work in) tech.
General Coolness Working with Toys For Tots (T4T), in general, was pretty cool. Just seeing the piles of toys coming and going. Getting to be a part of it. I do not have the metrics from this year as the current T4T campaign is just now coming to an end. I was able to get the metrics from 2020 though, and I expect this year’s numbers would be comparable.
27,000+ children received toys from the local T4T campaign (servicing North Carolina)
Roughly 80,000 toys distributed
$86,000 raised
The basketball courts and the warehouse. That’s where all the magic happens.
What it looked like once T4T launched.
Among the highlights of the campaign, for me, was when a U-Haul van filled with $28,000 worth of toys arrived:
It took a very long time to offload that truck. You cannot see all the bicycles under that massive pile of toys, but there were so many really nice bikes. I asked the driver where the toys were from, he said a family donates each year, and last year they did $22,000 worth of toys (I will revisit this later).
One of the Cisco Volunteers (Michael Dayton) started a toy drive in their neighborhood. Michael was collecting toys at his house, and then in the morning, he would bring the toys to the warehouse. Then the toys would be offloaded and sorted accordingly. Afterward, Michael worked the day helping with whatever tasks were waiting. One more thing about Michael, he is a former Marine (SFMF). The next photo shows just one of the toy hauls Michael and his neighbors collected.
Reconnecting With People Something to note about the unit where we did T4T is that I was once a Platoon Sergeant at the same unit; with two other Sergeants (Hudson and Presslein). The uniformed picture captured the last night we were together (back in 2012). That night Hudson and I got pulled over in a taxi by 9 sheriff deputies, but that’s a topic for another time (maybe something to cover in a podcast episode of The Art of Network Engineering). The following picture is Hudson and I at our old unit, assembling bicycles for T4T.
I was also able to work with two other Marines from the old unit. One of them is Lewis, who is the CEO of SPOTR. He does a ton of great work for the community (locally and nationally) and does work with USVC. Hernandez is the Marine I was referring to in this tweet. This is one of the important lessons for people looking for a job in tech. She is about to graduate with a degree in cyber security, and she met cybersecurity professionals. They discussed which certificates to go for and why; furthermore, she received some excellent guidance with career development and job market trends. People also started reaching out to their networks to ask about vacant cybersecurity positions.
Team Building and Partner Relationship Building Several people from my new team were able to join us, and working with my new team, in-person and sitting down together for lunch was huge! I believe it was an intense way for us to finish out our first year working together. It was also great that new relationships between my current team and people from my previous team were able to take root. Even more beneficial is that we worked alongside Cisco Partners from ePlus, which facilitated some Cisco Pre-sales Eng interacting with Cisco Partner Pre-sales Engineers (Brian Meade specifically – those in collab may know his name).
What’s The Story Behind The Toys? I would get to know people who were delivering toys, and while talking with them, I would always ask about the background of the toys. Some originated from office toy drives such as a dentist or doctor office, others neighborhood toy drives, often a fire station (bring a toy and get to ride the fire truck), some veteran groups, and boxes outside local stores (Walmart, Target, Starbucks, Grocery Store, etc.).
What about the family who donated $28,000 worth of toys? The gentleman driving the U-Haul of toys is a local firefighter. He let us know the family lost their son in a tragic car accident in 2003. The family donates all those toys in honor of their son, and it is incredible how something so sad has also become something so amazing.
My Toys For Tots Journey I joined the Marine Corps out of high school. This took me from New York to some yellow footprints, and I eventually landed in Huntsville, Alabama (for a few months to learn a job). While I was there, it was the holiday season, so we Marines helped with T4T. The best part of that experience was interfacing directly with the families. While giving a bicycle to a family, it reminded me of when I was a kid, and someone delivered toys to our place (good ole 1994). I remember getting a bike from him and wondering why, but not thinking much of it because I was psyched about the new ride. At T4T in Huntsville, I realized the deal with the toys and bike from that day back in 1994.
While on Active Duty that was my last time working with Toys For Tots; however, I joined the Marine Corps Reserve after my time on Active. This is important because Toys For Tots is a Marine Reserve initiative. So I was back to interacting with T4T during the holiday season while I was a reservist; however, I left the unit in December 2012 because I began working at Cisco in January 2013 and I wanted to put all my focus into Cisco.
While working in Cisco TAC (pre-covid) I used to work with several other veterans to help facilitate the T4T drive throughout the Cisco RTP campus. I eventually stepped away from Toys For Tots (having more kids, studying for CCIE, etc.); however, this year was my first time back since pre-covid and it was awesome!
Something I want to reiterate is, my experience and the experience of my fellow Cisco employees was made easy by Cisco providing us with Time2Give.
The Best Part There’s a family about 20 minutes away from where I live today. The children lost their dad earlier this year, and a wife lost her husband. A mom and dad lost their youngest son, and two brothers lost their younger sibling. Assisting families during trying times is one of the most rewarding things I’ve ever done. I wish everyone who donates their time, money, food, toys, etc., could see the impact of their efforts because it is beautiful.
In this week’s episode A.J. and Andy interview David Alicea! While David was exposed to the Cisco Networking Academy at a young age in High School he actually didn’t land in Networking until later on. Since then he has been a career Network Engineer and recently landed himself a position at the mothership, Cisco. Hear how did it all in the week’s episode!
A.J.: [00:00:00] This is the art of network engineering podcast
This podcast
and share the stories of fellow
David: network.
A.J.: Welcome to the art of network engineering. I am A.J. Murray at @NoBlinkyBlinky. How are we doing tonight? No, that’s Blinky Blinky, Blinky,
uh, Andy and Andy laptop. All things Andy can be found at permit IP. Andy, andy.com. Danny, how are ya, man?
Andy: Um, I’m better than I’ve been in a really long time. And, uh, I tell anybody why yet?[00:01:00]
A.J.: What does it say, Randy? You’re killing.
Andy: You’re killing.
A.J.: I know. Isn’t it. Time to let the cat out of the bag? I don’t
Andy: know. I feel like the whole team should be together. I feel like maybe it’s too early. There’s some timing stuff that, you know, it’s going to be great. And I’m really excited. Let’s build some suspense.
I have a cool announcement. Yeah. There’s, there’s a cool announcement coming. I think there’ll be a lot of happiness for me and, uh, just know that I’m making a big change and I’m very happy about it. So overdue, but it
A.J.: shows,
Andy: it shows. I’m sorry. You guys have had to put up with, uh, a whole Andy for two years, but you know, I, I, I apologize.
That’s what, you know, you’ll find out who your friends are, right. People that put up with. It’s your toughest times and coming out of some of that. And, uh, yeah, you guys are still here, so thank you friends. I’m good. Hey Jay, [00:02:00] tell me, are you doing,
A.J.: doing very well? I have completed week three of the new job.
I’m settled in pretty acclimated to have a bunch of projects assigned. So in fact, I’m taking my first work trip tomorrow. Get to go to Maine, work on site with a customer. So I hear Maine’s beautiful.
Andy: You got to like get the hang or you’re just in and out.
A.J.: Um, I’ll hang for like a night. Yeah. Yeah, just onsite for one day to do a quick switch install.
So sweet man.
Andy: That’s great. That’d be good to get your first one under your belt, the new place, right? Yep. Yep. That’s great.
A.J.: Maybe switch a little switch chassis, switch a little switch. Actually. It’s pretty funny. So this customer is somehow got their hands on. No shit. One of the last 5, 29, 60 Xs. That’s Cisco
and now they’re gone.
Andy: Wow. Are they like.
A.J.: But over there end of life. End of sale. No more. And you’re you, you want [00:03:00] to
do the install on this one,
Andy: so well, can you get support on end of life? I always there’s end of life. End of support. And like there’s a
A.J.: well, there’s, there’s end of sale, which means that’s the last time that you can sell it or buy one. Uh, and then there’ll be end of support, which means you won’t be able to renew your support on there.
And then there’ll be like absolute end of life. Like not going to touch it anymore.
Andy: So you’re going to install switches that Cisco no longer will support.
A.J.: I’m going to install switches at Cisco no longer will sell. Oh gotcha. They will continue to be supported for the next, I don’t know how many years I’d have to look up,
Andy: but awesome.
Yeah. I always get close. Get confused in the different end of. Terminologies. Good stuff, dude. Don’t break spanning tree, right?
A.J.: No, I won’t. I promise I’ve done it.
Andy: That’s all. I’m just saying don’t pick Spanish rates.
A.J.: I know I’ve done it too.[00:04:00]
And now it’s time for some wins. Winning in our discord channel this week is Dalton B. They moved into their first network position coming from the service desk in their organization. And they’re currently working on their CCA. N a congratulations, Dalton, U M U T C 24, late at an it support position.
Congratulations, Carlos RM passed the Jan CIA Juno’s ticker bit it’s past the J and CDA. Congratulations to grits. Number Mang past the dev net associate who was staying Pilgrim past two exams this week, the NRC and the CISP congratulations. RFG labs passed to CCNA and smiling. Chris, our very own smiling.
Chris was promoted to networking and InfoSec manager. Congratulations, Chris run and. Took on a new network engineer position and starts [00:05:00] Monday. Congratulations, run and myrrh pup 5 69 past the Encore. Big win there. Congratulations. MoPOP welcome. And thank you to new patrons, Ryan, Eddie, Canada, Adam Smith, a new identity, and yet sick.
Thank you so much for your support of what we do here are the art of network engineering podcast. And thank you to all of our fans for listening and downloading and liking our content. Following us on all of our social platforms, uh, that really helps an awful lot. Uh, if you’re interested in joining the Patrion program, you can go to patrion.com forward slash art of net enj.
And I want to personally wish all of our listeners, a very happy and safe holiday season. Thank you so much for listening to the art network engineering podcast. Now back to the show. I am very excited to introduce our guests tonight. If you have spent any time on Twitter or in our discord, [00:06:00] you are completely familiar and should know the name.
David Alicia, David, welcome to the show. I’m so excited to have it here.
David: Hello, everybody happy to be here?
A.J.: Oh yeah. So, uh, if, if you’re not following David, if you haven’t talked to him, uh, then you will be happy to know that, uh, David has recently changed jobs and, uh, and so David, where do you work these days?
I
David: am currently working at a small organization. I am currently at Cisco. Ah,
A.J.: that’s awesome. That’s awesome. So I’m sure like many, a network engineer in our field landing at a, at a large OEM, such as Cisco is. The dream, right?
David: It’s it’s been a journey I’ve been trying to get the Cisco for a while now. Yeah, door’s just never, uh, never opened in the past.
And then things worked out and [00:07:00] you know, it was the right time. That’s one thing. I believe that if something’s not working out, it’s just not the right time it’s going to happen. It’ll happen in the future.
A.J.: I think we were talking about this earlier. Somebody commented something in the failure plaques channel, right?
I think you would comment on, on there too, but like, uh, when you get to know that beans new opportunity. So sometimes it’s, it’s just about timing, right? Like if, if the world’s telling you now it’s not the right time, like the something better is coming your way, don’t get defeated. Uh, when you, when you get to know, and just like you said, you had gotten to know a few times from Cisco before, but this time they said, yes, and here
David: you are, that’s natural.
I mean, it’s natural to, you know, if you get rejected, it’s natural. Like, well, you know, what’s wrong with me, but it’s just not the right time. You go back, you get better, you continue improving. And then from there, doors continue
A.J.: to open. Awesome. And so what, what do you do for Cisco?
David: So I’m a systems architect in enterprise, uh, near Chicago.
[00:08:00] Um, I have three customers that I work with. I am three weeks since I am learning as much as I can about them. And as well as furiously bookmarking, all the links that people are sending, there is a lot to learn, uh, you know, coming from an organization where we had, you know, 3000, 3,500 employees to an organization like Cisco, it’s, it’s a different animal.
So it’s, there’s a lot to learn. There’s a lot of people to, to figure out who does what, uh, so I do appreciate the people that have reached out to me from Twitter though. There’s a, there’s people at Cisco that, that I follow them and they follow me and they’ve reached out on WebEx and like, Hey, it mean it.
So I, I appreciate that. It’s it’s, everybody’s been very cool.
A.J.: So
Andy: you said system architect, right? Sorry. Yep. So, so that’s like the essay role, right? You also hear it like se so. Okay. Can you explain to people because I I’ve recently learned about that role and I’m still not sure. I understand. What an [00:09:00] essay does.
David: So I am a partner to the customer, right? If the customer has any technical concerns, if the customer wants more information about different product lines, uh, if the, if the customer needs some advice, uh, if the customer needs some assistance, uh, assistance, roadmapping, anything that has to do with Cisco and technology, I’m there to assist them.
I’m there to be, uh, you know, the hands and feet is needed. Right. Um, of course there’s other partners that they work with, but from the Cisco side, uh, I am the one that’s given me advice along with the account manager now.
Andy: So it sounds a little bit like sales, but it’s not a sales rep.
David: It is still under the sales umbrella.
So that’s definitely coming from operations, going into sales. This is my first sales role. It’s a, it’s a different, uh, you know, it’s a different world, so there’s a lot to learn. Uh, and I’m, I’m diving head first into it. Pre-sales right.
Andy: I consider that pretty,
David: pretty much. I mean, even, [00:10:00] even after the fact, I still support the customer through the entire process.
Andy: Right. So I’m in an organization and you’re assigned to my account and I’m like, Hey, we got upgrade some switches and we’re not exactly sure what we want to do. Maybe we go to spine leaf. Now we’ve got to talk to David and you can direct us through, Hey, here’s, what’s going on? Let’s talk about your needs.
Right. Here’s our
David: product lines. Yeah. How does it fit into your ecosystem? Is there anything better that we can do? Uh, you know, the goal really is that everything’s working together, right? We don’t want something to be siloed, want everything to work together for your benefit. Awesome.
A.J.: So what I’ve been under the impression of in, based on being a customer myself and now working on the partner side is that, that kind of relationship between your, uh, your sales, uh, account manager and then the essay it’s kind of like, almost like CFO’s CIO kind of like advisory role to the business.
Is that kind [00:11:00] of, uh, an accurate ish?
David: Yeah. I mean, right now I’m, I’m trying to meet as many people as I can on the customer side. I mean, I’m sending notes and like, Hey, you know, I’m here. I want you to know, Hey, I exist. You know, I wasn’t here before reach out to me. I want to have a relationship with you. So I just want to be there for you.
That’s really what I’m working on now. But yeah, it’s, it’s really that
A.J.: very cool. Very cool. Well, you haven’t always been at Cisco and you haven’t always been into it or network engineering. So what, what kind of, you know, originally, oh, so long ago, or maybe not. So also long ago, uh, got your interest, got you into it.
David: So pretty much it was back at high school. Uh, you know, one of the, one of the classes that was offered back in high school and, you know, I’m, I’m, I’m 35 years old right now might not look at, but it’s cause I shaved my head, but yeah, back then in high school, uh, there was Cisco networking academy, [00:12:00] so that’s interesting.
And then
A.J.: your high school, you had it, you had a Cisco networking academy. I don’t think we’ve heard that too much. I think we’ve heard like network academies at like colleges and stuff, but I think we’ve heard it too much at high school, so that’s
David: really cool. So quickly we put it in high school.
Andy: Quick point when I was in high school, I don’t think we had internet at the high school.
David: Just a couple computers. We had
Andy: a computer lab, but I’m pretty sure there’s no internet. I’m just, I’m just level-setting as you know,
David: you’re not as you have a whiteboard, was
A.J.: it still
Andy: chalkboards? It was the stone tablets.
A.J.: The overhead projectors would like to really
Andy: I’m sorry. Ignore my dumb jokes, David.
So you’re in high school and you heard about Cisco networking academy. You’re like, huh, this is maybe a thing
David: that was one of the choices. And I believe it was tied to as well as getting college credit. [00:13:00] So from there on, on, I think every Tuesday and Thursday, I was able to go to university to take, uh, to take a class at the university and I would get college credit beforehand.
So, you know, my mom pushed me to those programs. It’s like, do as much as you can. Um, you know, my parents education was really, you know, almost non-existent. I mean, my, my mom for years worked in housekeeping and my dad, I remember when I was young going around, picking up scraps of metal and sell them at different places.
I mean, that was really the history. So they wanted me to do, uh, even better. Right. So any program that opened up, go do it, go do it. It’s going to be good. No, don’t do this. Don’t pick up scraps like me. That’s what my dad would say. You know, you can do so much more. So I was like, Hey, you know what? I’ll, I’ll take that advice.
I’m a big believer in education. So Cisco academy and in high school was really a door that opened up, uh, for technology, right. It wasn’t exactly, you know, networks [00:14:00] interested me at the time, but it wasn’t what I dived into when I actually went to college.
A.J.: Okay. So you didn’t leave high school with your CCNA?
David: Nah, no, no, no. I know there’s some people out there, there are, that’s great for them, but I did not. And my plan actually was to do programming. So when I went to college, I was looking at web design. I was looking at programming and that that’s really what my bachelor’s was. Computer information systems.
Was it database administration? Um, I, my goal was to do DBA as well as do some web design on the side, things like that. And it just never materialized.
Andy: You went through the Cisco network academy and you did not get your CCNA.
David: No, what they did in high school actually is instead of, instead of the CCNA, they had us take the A-plus, which was interesting.
So they, I remember that because I failed it. Didn’t pass. Plus
Andy: that’s the hardware. And [00:15:00] that would be a good place to start right in your journey. So
David: we would sit, we would sit in the classes and you know, our professor. I remember, I remember we would always call him coach, coach Colbertson somewhere on LinkedIn.
I’m sure I’m listening. Right. He’ll probably listen to this. I’m sure. But, uh, yeah, we always call him coach. He was a great teacher and that’s one of the things that really, uh, continue to spark that interest in a bunch of the students is because he had such a good personality that he could bring us into the lesson.
And it’s like, look, you know, look at, this is how the internet works. You know, this is, wow, this is great. This is how I can get the most.
Andy: Did that grab your attention at the time? Like, oh my God, this is magical. Like,
David: I mean, this is how communication works, you know? So that was interesting, but it wasn’t interesting enough that when I went to college, I was like, oh, I want to do this for the rest of my life. I still had that interest in design and creating websites and doing programming and learning that, that side of the house.
Andy: So quick, quick question. [00:16:00] Before we struck a chord, when, when you talked about your parents and how. You know, I don’t want to say they struggled. Right. But like you said, they didn’t have much of an education and they, they worked hard jobs that, that rings true, you know, for me to a certain extent. So do you feel, did that have any impact or did that mold kind of what you wanted for your life?
Like, you know, I have, so I have like memories, right. Of like certain portions of my life where like I wasn’t wearing the nice clothes. The other kids were like, you know, when you have these experiences, sometimes, you know, as a child that like stick with you and I, for me, I remember thinking, you know, like someday I want something different.
Right? Like I don’t want my kids to feel like I feel right now, you know, and I know that that’s kind of like heavy and crazy, but you just hit me. How was it growing up right. With like parents that weren’t educated and really had to work hard. Like, did that have an impact on you and what you wanted?
David: It did.
I mean, you hit the nail on the head. I [00:17:00] mean, really it was, I mean, to me it was, what’s going to be my legacy. Right. You know, my parents, you know, they dived and did everything that they needed to do. Uh, you know, they, they poured into me as much as they could. Right. So I want to do the same thing for my kids.
Right. So what’s going to put me in a place where I can pour as much into my kids as I can, you know, you have to get better. So that’s definitely something that I was looking for, even when I was young. I mean, even when I was young, I think I had, you know, the soul of an old man. I mean, that’s just how it works.
Um, I even, I even got married early, so my wife was 19 and you know, I was 22. The reason we got married early, we’re just all, you know, we, we look young, we’re old people mentally.
Andy: I love that, man. And how, how did you. Did you, so computer science, I’m jealous of people like you, right? Cause I failed at a computer side.
So did you always know that something you wanted it was that a natural progression for [00:18:00] you? Did somebody recommend it to you?
David: I think we went through, I remember sitting down and then looking at all the programs and that was the program that really spoke the most interest. It’s like, oh wow. I can learn programming, create something for myself at the time.
I remember, I think, I think X-Box had X and a, which was like the Microsoft developer for X-Box and stuff like that. So then that interested me a bit. So I was buying X and a books. I think I still have one or two behind me.
Andy: Um, that was interesting language under the
David: hood of, for X-Box for X-Box yet to create games.
It was X and a pretty much loud thing, but it used C-sharp. So that’s an, they utilized these sharp bikes and I guess was just the architecture of the program. But, um, Yeah, that was interesting to me, creating something from scratch, creating a game, creating a site, creating something that I could call my own that sparked the interest.
So I went in that direction and, uh, and somehow I ended up in database administration and I [00:19:00] in sequel and Oracle and all this, I don’t know how, but that’s the track that I went into. Uh, but it still involved me learning, C-sharp learning Java, uh, which I now have completely forgotten so long and I haven’t used it, you know, use it.
Uh, but, uh, at, at one point, uh, I was able to get a job one, the beginning, when I first started college, I got a job at the help desk, which was extremely beneficial. I mean, if you’re starting out and you’re starting for a place, you know, to look and learn a help desk, a service desk is definitely a place that
Andy: I’d recommend you get that in college to help us spot.
Now, was that an internship through the program
David: student worker? It was a student worker spot. So, uh, I worked for the help desk. I picked up the phone professors and students yelling at me, complaining tickets, all this stuff, I’d go around, running around imaging computers, you know, uh, formatting stuff. I mean, there was just a ton of stuff that we had to do.
Um, I [00:20:00] remember we had a DBA at the campus and for some reason, Uh, she had me running Oracle scripts, like to create student accounts or something. I remember that. So that was pretty cool. There was a bunch of stuff in the beginning, the campus wasn’t centralized to all the other universities. So we had their own exchange, throwing everything.
So I remember creating email accounts when I was a student worker. I mean, there was a ton of stuff I did. So, um, it was a little bit of everything and that kind of, that helped me piece together, you know, all these different areas and it, and how they work
A.J.: together. Hmm. Very cool.
Andy: Getting that experience, man.
It was huge. That’s amazing. My experience. I couldn’t get arrested when I graduated because I didn’t do any internships. And I was, I was working full time, you know, waiting tables, pay my rent and stuff. And my buddies who did internships, they all had, you know, multiple offers when they got out and you know, I’m in a row and they’re like, where have you worked?
What have you done? And so anytime I hear, you know, where somebody is in [00:21:00] college, right? Like, Hey, what should I do? Like get experienced if you can, like, you know, there’s, there’s internships, there’s student work. You’re getting hands on. You know, not that that turned into a job for you at graduation. Maybe it did.
You have experience, which is what everybody wants, right. When you get out, what do you know, what
David: have you done? And I think the biggest part is, you know, getting to know people, you know, cause in the university, I got to know the other teams to help us managers, you know, th th th there was a network team on site.
Uh, so I got to know them. Uh, I got to have a relationship with them, build that relationship up, uh, even as a student worker. So, I mean, one of the things that I always tell people is, you know, work hard, you get noticed, right? We were talking about that, you know, before the show is like, work hard, you get noticed, you know, 99% of the time, if you work hard, if you put in the work, somebody’s going to look at you and be like, wow, this person busts.
They, you know, they deserve to move up or they deserve something right. 99% of the time. There’s always that 1% that it doesn’t work out, but I didn’t have present of the time. [00:22:00] Somebody will notice you. So that’s really what happened. And, you know, there was a desktop, a full-time desktop support, uh, with the university that opened up, you know, to drive around between the satellite locations.
And they, they asked me if I was interested in it, you know, it wasn’t the greatest pay in the world, but it was like, you know what, I’ll take it. You know? Cause there was some benefits behind it, you know, they would help pay for, for some of the schooling as well. So it was like, yes, this is great. So there was some good benefits behind it was that.
That was full time and you are still in school. I was still in school, so I was still going for my bachelor’s. So did
Andy: you have to scale back on the amount of classes or did you do full-time school
David: by the, by the time I got the full-time desktop support, I was pretty much almost done. Okay. Um, so I did that for about a year.
By that time I had graduated, um, After desktop support with the university. Uh, another spot with the university opened up, which was a lab manager position, which was being a manager, a supervisor to the [00:23:00] student workers. So I started managing the student workers, you know, picking the schedules, helping them out with escalations, things like that.
Uh, and I was like, Hey, you know, we were working with this guy now he’s the boss. So it was pretty cool. I got along with everybody like everybody, you know? Um, so I think, I think it was, it was pretty good. And, and, and it helped me, it turned me into a little bit of a teacher because at that point, you know, I was showing the student workers, well, this is how you do things.
This is what’s the best way to, you know, image this procedure, you know, careful with that professor. You know, I think it helped out a lot. And doors continued to open after that, within the unit.
A.J.: Wow. Very cool. So as a student worker, was that like a paid position or was it just the work experience that you got?
David: There was a paycheck. Yeah, I wouldn’t say it was a lie. You know, the government was paying something. I know it through the school, but there was a paycheck and, you know, I was able to take my girlfriend at the time. I, you know, on a [00:24:00] date to cellies or something somewhere, you know, I’d worked out
A.J.: and
David: I got, I got the bills paid, but you know, my, my parents, I was still living with my parents and they were helping me out as much. They go, you know, that’s one thing that I’ll say that, you know, Throughout my time in high school and the university, you know, they, they did everything they could to make sure I was successful.
So that’s one thing that I, I do say, and I want to thank my parents for everything they did, because obviously, you know, if they hadn’t pushed me as much as they did, if they hadn’t helped me out, uh, you know, by talking to me and even monetarily, I wouldn’t be where I’m at today. Right,
A.J.: right. That’s awesome.
That is awesome. You’re you’re a supervisor at the university. How long did you work for the university?
David: Uh, I was honestly, I was there for I at the campus at the campus and it was the campus in Chicago. I was there. I mean from 2005, through [00:25:00] 2009 in various positions, eventually I was managing the help desk.
I was managing some of the other lab managers who managed the student workers. And these were full-time, you know, adults that I was managing at that point. Um, So, I mean, I continued to do my fan. I continued to work and learn and teach pretty much as much as I could. Um, and eventually, um, you know, I was in a, in a position where I was able to help at the campus.
I was able to help the, the network team. So there was a network team that took care of all of the campuses around the U S uh, they would, they would install the switches. They would do all the work, they would change the lands, they would do everything. So they placed a little bit of trust in me. And they said, Hey, you know, you’re at the campus and we know you, you go install this right.
You help us out. Uh, so that is really what opened the door. Into network engineering. Right? So that sparked the interest. I was like, this is pretty cool stuff, right? This is, you know, the roots of communication. This is where it’s at in the closet, so that, you know, they [00:26:00] continue to put some trust in me and to, to give me things to do upgrade this or help somebody out with, you know, taking, uh, taking a blade out of the 6,500 and swapping it out.
Uh, so those opportunities continue to pile on, uh, you know, they probably didn’t want to do the cable work. So I ended up doing all the cases. I’m sure there was a little bit of that, right. I enjoyed it. I mean, it was just like, this is great. Um, so there came a time where corporate needed somebody to help out with physical security.
They had a huge physical security project to switch everybody over to Honeywell, I believe. Um, so they, you know, I was voluntold. I was like, they’re like, Hey, you’re perfect for this. This is a great project that you can assist with. We’re going to take you out of your help desk manager role. And you’re going to come to corporate to help us out with this.
So I, I did that for six months and eventually it was like, um, you know, my, my, my boss at the time was like, well, you know, we’re filling up your position cause you’re probably going to stay at corporate. And I’m like, well, I don’t want to do [00:27:00] physical security, you know, for the rest of my life, I want to do something else.
So at that point I felt sort of homeless. Like where am I going to go? Right. So, uh, that’s when I started just looking outside for something else and the network team heard that I was looking in. Well, one of the engineers that I had a good relationship with, they’re like, Hey, we have a spot open. Are you interested?
I’m like, yeah, I’ll, I’ll go. You know, that’s definitely something I was interested with. And, and, you know, I knew them. And honestly, the interview was like, Hey, you know, do you want to be a network engineer? Yes, you’re hired. That’s really what it was because
they, they already, you know, the network engineer that, that, um, that was working with the campus that was helping me out. He was the one teaching me everything. So he knew technically, you know, where I was, he knew everything. He was the one that taught me everything. Yeah, this was at the university. Now it was [00:28:00] at the corporate side.
Andy: Yeah. They knew you, they knew your work. You had you’re like 17 managing people.
David: I was young. I was 1920 managing people. I mean, it was interesting, but at the same time, I was trying to soak up as much as I could and learn. I kind of resentment
Andy: that you didn’t have a technical interview for your network engineer only because the pain that I had to endure for mine, they mopped the floor with me and made me cry and then gave me a job.
You’re just like, yeah, my second interview,
David: my second interview with my, within the second place was definitely a little bit more technical, but yeah, it was like, Hey, do you want to be a network engineer? Yes. That’s what that, that’s all it was. Oh, university
Andy: is that? Yes. I’m sorry. You believe it was because.
David: Uh, cause I, I, you know, I spent that time building that relationship. Right. They knew me and they were the ones that taught me. So they knew who I was. They knew [00:29:00] I was responsible. I was a hard worker. That’s why I always say work hard, get noticed, right. Work hard. And you know, sooner or later it’s going to happen, have some patients.
Um, so I, I spent, uh, you know, as a network engineer there for corporate, I spent five years.
A.J.: Five years. Okay. So that, so I’m trying to keep track here. So this was like 20 13, 20 14.
David: I started as a network engineer in 2011. So 20 11, 20 16.
A.J.: I did a couple of years of the security thing. Maybe
David: I did. It was about six months or so beginning of 2011 when I did physical security project.
Uh, and then at the end of 2011 is when, when I was in a position opened up for network
A.J.: engineering. Okay. Got it. Got it. So you were doing the network engineer thing for corporate. Did you work primarily with Cisco? Did you [00:30:00] decide to go after your CCNA?
David: So it was, it was a mixed environment, was a mix of Cisco and Juniper and the data center.
So it’s a mix of both. So I had to learn both
it was definitely the
at the time I was used to Cisco already from the campus, you know, putting in V lands and different things on switches with Cisco. That was like, when I get to the data center and there’s Juniper, I’m like, what is this stuff? Right. But it was sort of familiar because Juniper had that programming feel to it.
So it was interesting, but I wasn’t, I wasn’t even thinking about certifications at that time that, that wasn’t something that anybody had taught me that wasn’t something that anybody had spoken to me about. There was a person in the team that was working on their CCIE and they were going through their second attempt.
And, uh, pretty much he spent some time talking to me and about the [00:31:00] importance of certifications and, and how you can learn a lot of from certifications. And that, that sparked the interest. And I was like, oh, maybe I should take a look at a certification that I can know. I can jump into her learn. Uh, so I that’s when I went for the CCNA.
Uh, but yeah, that was, it took somebody to, to sit down with me and explained to me like certifications can help you with certification, even though you might not use it for a particular job. You’ll learn a lot out of the process.
Andy: And it was this, the CCI you guy is that who you were talking to us as the
David: CC again,
Andy: it’s one of those things that you’re just sitting down and getting to know him.
What’s up, I’m studying for this thing. What is that? And then you kind of started to describe the value of certifications. Yeah. Yeah.
David: That was a breath of fresh air. Cause I mean, honestly, you know, a lot of, a lot of places that, you know, in the past that I’ve seen, you know, there’s people that are there, they’re working there, they bust their butt, but they’re comfortable.
Right. So they don’t want to get better. They’re they’re good at where they’re at. They want to stay there. They’re happy. [00:32:00] Right. And then there’s people that want to go that extra step up. Right. They want to do something harder. They want to learn something new. Right. So this person was really had that mentality and he kept pushing me and he sparked that interest.
So that really is why I started pursuing certifications and continue to dive deeper into that work engineering.
Andy: How did that see Sandy study and go, was it easy for you at this point? Because you had experience and you’re a bright guy in computer science or was struggling.
David: It helped. It helped. Uh, I think, you know, I still struggled through some of the topics I struggled through today.
Like spanning tree spanning tree. Sometimes it’s like, ah, this is terrible, but it’s something that I need to get better at. Uh, but it, it helped that, you know, I, I went straight to eBay. I started pursuing purchasing equipment in the beginning. Uh, in the beginning, I, you know, I bought, I bought, I think I bought an adolescent console.
I bought a bunch of stuff and I had a, you know, [00:33:00] it wasn’t a rack. It was just like a little table. And I just tossed the equipment on top. I was consoling into stuff. I mean, that’s how I learned. Uh, and this was like in the infancy of GNS three. So as soon as I discovered GNS three, though, that’s when I, the equipment started picking up a couple of spider webs.
So that’s when I started diving more into, you know, GNS three, but in the beginning it was all, especially for my CCNA studies, it was
Andy: all hardware let’s. Please pause for a moment. So you work on physical hardware, your lab, your studies, and then you pivoted to. Ambulation virtually virtualization and what the right term is, but do you feel, you know what I’m gonna ask AIJ cause I like, what was the value in your physical lab, as you know, did you learn things in your physical lab that you couldn’t have learned in GNS?
And so new person coming to you, I’m studying for my CCNA. Should I build a physical [00:34:00] lab or should I just go the virtual route? Because you have experience in both. What do you think
David: I’m a believer of doing both? I mean, I still have, you know, a lab here, physical gear, you know, you have to touch stuff, you know, that that helps, you know, plugging in a cable.
There’s a certain satisfaction. You get of plugging in a cable that you cannot get out of, you know, CNS three out of Eve on CML. There’s something different about it. You know, if I could buy a whole rack of equipment and a chassis and stuff like that and put it here and not have to pay for that electricity, that would be great.
But because I’m not going that route, you know, that’s when I have to rely on the virtual a bit more to do some of the bigger
Andy: stuff still true. But I remember in the CCNA and it’s definitely been true in my experience. And prod, I forget it’s like 65 or 70% of network issues are at the physical layer. So for me, all that stuff I learned with like bed ports, bed cables, bed, pin outs, bed cards, you know, you [00:35:00] name it.
It was supposed to be a roll over from the MSN. And it was a crossover. Like there’s so many physical problems that you run into. I had T1 DSU, CSU cards for additional ports, and they had a special pin out, like just so many things, you know, you drag a couple of pretend, routers up dragging a couple of 10 cables in GNS, or even you’re done if you’re brand new and you’ve never touched gear, you know, for me, if 75% of the, you know, 70% of the issues are physical, I think it’s valuable to get, you know, some, like you say, get some experience.
You know, the physical, if you’ve got a spanning tree loop up and everything’s down, it’s nice to see, oh, that’s what all the Amber lights mean. And my switches, you know what I mean? That’s true. GNS will teach you that. So anyway, I’m off my soap box, but you said physical.
David: Yeah. But it’s true. I mean, there’s stuff.
I mean, I remember a big portion of tickets I’ve ran into, especially in manufacturing. A lot of times those issues were resolved by just swapping out again. Right. I mean, the, you know, the we’ve always had to take it. It was like, well, this phone is showing some sort of [00:36:00] network error on the phone, this access point no longer connects.
And I was like, did you try swapping out the cable? No. As soon as the cable swapped out, it works like perfect that cable’s probably been sitting there for, you know, 10 years, you know, some rats are chewing on it or something, uh, you know, swap it out and it ends up fixing the problem. So a lot, a lot of what happens out there, you know, for somebody coming in fresh is physical, you know?
So that is important. That’s key learned the physical safety in your
Andy: labs.
A.J.: Yeah. I mean, I think if you’re just starting out, like in a physical lab, when you have like a certain foundation, you can get a virtual lab. Like, I, I don’t, I’m thinking a lot of people realize this, but you can actually make the two talk to each other, like that is possible.
Uh, and there are certain economies of scale that you can get out of a virtual lab that, you know, you just can’t really do affordably on a physical level, right? Like if you want to do larger typologies and really do some fun stuff, especially if you’re going for the [00:37:00] NP level, it’s a lot easier to do with a virtual environment than it is for the physical environment.
You know, like I’ve got four riders and four switches, but there’s only so much I can do with four routers and four switches, but there’s a lot I can do with 20 virtual routers that, you know, I definitely can’t do in a, in a physical, I
Andy: learned so much, you know, you’re building that virtual environment on a server usually.
So like for me, I had to learn this exci I had to learn VMware. I had to learn about virtualization and. You know, do I want to hyper threat or not? And how do you allocate the resources and power management and even just that building your emulated environment, you know, and yes, exci as an example, just so much to learn there.
I mean, you could spin it up in the cloud and be done with it and that school too, you know, but I learned a lot by having a physical server, even, even though the, the networking was emulated
David: and then the important part is, do, do something right. Grab some gear, do something virtual, but that’s a huge way to learn.
I mean, if you want to [00:38:00] get better, if you want to learn, you have to practice, right. I mean, if you didn’t jump on that bike, you, and you wouldn’t know how to ride that bike, right. You can’t just look at a bike and be like, I know how to ride that bike. And you’ve never been on a bike before. Like you have to, you have to hold things, you have to touch things yet.
And that’s the way you get back. Yeah,
A.J.: I liked that. Got to do something. Hey, Awan fans AIG here for an ally. You never heard of an ally. Sure. You have. They came from the same group of engineers that brought us network tools from flute networks NetScout and now they’re net ally. They know networking. I’m a network engineer for a partner.
And when I go to a customers and see, they use net net, ally, I know it’s going to be so much easier to troubleshoot issues. We might run into the name may have changed in an ally, but the way they build tools, hasn’t changed a bit. They ask what would a network engineer want to help make their job faster and easier.
And then they go build it just like this ether scope. NXG that ally is here to help that ally simplicity, visibility, collaboration, visit net ally.com today. Now back to [00:39:00] the show. All right. So I think you, you said manufacturing there. So at some point then you, you left the college, uh, the corporate side of the university and you landed in manufacturing.
It sounds like. Was that the next step?
David: Yep. Yep. So towards, towards the end of 2016, Yeah, I, I wanted a bit more, right. So, um, you know, the opportunities weren’t happening locally. So I decided to look out and, um, pretty much I found a place in manufacturing, um, that, you know, I was doing everything right. We, we had another engineer, um, myself and my manager and the three of us would handle the worldwide networks.
Uh, it was about 40 sites, uh, you know, between sales offices and full plants and warehouses. Uh, so that gave me a huge opportunity to learn even more. I learned a lot from the team and pretty much, you know, we did a little bit of everything back at the university. It was very siloed. All I would do is rout switch and a couple of [00:40:00] firewalls.
That was it. And, you know, they had, there was a voice to learn. There was a security team, there was a team for that, a team for this. So that’s all I did was route switch and a little bit of firewall. So that was my mentality. So when I got the manufacturing, it wasn’t just route switch, a little bit of firewalls, route switch, CoLab security, uh, everything.
Right. So we did everything and it was nice because that was, I mean, that was definitely drinking from the fire hose because. I had to learn all these things that I had no idea about. Right. I had to learn about ice. I had to learn about stuff. Watch, uh, you know, uh, I had to learn everything CoLab. I mean, at the campus, all I would do is, you know, deploy a phone and that’s all, that was my experience within call manager, but I had to learn and I was taught, you know, what a PRI is, you know, how does this connect to the router?
What does it do? How do you configure it? Call manager? So all of these different things I had to learn know because I had to support these sites. I had to troubleshoot these rights. Uh, you know, there wasn’t anybody else besides the three of us. So, uh, [00:41:00] that was, that was huge. And I learned a lot and I learned a lot because I saw from the ground up, especially when we have to open up a new site, how things come together right now, all these networks come together, building the phones and building the voice environment for a site, putting in the security route, switch a little bit of everything wireless.
So I, I learned a lot. It was a, you know, from 2016 and onward, it was just. The information and information and information. And during that time, you know, I pursued my, my CCNP CCNP as well, back then, route switching to shoot. Um, so, you know, th that was something that continued to push me forward. I, I, you know, when I look at a certification, you know, certifications are great, but that to me is a big vehicle and learning, right.
I have the book, I have all the material. This is knowledge that I’m gaining, you know, so it’s great that I pass their certification tests, but let’s say I don’t, I still learned a lot of information that I can use in my environment of the knowledge. Yep. [00:42:00]
A.J.: I think
Andy: it’s the best part of certification. It’s just a learning plan.
Oh yeah. Right. Here’s all the stuff that you need to learn for this thing I wanted to ask you. So where did you look for your job? Where do you look? I mean, are you a LinkedIn guy? Like you’re at the university is that you want to look around, you find the manufactured. W where does
one
David: look? I mean, so up to that point, I mean, once I went to college and I was a student worker, I mean, and doors continued to open from there.
I wasn’t actively looking. Right. Except when I was, you know, at that weird period where I needed a job when I was in physical security. Um, so I was just looking at, uh, you know, different opportunities online. And I think that opened up, but. It was still within the university. Right. Even the network engineering portion there, it was still within the university.
So going to manufacturing, that was really the second, I would say the S the second company that I’ve worked for at that time. So I, I went for, to a recruiter and I was like, Hey, help me out. You know, this is my [00:43:00] skillset. Uh, what can you do for me? You know, what, what can we, what can we do, right? Where can I go?
So the recruiter helped me out and that’s, uh, that’s when, you know, there was a couple of different places, you know, and I was like, well, I don’t want to go to downtown, you know, all the time. And it was, it was the middle of winter. And I’m like, ah, this is too cold. I’m not going out there right now. But so, you know, I interviewed in manufacturing and it was a good opportunity, you know?
So that, that opened up through a recruiter. Where
Andy: did you find.
David: Now I’m trying to think, but it was LinkedIn though. It started off in LinkedIn. So LinkedIn recruiter and then from there. Awesome.
A.J.: Very cool. Very cool. So if you could kind of like summarize the value of, you know, having a recruiter, right?
Like if you didn’t have the recruiter, you’d have to go try to find a job on your own. Uh, and, and the recruiter inherently has a number of job listings available to you that they can come through and kind of see if you match up so that they’re doing a lot of the [00:44:00] legwork on your behalf and helping you weed out like good opportunities versus maybe not so good or bad opportunities.
David: I say, you know, it’s an extra set of. Right. I mean, you’re looking, you’re doing your thing, but you have somebody who’s fighting for you. Right. Um, you know, somebody who who’s, you know, you can give a list of requirements, Hey, this is what I’m looking for. Uh, if you can find something like that, that’s my goal.
So, you know, you have somebody in your corner who’s fighting for you as well.
Andy: The brochure, the other nice thing too, in my experience was that the recruiter who placed me in FinTech, you know, he had a working relationship with the company already. They had placed a couple other people over the years. And so, you know, they don’t know me from anybody.
Right. But because the recruiter has a relationship with that company and they’ve placed them and they develop trust. Then when the recruiter brings me in, it went, you know, Hey, we talked to this guy, we pre-interviewed him. You know, we think he’s a good fit. So it’s, I don’t know that might be stating the obvious, but I feel like if I had just cold applied, [00:45:00] you know, to a company, as opposed to a recruiter, They trusted already.
Cause they found good talent for them and brings me in for an interview. I feel like you just put you on another plateau, you know?
David: Yeah. There could have been a history there, you know, and that helps you out, you know, and it can help you out in your pursuit, uh, that why not, you know?
A.J.: Yeah. We’ve put any of the reputation of the recruiter has with that company that they’re working with.
Right. Like if they’ve brought them talent before, like there’s no reason to not believe that they wouldn’t do it again. Yeah. I think
Andy: it really helped me, you know, and in my particular situation, because of the relationship they had probably not the same everywhere. Right. But I’m a big fan of LinkedIn. I mean, I’ve never worked in an industry.
Where I’m being reached out to on a constant basis. Uh, you know, both my phone, my email, LinkedIn, before I got into network engineering, I was always the one looking for a job. And now it’s just, it’s so weird to me still. It’s just inbound. You want to work over here and do this thing? Like, I feel like [00:46:00] the hot girl at the party, you know, it’s kinda nice.
It wasn’t like that before I T so it’s a good, he loves me.
A.J.: That’s great. That’s
Andy: great. So we’re in manufacturing
A.J.: ha. Yeah, we’re in manufacturing. You sounds like you got your CCMP route switch and I think last year, you, or maybe it was earlier this year, it all blends together now with this whole COVID thing, right? Yeah. I really do remember that you got your CCNP security, so your NP.
Let’s dive into that journey. How was the CCNP security? I’ve heard? The score is just a monster.
David: It is definitely a, you know, there’s, there’s some marketing behind it, you know, it’s all the Cisco products and the Cisco security portfolio. Well, there’s the technical below that as well. Right? So, uh, it, it reminded me a little bit of the Palo Alto with a PC and S.[00:47:00]
Um, but a lot bigger. It was way bigger. The Palo Alto server was definitely, you know, some marketing, a tiny bit of technical, and that was it. It’s a good cert, but the CCNP security, the score is definitely deep, goes over the portfolio. Uh, there’s a lot of technical behind it. You know, it goes, it doesn’t dive into everything fully either.
Right. So, uh, it leaves the door open. Like, you know, the, the score talks about email security. Uh, so I decided to go as, as my, uh, smaller exam as my concentration, I went to the email security side. Uh, it was something that I was doing at work as well. Right. We had, uh, ESA, we went to CES. I had some experience with that.
But there was stuff that I found on the exam for, for the SISA S E S S a, it was like, what are we talking about? What is this? I mean, it’s deeper. And I had some experience on the product and I’m like, [00:48:00] I don’t remember clicking on this or reading about this. So it keeps you on your toes. It was definitely a, an interesting exam was a good exam.
Um, I think I had an easier time with the score than the Seesaw. I, I fought. I would, I thought I’d have a harder time with the score exam. You know when, as I was taking it, I don’t know if maybe because it was, it wasn’t that deep into the portfolio. And technically, uh, I passed that one and it was a better score than I had at the CSO.
The CSO was like one more wrong answer. I would not have passed. And that was, that was it. I was on the edge. Uh, so there was a couple of questions. I’m like, man, I have no idea. And I’m working, I’m looking at this thing every other day, you know? Um, but I passed, you know, it was, it was good, it was a good exam.
Um, but that, you know, a lot of what I’ve been doing in manufacturing and a lot of what the whole team was doing in manufacturing that, you know, the last couple of years has been security [00:49:00] related. You know, we had a security team, they did a lot of policy and a lot of procedures. We were the hands and feet for the security team.
So we did everything. We did ice. We did StealthWatch flash. We did dual implementing and architecting and designing everything that was really us. So. That, you know, I I’ve been doing security forbid and that’s why I was interested in the score and then the CCNP security.
A.J.: Very cool. Very cool. So I think it’s important to kind of talk about that, that marketing thing, the marketing aspect of these exams, and it’s, it’s a hundred percent true.
It’s there on the Encore and you know, like you said, that Sarah and the score and I, I think it’s, it’s important to know that like, as, as if somebody that’s up and coming. When you, when you have to study all of these things, you’re getting more exposure to the Cisco portfolio and that’s that only benefits Cisco.
Right. But I think that there’s, there’s people that kind of take a couple of different approaches when they’re putting together their enterprise environment. Either they, they go all in on one vendor or they do best. Right. Like, I want the best firewall and I [00:50:00] don’t care if it’s Cisco or Palo Alto or whatever.
I just want the best firewall. And then I want the best switches and then I want the best routers and it doesn’t have to be all the same vendor. I just want the best of the best. And then there’s people that go all in on a single vendor story. And there’s, I think there’s benefits to doing both, right?
Like if you, if you go all in on Cisco, then you get the full Cisco story. Right. And, and that’s where you tend to get like, and, and, and not just Cisco, right? Like if you go all in on Juniper, all in on, whatever, if you go all in on a single vendor, you’re going to get the bigger picture. You’re more analytics typically, right?
Like that’s usually the benefit that you’re going to see because they all connect to each other. They all talk to each other. There’s probably some additional benefits of security when you do best of breed, like you got the best of the best, but they don’t all talk to each other in some form or fashion, unless you’re using like, you know, some agnostic form of, of automation or something like.
Like the rolling your own kind of solution that, that you would get from the vendor. So taking these exams [00:51:00] gets you that exposure, and then later on in your career, you’re like, well, I need some email security. I remember reading about the Cisco email security appliance. I had no idea Cisco had an email security appliance personally, but, but that’s, that’s, that’s where he like, well, I got to start somewhere.
I remember reading about this thing. So let me go check that out. So that’s, that’s why that’s there and it’s, it’s, it’s beneficial
David: in my opinion. Oh yeah. I think everybody does it. I mean, it’s just, it’s just part of the, part of.
A.J.: Right. Exactly.
Andy: Hey Jay, you just sparked something. So each ecosystem has their own, I guess, analytics engine or platform or whatever, and they don’t talk to each other.
Right. Cisco has there’s junior pros. There is a risk that has there’s there’s no, like you said, you have to either go with third party, you know, open source or like build your own. I mean, that’s, that’s not ideal, right? Like, is it just because they’re in competition with each other? Like, there can’t be an, I mean, this might sound silly, but there can’t be like this open standard platform that [00:52:00] pulls all the competing vendors because we don’t care like you and I sitting at the chair, you know, the company went with Cisco over some stuff, Juniper, some stuff for Risto for some stuff, but why do I have to suffer as the operator that I can’t have a, uh, you know, uh, analytics that pulls it all into one dashboard?
Like that seems like a, I dunno, it’s an inherent flaw to maybe the competitive model. Maybe that doesn’t make sense. You kind of sparked it as you were talking.
A.J.: Right. I think it’s just, you know, they, they want you to buy into it, right? Like if, if DNA center could control other vendors, devices, where would be the kind of drive to continue to just buy Cisco if they could, you know, cause there’s other switches might be a little bit cheaper than a K
David: I think companies are getting better at third party integrations,
A.J.: especially with a nice,
David: yeah, I think it helps, but they’re not going to be fully open.
Right. I mean, sure. There’s some compatibility and there’s some, you know, a couple of things they do, but for the [00:53:00] most part, there’s that competitive nature
Andy: behind it is. Yeah. And I mean, I get the competition, but I’m also like, I’m thinking like, wow, if one of these big name vendors came out with a solution that really did, uh, you know, vendor B says, you know what?
I know vendor raised the. But I’m going to build a platform and pull all their stuff into, and maybe that’ll push us over the top. You know, if you could go with vendor B and they’re happy to let you see all of your vendor, a appliances and analytics and data, I don’t know, from a high level, if I was sitting up on a throne somewhere, but you know what?
These, these guys are. You know, they’re there cause you’re not going to buy less of one V I don’t know. I don’t know how all that money stuff works, but it’s probably another topic for another show, but
David: I solution to rule them all,
A.J.: if a vendor, if somebody actually made a single pane of glass or something that actually talked to
Andy: everything, there’s an example, right?
Like [00:54:00] I’m thinking Cisco Juniper they’re number one, number two. Right? Like if Cisco came out and said, you know what, we’re going to pull all junipers into because for multi-vendor shops or vice versa, I’m surprised they haven’t because like, God, you know, automation, single pane of glass, like they could, I think, right?
Like it’s a lot more
A.J.: effort on the vendor’s part. Right? Like you have people at Cisco that know Cisco. Now they’re going to have to go and really learn Juniper, or they’re going to have to partner and work on it together.
Andy: Yeah, I just, I probably oversimplify, but like routers or routers a switch, a switch.
Yeah. The CLI is going to be a little different, but like SPF doesn’t change from, you know, vendor to vendor. Like there, there are, there are standard routing protocols that can talk to each other. I don’t know why something like you can’t have that for analytic. But maybe it’s pie in the sky stuff. I mean, we can’t just create a protocol that talks to everything and pull it in.
But I guess that screws up the competition so
David: we
A.J.: can do it.
Andy: I could barely [00:55:00] write Python, man. I’m not the guy. I got to find a guy I’ll, I’ll pull it up or something. He’ll do it for us.
A.J.: I got a guy online. Just grab Eric,
Andy: sorry for the tangent. And just, you got me thinking.
A.J.: No, it’s a good conversation. Good conversation.
So, um, how long were you in manufacturing before you decided to go to Cisco and what, what in the end cost you. You know, if she want to get into it. W w why did you decide to start looking around? Did the opportunity come knocking at your door? Did you go looking for opportunity?
David: I say a mix of both. Uh, you know, let’s say that, uh, during my time in manufacturing, an opportunity came knocking and it didn’t work out.
Right. Um, what’s this going to beginning? Um, and that’s one of the things that I’ve said on the discord, you know, when we’ve talked about, you know, the things happen at the right time, you know, it’s not meant to be right now. Um, [00:56:00] it’s going to, something will happen in the future. There there’ll be a better opportunity for you in the future.
You know, don’t let that completely, uh, get you down, right. Rejection sucks, but there’s always something better. There’s, there’s something coming down the road for you. So don’t squander that opportunity that you have now to learn and soak up as much as you can, where you are. Um, so, I mean, I learned a lot of manufacturing.
It was a great experience. But, you know, opportunity came knocking and it was, it was, uh, it was something I couldn’t say no to it finally happened and the doors open and I I’m appreciated out of everybody. You know, I appreciate everybody I’ve worked with. Um, I never have anything bad to say. That’s one thing I always tell people is, you know, Uh, don’t burn bridges either.
That’s more advice that I have. The tech world is small and you know, I’m talking to, I’m talking to people at Cisco now, and they know people that I’ve, you know, the, that I’ve worked with in the past or, you know, somebody actually, [00:57:00] somebody on my team now on my team now I worked with back at, at, at the.
They were in networking as well. Oh, wow. That’s crazy. You know, they paint me and they’re like, Hey, you’re joining my team. And I’m like, oh, wow. Okay. So never burn bridges. I mean, we’re going to run into each other at some point, treat everybody with respect, you know, help everybody out. You know, we’re all in this together.
A.J.: You know, that’s a great point. Like if, if, when you had left the university, if you had burned that bridge, and then you’re applying to this job at Cisco and that guy could have been like, oh man, don’t worry. When he left here, like 10 years ago, he really he’s screwed in summer. You just said like it was
David: flipping three months.
It was flipping people off.
A.J.: It’s very true. Like if you, if you had taken a different route out of there, uh, no pun intended, like it could have ended up differently for you trying to get into to Cisco this time around. So I agree with you a hundred percent, like, as, as big as the world is like, for some [00:58:00] reason it just feels that much smaller.
And that has nothing to do with a small town. Like you’re in Chicago. Like you could have left there and be like, I ain’t ever going to see him
David: here. You are like, exactly. So, I mean it’s, and that’s just the way I was raised too. It was like, you know, treat people with respect, you know, in the course of your career, you’re going to run into a bunch of different types of people, right?
I mean, you’re going to run into people that are very supportive. You know, for you, you know, they’re there, they’re there to help you. They’re there to push you along and help you out. But you know, you’re gonna run into other people that, that are just negative all the time. And that’s just the way the person is.
They might be negative with you. They might be negative across the board. Uh, you know, to me, you know, I’ve ran into both types of people throughout my career, and I don’t say anything bad about anybody. It’s like, Hey, you know, thank you for teaching me. Thank you for, you know, showing me what, what you could, uh, you know, I’m, I’m here in the end of the day, I’m here to learn.
I’m here to get better, right? Uh, I’m not here to spend my time and waste my brain cells on people who are negative or there’s better things that I [00:59:00] could be doing with my time. You know? Um, so things, you know, things that are negative people that are negative. I just ignore it. It’s like there, that’s always going to come towards you.
Ignore it. You know, stick to the people who are there that are supporting them. Haters
A.J.: gonna hate,
Andy: but there’s so much good secret sauce in here. You said so many things that I wrote down a couple, like work hard. You know, my, my wife has a great saying, like he can’t teach hustle. Right? It’s it’s intrinsic.
If you have a lazy player out on the court or in the field, you can’t coach it out of him, you can’t motivate them. Like, so, you know, it’s such a simple thing to me because I’ve always been a hard worker. My wife’s a hard worker. You’re, you know, you guys are like how just putting the effort, you know, wake up grind.
It’s easy. I would venture to say that, you know, I’m not the smartest guy in the room, but I try to make up. And blood, sweat, and tears, right? Like I’m going to get in there and work hard and I’ll work harder than the other guy. That’s smarter than me. If I have to, like, [01:00:00] you can control what you can write to be, to be successful.
And then you, and that will get you noticed, like you said, work hard, get noticed. Like, I love that. Like, cause you know, the, the guy that’s passionate or the girl that’s like working really hard, they do stand out because you have schlubs that just want to hide or not do anything or, you know, learn the new thing.
And then attitude too, like reputation, attitude. I mean you’re as work are, get noticed, develop a reputation, have a good attitude. Like these are, some of them are soft skills. Some of them are hard skills, but it’s, it’s kind of like the secret to success almost like, and they’re all, you don’t need a one 90 IQ, right?
You don’t need a triple CCIE. Like these are things I think anybody can do work hard, get noticed, develop a reputation, have a good attitude. Like wow. I dunno, you’re blowing
David: me away here. I mean, that’s, that’s the way, I mean, it brings me back all the way to, when I was managing student workers, I was a student worker and then I was managing the student workers and I would always tell them the same thing.
And, you know, student worker positions, you know, there’s some people that came in and was like, I’m just here for my seven bucks [01:01:00] an hour. And to get out of here right now, they don’t care about me on the help, fast. They don’t care about, they don’t even care about it. Right. They’re just there, you know, I’m done.
I gotta go to class. You know? So, I mean, I still took the opportunity and talk to people it’s like, do as much as you can learn, work hard. I mean, even if you don’t, even if this is not going to be your career, right, you’re not going to be at the help desk forever. You want to go do something else. You’re seeking a degree in accounting and this is all we have right now.
Uh, You know, just try to learn something, do your best, you know? Uh, that’s it, I mean, it really comes down to that. Um, and, and doors open up, right? I mean, just be patient, you know, cause some people, you know, oh man, I, I spent two hours working hard and nothing happened. Yeah. It’s not a two hour thing. It’s a whole journey.
Right. It’s days and weeks and years, um, be patient and things will have.
Andy: You’ve you’ve mentioned patients a couple of times, so, and I think that’s so key, you know, we, we won’t want, we want when we want it. And then, you know, [01:02:00] like this might not been the first time you interviewed at Cisco. I don’t know, but I know that when you get that opportunity, like, for me, when that happens for me, I’m like, oh my God, this is my one shot.
If I don’t get this, I’m going to blow it. And then it doesn’t work out for some reason. And then it’s like, wow, that was it. I’m just destined for mediocrity. Cause I couldn’t get that thing I wanted. But like you said, you just gotta be patient put in the work like anything. Right. Like we were shopping for our house years ago and like, we really wanted this one and it didn’t work out and we were so upset, but then the next one was twice as good as the last one.
And we’re like, oh, like you can’t see around that next corner. You know, you just gotta have faith and kind of be patient. And if you put in the work, it will work out right. Maybe not on, on, on our timeline and patients is hard. Right? Exactly. I think it takes discipline, like, okay. Like accepting a failure, accepting it didn’t work out.
Like that’s, that’s a mental game. Right? Some discipline it’s. Oh yeah.
A.J.: And it’s even harder. These days in the instant gratification world we live in, right? Like click a button, get an instant happiness. [01:03:00] Look, I got to wait a month for this next house to come on the market.
Andy: Yeah. I mean, I can go in a half a dozen different social media platforms and get a dopamine hit immediately.
And now I gotta wait, you know, six months. Cause this one interview didn’t work out. Like no way, dude. Like that’s forever, you know, but like perspective patients. I could put it in the workout perspective. There you. Got some good stuff here. We have so many people coming to us, I think, starting out, like what, what can I do?
What should I do? You know, it’s always like, well, CCNA is a good start, but a home lab, but these are just things that anybody can do. I think that’s what everybody’s looking for. Like, how do I do this? You know? Cause you don’t know where to start and how hard it’s going to be and it’s expensive, blah, blah, blah.
But there’s just certain traits. I think that are transferable in any industry. It’s not just networking or it, you know, everything you’re talking about. Yeah, a good person create value, have a good reputation. It’s simple, but I guess it’s not like common knowledge. Isn’t that common they say, right? Like [01:04:00]
David: it’s true.
I mean, a lot of times we concentrate on the technical ability. Right. You know, I’ve, I’ve ran into people in my past. It’s like, wow, this person knows everything. I mean, you can ask them any question, they know everything, but they have a terrible attitude. You know, they, they, they treat you like trash and it’s like, I don’t want to work with this person.
You know, it’s horrible. Right. You want to be somebody that can get along, can teach somebody, you know, people look up to and you have a personality, you know, that that’s the type of person you want to be. Um, so yeah, you can go around and pursue every cert that’s out there. Right. But if you’re still, you know, treat people like trash.
People are not going to like you, people are not going to want to work with you that doesn’t open up opportunities for you. You also, I mean, treat people well, it comes down to that. I mean, it’s just being human. That’s really, what we’re talking about today is, is do some of these basic things that, you know, basic human skills, you know, be human, treat [01:05:00] people, good.
Treat people with respect to work hard. I mean, things will happen, right.
A.J.: Be a good human
David: compassion have confession, you know, there’s people out there that are struggling. There’s people out there that are learning, uh, you know, they might not learn at the same pace you were learning. You don’t have some compassion and have some empathy.
You know, all these words that I’m just saying are just they’re they have nothing to do with Cisco. They have nothing to do with Juniper. What F five with forever. This is things that apply across the
Andy: board. Yep. Kind of soft skills. He right. Like exactly, but kind of, you know, and anybody could learn. You know, anybody can learn them like you can.
I think the episode is going to be David Elisia, a good human
David: He’s a good human, you know, it’s true. I mean, that’s really that’s if I can teach somebody, one thing is just, you know, work hard will [01:06:00] be essentially be a good human, you know, things will open up, you know, have patience, the inverse of being a good human words,
Andy: David Alisia don’t be an asshole.
we’ll
A.J.: go with that. Good human. I like that.
Andy: That’s much better.
A.J.: All right. Well, our guest today is David Alicia solutions architect with Cisco in the Chicago area. And David, where can people go to find more about.
David: Oh, wow. Uh, you know, I’m on the interwebs. Uh, I am on, I am on the Twitters, uh, Davie 87, B a Y V E 87 on Twitter.
I also have a blog, which I know I need to get back to. I need to start blogging again. I need to start writing, uh, it says zeros and one w O N so play on words, zeros and one.blog. I
A.J.: love it. It’s a [01:07:00] great title. I like that. Excellent. And we can also find you in our discord. It’s all about the journey.
That’s the same as your Twitter handle. I believe. Yeah. That is correct. So if you want to join our discord and chat with Davey, you can do so you can go to art of net end forwards or outer dynamics.com forward slash I a T J I got to think about that all the time. It’s for, it’s all about the journey, because it is all about the journey.
Join, learn with people, share your knowledge, uh, you know, and just a lot of that good human stuff David was talking about, right? Like if you find somebody that’s struggling with a topic that you have had success with, spend the time, teach them, share your knowledge. Don’t don’t look down on them. Like, oh, you, you don’t know every single OSP F timer.
How dare you be a engineer. Exactly. Exactly. Awesome. David, thank you so much for joining us tonight. This has been an absolute pleasure. Any, uh, any last words of wisdom before we close out? [01:08:00] Uh,
David: yeah, no, I think, I think we’ve said every single type of motivational way that we can
A.J.: all good stuff though. Good stuff. Excellent. All right. Well, thanks again for. Uh, thank you to all of our patrons. Once again, we appreciate all your support and we appreciate everybody’s support. If you want to join your breakthrough on program, you can do so@patrion.com forward slash art of net enj. Uh, and we appreciate the support from our patrons as well as everybody, you know, or the download, follow us on Twitter or whatever you do.
We love it. We thank you so much. All of that mojo really, really helps. We’ll see you next week. On another episode of the art of network engineering podcast. Hey everyone, this is a J. If you like what you heard today, then make sure you subscribe to our podcast and your favorite podcatcher smash that bell icon to get notified of all of our future episodes.
Also follow us on Twitter and Instagram. We are at art of net enj. That’s part of an
David: E T [01:09:00] E N G.
A.J.: You can also find us on the web. At art of network engineering.com, where we post all of our show notes, you can read blog articles from the Cocos and guests, and also a lot more news and info from the networking world.
In this episode, we chat with Chris Randall. Chris was worked as a professional chef for over 13 years and has recently transitioned into a career as a Cloud Consultant. Chris’ work ethic, drive, and ability to communicate help him stand out and have gotten him noticed, on more than one occasion. We can all learn a lot from Chris’ recipe for success!
A.J. Murray: [00:00:00] This is the art of network engineering podcast
in this podcast
and share the stories of felon networks.
Tim Bertino: Good morning folks to Bertino with you here live and the AONE traffic chopper we’re hover and high above the 4 0 4, where the traffic police definitely have their work cut out for them today. We’re seeing an abundance of one way traffic on all northbound egress points and our southbound and grass points have been totally saturated.
This all seems to be linked to a local construction crew, accidentally severing a major traffic back. With a backhoe. Unfortunately, that’s leading to a massive degradation of services all day. Today. The only vehicles we are seeing get in or out safely are [00:01:00] ones that have been given an F priority by their local authorities.
We’ll check back in later today, as the situation continues to develop, this has been timber Tino coming to you live above the 4 0 4 back to UAJ
A.J. Murray: N a O N E studios. Very appropriate well-timed intro from Tim given the Comcast outage today. That was fantastic. I can’t wait until Dan edits that and posts.
Andy Lapteff: When we hear the chopper sound. I almost, I almost started to do like a, but I didn’t want to
mess with Dan’s and post side. I just left it alone.
A.J. Murray: Oh, that’s going to be good. Nice, nice work, Tim. Nice work, Tim. He is at Tim Bertino. I am a AIJ Murray at no Blinky Blinky. How are you doing, sir?
Tim Bertino: Hey, damn good. I got to give credit.
That was another, uh, Jordan masterpiece. Thank you, Jordan. Uh, I am a little bit down about 10 minutes ago or so my son ran in here wearing his, uh, sheriff Woody [00:02:00] pajamas and Dan wasn’t here to get my
will at the time. That again, next time.
A.J. Murray: Yeah. Yeah, that was cute. That was cute. Andy at Andy left, half permit IP, Andy, andy.com. How are you, sir? Man.
Andy Lapteff: I’m great.
A.J. Murray: I know. You’re great. And I can’t wait for you to share why you’re
Andy Lapteff: great. Great. And I can’t tell anybody why. Sure
A.J. Murray: you can. This one’s not going to drop for like a month and a half.
Andy Lapteff: Yeah,
A.J. Murray: I’m good. Yup. Yup. Where’d it come from, Andy? Is there anything you can talk about,
Andy Lapteff: uh, specifically, what have you got told me on the spot, bro, basketball court today, maybe you could talk about, okay. Yeah, we did. We got a, we got a basketball court in the driveway, so, so my, my wife got a full ride on a basketball scholarship in college. So [00:03:00] she’s no, she’s no joke. And the kids are four and seven.
So no time, like the present to start training for scholarships and. Daddy daddy
wants to retire before he’s pooping
his pants. So we gotta get these kids to move in here in the, in the right direction. So we cut that later, but yeah, no, everything’s good, man. That my son loved it. We were out there tonight under the
light of headlights.
I mean, it was dark out in the driveway. He just didn’t want to stop playing. So yeah,
well, it was nice. Nice, nice. Everything’s good. What are we getting together soon? I think based on your, your new news that you can’t talk about, but I’m having a baby now. That’s not it moving on. How you doing? Hey Jay, what’s going on?
A.J. Murray: No, I’m doing, I’m doing real well. Um, E whether appear, it’s starting to turn cold, so I’m going into hibernation mode. Um, but yeah, no, uh, [00:04:00] other than that, doing good. What do you do for your fire pit? Uh, I cut down trees on my property. Oh,
Andy Lapteff: seriously? Okay. Yeah.
A.J. Murray: I’m not that I have a ton of property, but I had to shut down a trays and I don’t have a shit ton of trees anymore.
I’m trying to figure out how to fit a half quarter wood at my house and for my fire pit and it’s become a whole thing. So I don’t have trees to cut down
Chris Randall: anyway.
A.J. Murray: Nope, no. And I just stack it nicely to back your property next to your shed or something. Yeah. Good idea. All right. Temps are falling like a homesick rock, a deal that they were up in the sixties.
They popped back up there today, but they’re, they’re heading down. There’s snow in the mountains in Vermont. And, uh, pretty soon there’ll be snow all around my house and I will be questioning why once again, I live in the Northeast. So, um, I’m a few hours south of you quite a few hours. And it’s been in the mid thirties each night in Fahrenheit.
Been. Yeah, it’s happening. Yep. I’ve had to turn my heater on. [00:05:00] I’m not, I’m not happy about that. So when can I hold out till, uh, didn’t, didn’t make it very long this year.
And that sound means it’s time for the wind’s winning in our discord channel this week is Tim Mixi. He passed his AWS certified cloud practitioner. Congratulations, Tim track it. Pacer recently accepted a position as an avionics integration engineer at blue origin. Congratulations, Lexi. IPV four past his comp Tia sec, plus exam.
Congratulations, David Missy has passed the AWS solutions architect, associate exam. Congratulations, David and Jay finished his bachelor’s degree in it. Networking. Congratulations, Jay. That’s awesome. Very proud of that. Welcome to new Patriots this week. Jason Belk and teeth in Sachar. I hope I pronounce that.
Right. Thank you so much for your support of what we do here on the podcast and being a member of our Patrion [00:06:00] program. And also thank you to all of our listeners for your support, for what we do. We really appreciate it and couldn’t do it without it. Thank you so much. Now, back to the show, I am very excited for our guests to see evening.
Um, if you live on Twitter, like I do, you’ve probably seen him pop up there before. Um, I am honored to be able to share his story and, uh, Chris, welcome to the show.
Chris Randall: Thanks. How’s everything going,
A.J. Murray: going well, um,
Chris Randall: let’s see here.
A.J. Murray: Yeah. Yeah, I know. We’ve, we’ve talked in the past about, uh, having you on here. So Chris, you’re excited
Chris Randall: to beyond.
A.J. Murray: I was going to say, tell your face,
Chris Randall: this camera so bad. I might as well. No, it’s fine. We just call that resting Chris’ face
[00:07:00] RFCs and RCS.
A.J. Murray: I don’t, I don’t even know where do we begin with Chris? I
Chris Randall: mean, how do we even start this?
A.J. Murray: What does Chris do now?
Chris Randall: So I just recently took on, um, a new opportunity at CDW in the ACE program. And so I’ll be focusing solely on Azure infrastructure for the next 12 months and then kind of grow from there in cloud.
So that’s my current,
A.J. Murray: what is ACE for people like me that
Chris Randall: don’t know what ACEs, so ACEs.
Um, ACEs like associate consulting engineer, and it is basically a fast track program where they build out, um, an itinerary education, different technical things that you have to do. So certain certifications based on your track. And then they have, um, the soft skills [00:08:00] side consulting, um, like shadowing and things that you do have traditionally consulting engineers over the course of time to get you prepared to be a full speed, like consulting engineer.
A.J. Murray: Very cool. So it’s a, a, a bootcamp of sorts.
Chris Randall: Yeah. Some say it’s like five to 10 years stuffed into. 12 to 18 months. Oh, that doesn’t sound stressful at all.
A.J. Murray: A bit intense.
Chris Randall: It’s a, it’ll be interesting. Um, they just changed the format too, so they knocked it down from 18 months to 12 months. So we’ll see. Wow.
I’m one of the first Guinea pigs for that socio fast.
A.J. Murray: Very cool. Very cool. Well, congratulations on that while you, you haven’t always worked in tech though.
Chris Randall: Yeah. Uh, definitely came from a different background. Um, started in food service for the last 13 years. Uh, wow. So, um, got started in high school. We had like, um, a [00:09:00] career center where you could go kind of pick, you know, I wanted to do welding.
I couldn’t get into the program cause they only took two kids. Culinary S uh, culinary class was open. So I took the opportunity. It was a free afternoon open, you know, we got to do three hours a day. They’re just cooking and playing with food. So I did that my junior and senior year of high school, and like really excelled at it.
Um, got some really good like stodgy opportunities, which in the culinary world is basically, uh, you work for free. And usually you’re doing kind of the grunt work, the hard work, just to prove that you deserve a position. Um, so an internship. Yeah. A highly unpaid work. Yeah. Um, so did that bounced around kind of my local area for a while ended up.
Where was that area, Chris? Where are you from? So I grew up in, uh, mid Michigan. So Midland or Mount pleasant, um, kind of small rural areas. We had, um, the one time we had a casino, it was like the biggest one in [00:10:00] the state. Um, so I ended up there for about two years, took over a steak house. Um, that was fun for a while.
And at the same time, I got the opportunity to go out to, um, Manhattan and work at what was then the number one restaurant in the world from the Michelin standard, um, 11 Madison Park. So let’s wait a minute, wait
A.J. Murray: a minute, wait a minute. How do you go from free, you know, free shit bird guy to like number one, Michelin new a LA.
Chris Randall: Uh, lots and lots of late nights and sharpening of knives. Um, you worked hard to being young and energetic and willing to put the time and energy into it gets you pretty far anywhere. Um, I sent an email. They was kind of, I wouldn’t say easy, but they’re always looking for people to come in and do free work and always try to keep a roster full of people.
So I had the chance to go for a week. [00:11:00] Um, chefs
A.J. Murray: work for free when they’re coming up. Like I worked in restaurants, so nobody worked
Chris Randall: for free well, and more legitimate restaurants, you know, like when you’re working higher end and you’re highly competitive to get in there. Um, some people go in for a day, some people spend a weekend.
Um, it’s not supposed to be that way, but it’s 10 tends to go that way. And you just
A.J. Murray: do that to get exposure, to get it on your resume. Like, Hey, I worked at such-and-such.
Chris Randall: Yeah. I mean, you want to see what’s going on in those environments. I mean, if anybody got the chance to go step into Google or Facebook or Microsoft for a week, you know, and there was really no, no hard ties there.
You could just kind of look around and absorb everything. Why not?
A.J. Murray: So how does one live in Manhattan without an income?
Chris Randall: So, luckily I was only there for a week, so it was just like a working vacation, if you will. Gotcha. It was actually quite the experience. We spent like eight hours touring, like all [00:12:00] the big spots before my first day.
And I had like, Broken open blisters on my feet before I went and worked 16 hours. So that was fun, man.
A.J. Murray: I said this school program or something like, how, how did you, how did you end up getting that, that
Chris Randall: opportunity? Um, so they kind of, like I said, they kind of keep postings open for positions. Um, they have massive staffs. Um, I think there was like 40 people in the back of the house. And I mean, Andy’s working kitchens.
You don’t usually have 40 cooks running around in the Babylon. That’s insane. Yeah. Well, when you’re doing like six figures for dinner sales to some notes, but like,
so for people who haven’t worked in restaurants,
A.J. Murray: you’re talking like a hundred thousand dollars, plus some meals serving in a night is that. Yeah, which is a lot of money
Chris Randall: for one dinner service. I think it was like $130,000 in like a five-hour span. So that’s what the restaurant
[00:13:00] sold
A.J. Murray: and meals five hours.
Chris Randall: Wow. $100 at the time, just to sit at the table for a person that didn’t do drinks or anything special.
A.J. Murray: And how so we’re probably going to talk about culture later in your current gig and what kind of people you’re working with right. In a place that was $300 to walk in the door, like are the staff is douchey as the clients coming in.
Chris Randall: So that place was really unique, right? Um, it’s highly competitive. There’s a bunch of kids my age and they’re not just like New York kids. They’re not just kids that graduate like culinary school. Like the chef at the time was from, I might butcher this. I want to say Denmark, but I think that’s wrong. But so he had a bunch of like, um, Northern European kids there and there’s probably 15 or 20 and they’re all fighting for their thesis.
Um, they’re all, they’re like, this is, this is their, their lives. Um, so they’re pretty heads down working hard. Um, they were pretty willing to help out. They had a good culture [00:14:00] there. Um, probably one of the better ones I’ve been involved in. Um, but very robotic at the same time. So
A.J. Murray: you’d her. Those, you, you, you got good at this really early.
Chris Randall: Did you develop a passion for it or were you, you were good at it? It just made sense. So you just kept going on down the road. So a little bit of bowls. Um, you know, I grew up helping on my uncle’s farm. Like when I was 12, I spend my summers doing that. Um, so we had a lot of, I work ethic, like, you know, kind of ingrained already, and then you get into kitchens and it’s a lot of like hard work and manual labor.
So I was used to that aspect of it. Um, you know, I got to put food on the table and help out. So I, you know, I had to do it to survive. And then at the same time I found like I was good at it and I enjoyed doing it. Um, and for a while I had a passion, um, a couple incidents kind of burn that out, unfortunately, but at the same time, You know, Sandy may where I am now.
So I can’t complain about [00:15:00] that. And,
A.J. Murray: and you know, you’re right. Like, yeah. So burnout, it is a thing, right? It’s, it’s a tough, stressful environment. And it just dawned on me as you’re talking, man kitchens are tough, stressful environments. You want to see the worst of people, try to feed them expensive food.
Chris Randall: Yeah. Yeah. Well, and it’s, you know, it’s weird too. It’s like, it’s not the expensive restaurants and the country clubs. I mean, you get some, you get some tough people there. It’s your mom and pop, you know, something for under $10. People like the casino when people are getting stuff for free or using the rewards points, like it’s the cheap skates that are the worst than the cheap restaurants.
You know, somebody who’s spending $10 and $10 means a lot. So those are some of the rough ones.
A.J. Murray: So when did you get like the Ooh LA LA gig? You went from like the free Manhattan come up, you know, stuff to, when did you land and
Chris Randall: become a big, uh, so I was kind of doing it right at the casino. Um, they [00:16:00] let me go for the week to go out to Manhattan.
They were really like excited. Um, but at the same time, there was a bunch of stuff going on, be out like outside our, um, control there. So they lost a lot of like sales and revenue. So at the same time, I’m literally on my way back from New York and a guy who runs like the nicest restaurant in town gets me up and he’s like, Hey, I want you to come over to run the rest.
Do your thing, free reign. Um, so I went over there and I had a pretty good strike going, but I just didn’t get along there. Um, there were just some value, differences and things. So that was really my first like big, big shot on my own. Um, had good feedback. I just, I didn’t sit into the culture. No, no, no.
We’re talking like 21, 22 at this time. Okay, cool. I mean,
A.J. Murray: that’s, that’s how it could be owned in the kitchen. Go run my kitchen. That’s impressive. Like my God, man.
Chris Randall: Yeah. Um, it, it’s interesting, especially like, you know, so you’re typically up until the day that I left [00:17:00] to switch into like tech. Um, I was still the youngest one in the kitchen managing everybody.
So, um, it was definitely a big learning curve, um, to manage people who are two or three times your age and you hear like, oh, could be your mom. It could be your grandma.
Um, but it taught me a lot of really good lessons that I met a lot of really great people along the way. Um, we actually had like the biggest. Probably the biggest jump and chance have ever taken in my life, my girlfriend and I, like I said, the last restaurant that I spoke of, um, it wasn’t working out and, um, I was looking for something different.
Maybe take a break. I was burnt out, um, just bad situation after tough situation. Um, so I was going to school. I had the ability to take like three months off. Um, I wasn’t working and I had somebody hit me up down in Georgia. And they were like, Hey, we got this really high end. Like our [00:18:00] dining club wants you to come down.
See my right-hand man, you know, do that. Um, and so the wife and I came down here and she’s in food service since it’s signed suit at the time too. So like, um, it kind of worked out and, um, we took the jump down here. It’s going on four years now. Um, I ended up at a private dining club. It was extremely bougie.
Um, there was no golf course or nothing like that. Like you just came in and it was like $500 a member per month before you even ate. It’s crazy. So we got to do a bunch of fun stuff there, um, but it just. It wasn’t paying the bills. And so I was fortunate the last gig I had. Um, I ended up as a food service director for a fortune 500 company here in town.
Um, managing all their restaurants, um, through different properties that they have through town, um, doing other catering, some other big week dinners, things like that. So that was really what I kind of got my big [00:19:00] shop, um, doing the full manager of a multimillion dollar account for a fortune 500 client. Um, I think I was 25 at the time.
So
A.J. Murray: that’s incredible. So you’ve talked a few times about like, um, you know, somebody hits you up, like, Hey, like you, you obviously have a reputation. Like how did you, you socialize that reputation, right? Like, I’m, I’m curious, like how does somebody live in up in Michigan, get a phone call from someone down in Georgia and be like, Hey, I want you to come run this thing.
Like, how did that happen? Is there like a LinkedIn for chefs?
Chris Randall: Well, so thankfully, like who was down here was an old, personal contact. Um, that course that I went to in high school, like the after hours program, um, it was somebody that I met from another local high school. And so we kind of stayed in contact, um, throughout the years when he moved away.
And then [00:20:00] I came down here. Um, but otherwise, like all my other opportunities have come through kind of similar to what’s happened now. Um, Instagram was a big one for me. And Facebook, you know, for food because everybody’s looking on there, you know, that’s when the popularity, the rise in popularity of like, um, Facebook pages for restaurants and, um, Yelp and all those other things.
And so I kind of threw myself out there. I’d take pictures, you know, we’re posting stuff, we’re getting the restaurants to post stuff, doing videos, doing, um, dinners out in the garden, wine dinners, specialty stuff, just trying to catch everybody’s attention and kind of be enough hashtag or
A.J. Murray: so say you’re building these like beautiful plates of food and you’re snapping some photos.
I’m just throwing them out there for
Chris Randall: everybody to see. Yeah. And I’ll tell you, the photos don’t look as good on an iPhone six as they do. Yeah, 13. So I think I’ve still got some folk around back there, so we’ll blame it on the phone. Nice. [00:21:00]
A.J. Murray: That’s great. That’s great. What, what an incredible story. I mean, I, I, I didn’t know the depth of all of this.
Like I knew he came from the food service industry. I didn’t realize like at what level you were playing at. So what, what precipitated the move? Like, it seems like you’re, you’re kind of like at the top of your game, like, I can only imagine what it may have been, but I, I, you know, I want to know from you.
Chris Randall: Yeah. I mean, um, I have. Some really good opportunities. Some that I squandered that I wish I would’ve stayed at at least longer. Um, had some other opportunities. I wish I hadn’t taken, um, got a little overzealous and excited. Um, but I had really the opportunity. I mean, if we wanted to move, I could have went wherever and, you know, humbly probably fell in wherever I wanted to.
Um, but as you know, like restaurants are nights and weekends and holidays. And so, um, I miss like, Hey, Thanksgiving’s in a row, uh, [00:22:00] with. And so like, my birthday happens to fall on the 24th of November. So like, um, this year and Sunday before Thanksgiving, there’s been times where my birthday spent on Thanksgiving.
Um, and that’s one of the biggest days of the years. So as I started to settle down with my girlfriend, fiance now, wife, um, you know, priorities changed. And then, um, I was in a really good position where I was, um, as food service director, I could have stayed there for probably as long as I wanted to, but long-term, it wasn’t a 20, 30, 40 year option.
At some point I was probably going to have to go back to nights and weekends. And so I really didn’t want to give up the lifestyle, you know, the family time and all those things. So, um, fortunately. Um, you know, COVID hit and the opportunity kind of arose where I said, like, you know, I’m watching all my friends lose their jobs.
I’m watching restaurants close all these things. And for me, I was still stable in my [00:23:00] position. Um, we didn’t have a lot going on on campuses. So, um, at that point I had to take a step back and say like, I’ve got to figure out something more along. Um, I’ve got to figure out something that’s going to be equitable.
Um, and something that’ll keep me entertained because that’s one thing about food service. And especially being a chef is like, you’re constantly stimulated and going. And if you want to be good at it, you’re constantly learning and trying new things. And that’s something that I’ve always, I’ve always enjoyed about it.
And so, um, texts always have, I’ve always liked to play around with things. So, um, I had the time at work. I started dabbling around and looking around, um, and that’s kind when I made that decision, like, I need to jump into this whole time because if I don’t do it now, I’ll never do it.
A.J. Murray: So you said COVID was a pivot point, I guess, but it didn’t sound like you lost your job or lost any money.
So how did it play into you saying, eh, maybe if we’re not in restaurants.
Chris Randall: So my position was contracted, um, and actually in the midst of [00:24:00] COVID we resigned like a five-year deal. Um, but those aren’t like concrete and given nobody. Clue. I mean, we had like 4,000 people on property. Now you’re sitting at like 70 people on property with no intention to return.
So you see the writing on the
A.J. Murray: walls, I guess. How, like how long can I be in this
Chris Randall: environment? Maybe? Yeah. I mean, thankfully the, the company that I contracted for was an awesome company. Um, and it kinda had come full circle on me again. Um, I could tell that story off camera as much as I can name names of that company, but, um, yeah, it was just one of those things where I saw it.
Like, you know, before I lose my job, let me have something, you know, in backup. Cause obviously like we are solo down here in Georgia. We’re a thousand miles away from family. We don’t have. You know, safety net other than ourselves. So, you know, we had to, I had to make a move and it felt like the right one.
A.J. Murray: How does one start looking to figure out how to get a [00:25:00] job in tech? Right? Like what do you do there? I’m a chef. I want to work in tech. Like I was a cable guy, at least I was playing with things and like plugging things in and had a meter. I could read like signals. Like, how did you, how did you start?
Right? Where do you start?
Chris Randall: You’re starting points zero. Yeah. I mean, I had kind of dabbled in the idea before, so cooking was always a means to an end. And I had actually went to college to be an accountant. Like I want to be a CPA of all things. And so, um, I’m like six classes from getting my bachelor’s in accounting.
And I had a local contact who was ran his own accounting firm. And he was like, you know, come in, sit down and we’ll talk. Um, I sit there and he’s like, you’re a little too old. Coming to count was 23 at this time. So it was like, okay, I guess, I guess the specialist degree wasn’t worth it.
A.J. Murray: You’re too old to be an accountant at 23.
Is that what he said?
Chris Randall: Yeah. And he told me, by the time [00:26:00] I sat for my CPA and got everything, it’d be like 26 or 27 and I’d be too old entering the game too late. I was like, oh,
A.J. Murray: wow. So,
Chris Randall: um, I had taken a couple of computer classes and in college, so, and dabbled around with the idea. Um, I had been introduced to Python, a couple other things and.
Of all things. It’s probably about a year before this happened, I’d come across like network check videos. Um, this was like in its early days. And so I hadn’t remembered that when I came back around and I was like looking through my YouTube history and I know this guy is in here somewhere. Um, so I found it and I just started going through that and it was like, I need to know if I’m going to figure out where I go.
I need to figure out what I want my specialty or be. So I should’ve started playing around with different things and like being a CIS admin had like, didn’t sound fun at all. Um, Programming was not going to be my saying, well, kind of like programming. Um, and I like playing with that like dev ops [00:27:00] side. Um, but that seemed like a really steep curve.
Um, and one day I was sitting there and the internet went out and I was like, I need to figure this out. I have no idea how it works. And so it just kind of started to snowball on it. And that’s when I decided to like, look into networking. Did you really even have anybody to bounce ideas off of, or ask questions of, it sounds like you were doing a lot of this on your own for the most part.
I had a colleague who is pretty good with computers, he’s built, you know, a couple playgrounds, a bunch of stuff over the last 20 years. And so I could hang like basic questions off of him, um, which was really helpful to come and get the ball rolling. And then after that, it was just jumping in head first, spending hours upon hours with like a headache, trying to figure out what was going on and what was, what and how things were interconnecting.
And, um, so it was kind of a solo show.
A.J. Murray: You weren’t connected to any kind of community at right. You didn’t know that it was out there
Chris Randall: at that point. [00:28:00] No. And how far into the learning on your own, the, the dabbling, the trying different things. Did you decide that you were going to try to apply for something and, and how did that work?
I didn’t apply for anything. Um, just cause I knew that there was going to be like a massive pay cut going from, you know, being in a director position to jumping over. So it was like, I know that I, at least for now I have time to build up the skillset. So I think the first time I applied was actually.
It’s a job offer was made to me. It’s, you know, um, when Frank’s reached out. But other than that, like the first time I applied, I got the job, thankfully.
A.J. Murray: So was this a long game for you? Because anytime I hear somebody say I took a pay cut to pivot, it always gets my attention. Right? Like who’s looking to make less money.
You’re an established guy. You had a propensity to be a great chef. You’re running stuff. Like that’s a big risk [00:29:00] or a big move. I mean, I get the insight that you had with COVID-19 maybe, you know, I look into tech, which is this thing, but how do you, like, it’s just you and your wife, you’re on your own.
You’re a thousand miles away from family and you’re going to take a pay cut. That’s a, that’s a big brisk,
Chris Randall: right? Yeah. I mean, thankfully we were like in fortunate position where, you know, I was making enough money where. You know, a good buffer. Um, but it’s, I mean, it’s as tight as it can be kind of thing.
Um, you know, we had to do some things like get rid of some toys, sell it. Sure. Um, you know, cut back on all the fun activities, but I look at it, you know, 2, 3, 5 years down the road, if I can break even to where I was and, you know, essentially double what I was making then, um, in the long run it’ll be worth it, but
A.J. Murray: like had her support,
Chris Randall: right.
She was on board and that’s what I wanted to bring up. Were you dating engaged or married at this point? So the entire time we’ve been married [00:30:00] since I’ve started district, are those conversations like
A.J. Murray: when and my job and make less money. Isn’t this cool. Never checked out. We didn’t do.
Chris Randall: That’s kind of what I wanted to know. Did, could she see, could she kind of see the writing on the wall with you that, Hey, I, you were thinking you might want to pivot or, or did you kind of keep that to yourself? No. Yeah, we have, um, we have an extremely open relationship and communication. And so over the years she kind of knew, and I’ve been open about that.
Like, you know, long-term this, isn’t like, it’s fun now, but isn’t when I’m 40. Or if we have kids, there’s something that I want to be. Um, and so what I started to tell her about it, I mean, you know, all my other kooky crazy ideas, she was just like, okay. And what’s funny about that is like, I circled back with her after of course everything started happening.
[00:31:00] Um, I was full of my hair out, cause it was a whole bunch of stuff. I didn’t know when I took on the fridge like position doing contract work. And she’s like, I don’t know. And like the next thing, you know, like I got the network admin position and she’s like, no, I wasn’t, I wasn’t sold that. You were going to do this for the first couple of months.
And then when I started seeing you for six, eight hours a day, like after work in the office, like studying what I saw you like sitting on the couch with headphones and watching videos, like falling asleep, watching videos and doing stuff. She’s like, I knew you were committed. And I knew if you were going to do it, it was going to happen.
So,
A.J. Murray: wow. There’s a lesson in that, right? Like. You can make that decision and commit to something and just everybody in this industry, right? Like you just, you put your head down and you just grind away and you have to do it in your spare time and nights, weekends, like whatever, like just. Yeah. It’s a lot of work right.
To break
Chris Randall: in [00:32:00] sometimes. Yeah, no, I mean, that’s one thing, like, you know, posting on Twitter and discord and all that, like all the fun stuff and the winds and things like that. It’s always exciting. But like, I think one thing to be like proud of the chair is like, you know, the fails and the grind as well, because like I would sit at work and all my downtime and read and like go home and like give up, you know, family time or time with the dogs playing video games, like going on trips, you know, committing my time to that.
And so there was a sacrifice, I mean, fortunately things have fallen in my lap if you will. Um, you know, I’ve been very fortunate in that aspect, but you know, the hard work siren, if you’re willing to put it in, I think, you know, you’ll be repaid for it.
A.J. Murray: Choose passion, right? Like who the hell is going to do that?
So, if they’re not interested in into it, you know, like you just can’t, you can’t, long-term fake something like that now, subnetting, like just, you know, one thing after another, I mean, you really gotta be interested.
Chris Randall: Right. And even at that, I mean, like, [00:33:00] I’m like super excited about like Terraform and infrastructure’s code right now.
And like every day I’m pulling it up and doing that. I’m like, I got to step away from this today before I burnt myself out. Because like too much of a good thing, you know, Hey,
A.J. Murray: Awan fans AIG here for an ally, never heard of the ally. Sure. You have. They came from the same group of engineers that brought us network tools from flute networks NetScout and now their net ally.
They know networking. I’m a network engineer for a partner. And when I go to a customers and see, they use net net, ally, I know it’s going to be so much easier to troubleshoot issues. We might run into the name may have changed in an ally, but the way they build tools, hasn’t changed a bit. They ask what would a network engineer want to help make their job faster and easier.
And then they go build it just like this ether scope. NXG that ally is here to help that ally simplicity, visibility, collaboration, visit net ally.com today. Now back to the show. So I, I kind of want to take a step back, like, let’s talk about what it [00:34:00] was like to try to break into that first tech job. Like you you’d been studying for a while.
You’re building up the skills, you know? So, so let’s, let’s see, like what, what was the job? What was the process? What was that like? Like obviously somebody saw like, you know, that they had an opportunity to present to you and they took a chance on you.
Chris Randall: Um, It was interesting because I was sitting on Twitter, like at work, the one there, and all of a sudden they get like a, a DM from some random guy.
And he’s like, Hey, I think I have an opportunity for you. You know, here’s my WhatsApp number, get a hold of me. That’s like, okay. You know, this could be fake, but if it’s five or 10 minutes of my time, what’s five or 10 minutes. So I get a hold of this guy and like, um, as I’m on the phone with him, I’m looking him up and like, everything he’s saying is true.
He’s like a forward Cisco guy. He, you know, we’re kind of high up for like 18 years there moved back to Euro, started his own network automation company. They, you know, they’re kind of [00:35:00] been up and running for like four years now. They’re like, okay, this sounds legit. But everything he’s saying is like way over my head.
And he’s like, don’t worry. Like, you know, we just need some help and we’ll help you along the way. I just want to give you a shot because you looked like energetic. And, um, you know, I liked that you’re trying, and that you’re willing to put yourself out there, so, oh, wait a minute. Their secret
A.J. Murray: sauce here.
Yeah, you’re tired. You’re not qualified. You don’t have the skills, but he sees something in you. And he’s like, I’m going to teach you that this is, I hear this a lot. Right. People say, oh, I’m not, I’m not good enough. I’m I qualified. Like you, you reach. There there’s something to me. I mean, I look at my own story.
There’s something about reaching beyond your comfort level and saying yes to things. You’re not sure you can do, because on the other end of that conversation, that person sees something in, you believes in you, you know, like, I feel like an imposter a lot of times, and one time I had a director be like, oh yeah, sure.
Everybody has it wrong. And you’re so clever. You have everybody [00:36:00] fooled, right? Like this guy saw something in you and pulled you, pulled you into this. So what’s the secret sauce. What did he see? So your commitment, he saw your passion, he saw your working hard. Like how did you pull that off? Because
Chris Randall: that’s no joke, right?
Yeah. I mean, you know, you gotta be honest out there and tell people what you’re doing. I mean, even if it’s not big, exciting stuff, like, you know, I came from cooking. Practicing some diving here. I am like trying to throw a physical lab together, even though I have no idea, like what ramen is. And last guy doesn’t know what the password was like, you know, just, I think networking is one of the biggest things that people like undervalue.
And I don’t mean in the physical sense. I mean, like, you know how we we’ve all connected. Um, he found you on Twitter, ISA.
A.J. Murray: Yeah. And on Twitter you had been posting your study journey, your lab building, you’re sharing it right.
Chris Randall: Saying I’m doing okay. All my interactions. Um, I think I posted some videos, like wiring up my physical lab and trying to go through some things, ask some questions, [00:37:00] kind of posts or whatever chapter I was on, things like that.
Um, and he had followed me for like a month and I didn’t even realize that he was, you know, he’s like Abbot to watching your journey. I think it’s really cool. Um, I think, you know, I want to take a chance just because you look like somebody who will take, take advantage of it. Did you have any
A.J. Murray: certifications?
No. Okay. So everyone out listening, I’m just trying to figure out how to break into it or networking. No certifications, no computer science degree, no experience. But you started, you made the decision, you made a commitment, you started grinding away. You shared your journey with the community and somebody saw your passion and your drive and your interest and gave you a job, right?
Is that what you’re telling
Chris Randall: us? I mean, I was getting paid to do technical documentation for network automation tools. Company, halfway around the world, you know, and I had [00:38:00] never logged into an ID for more than 10 minutes and I had no idea what it was or how to pull down a repo. Um, I pretty much sat there for a week.
Couldn’t get on the VPN, um, all those instructions for real. So,
A.J. Murray: um, so if you weren’t connected to the tech community and you weren’t sharing and writing your story and making videos that job, it doesn’t sound like it would have happened. Right? You, you needed, you needed to tell the world what you were doing for the sky to be able to
Chris Randall: find you, right?
Yeah. I mean, without the network piece, without the community things, I mean, I wouldn’t be here. Um, it’s, you know, it helped with that because somebody was watching and it was at the right place at the right time. Um, especially the way Twitter algorithms work and things like that. I was fortunate in that aspect.
Um, you know, and then at the same time, I like to end up in this community as well was just through random, like Spotify searches, I’m looking for podcasts and things like that. [00:39:00] And it was, I think you guys are only a couple months into, so it was by happen chance or happenstance that I came across that, um, and like, if you’re out there and don’t be afraid to like throw whatever you’re working on out there half the time I was just throwing like, Hey, this is the chapter I’m working on.
Then somebody would pipe it in and like, Hey, if you need help or, Hey, this is a really good method or something like that. I mean, I got a lot of really valuable tidbits that way. Just like sharing what I was doing for the day.
A.J. Murray: Still trying to process everything here. This is such an incredible, incredible journey and incredibly short too. So like w when did you like. Door to door. When did you leave the cooking industry? And when did you start in the tech industry? Like how we talk in months, years, decades, not decades. I
Chris Randall: know. But are you talking like started like the study journey or just like,
A.J. Murray: well, I like [00:40:00] w from the time you left the, the, your position working in the cooking or food industry to, to landing your first tech job let’s can we start with a decision was made when you made a decision?
That you wanted to work in tech and you were going to start taking action from that decision until you landed that job. How long did that take?
Chris Randall: It was February of this year. Um, end of February that I landed at CCNA. It was on a Friday. Um, you did have your CCNA. I wanted to ask you about search. So I got the first contract before my CCNA and then about a month and I landed my CCNA.
Um, and then I took about, let’s see, I took about two months, um, kind. I was just like, I gotta do it. If, you know, I don’t want to start losing information. I want to make the jump financially. We were able to make some decisions that allowed it. And so by may, into [00:41:00] early June, I made the decision to start applying, um, locally or for remote positions.
So I think I applied to about a half dozen or so before I got a call back, it was less than a year. Yeah. So about three months I
A.J. Murray: felt, yeah. February to may. So you made a decision in February, you got a gig in may. It’s, you’re one of those guys. It’s hard to like Chris,
Chris Randall: I’ve been extremely blessed and fortunate for the opportunities that have followed my way.
A.J. Murray: So that first consulting company, is that something you’re still doing on the side? Are you still working with them? Um,
Chris Randall: so I was with them for about six months and as I transitioned over. Um, because I did transition over to the DOD and things like that.
Um, it was just best interest to not have ties to foreign companies. So that was
A.J. Murray: the [00:42:00] automation guy, right. From your book, you started with technical documentation. Is that what you said? So,
Chris Randall: yeah, so like all of their, um, on their website, all their documentation, all their white papers, everything like that.
I was tasked with restructuring rebuilding, um, and putting a less technical spin on it. And at the same time I was supposed to study it so that I could start helping with like troubleshooting projects. Gotcha.
A.J. Murray: Gotcha. So from there, where did you go next?
Chris Randall: So after that, I ended up, um, it was July of this year.
I ended up with the DOD, um, and a local, a local office here on base as a network admin. And so kind of. It was an interesting set up just the way everything’s going. But there was like three local networks, um, nothing too complicated. And, uh, it was very slow, very, very slow.
A.J. Murray: How do you get a job at the DOD?
Aren’t they like [00:43:00] military people are like, did you have to get clearances? How does that
Chris Randall: happen? Yeah. So, um, got a clearance, which ironically or coincidentally, uh, My clear, showed up on my last day with them. But, uh,
A.J. Murray: well you have to be sponsored to get a clearance to
Chris Randall: sponsor. Yeah. Yeah. So the contracting company, um, is that it’s a company that I contracted through sponsored.
And then, um, we worked with the DOD and then, um, to government, to the government in the military, um, on the project that they had going on. So it was kind of a cool little setup, got to see some different things. So I really slow walk into stuff. Um, but then again, there’s a lot of red tape there with DOD.
And like you said, having to get, um, clearance and things like that. So it took a while to get rolling. And then, um, I was only a couple of weeks and I was like two or three weeks in and the former network engineer who was. Like the CIS. So at the time was like talking to me, he’s like, how do you like [00:44:00] it?
And you know, it’s good. Um, it’s smaller than I expected that, you know, that’s fine. Um, you know, do everything that I can kind of goes, um, yeah, I know you’re going to outgrow it at some point. It’s kind of small, it’s kind of slow. I’m not a lot changes around here. So, um, all the big projects are kind of in place unless you have to like switch out, um, a switch or something like that.
Something dramatic happens. Um, but he goes, so I don’t foresee you being here more than like a year, a half or two years. Cause you probably outgrow it. And so that was kind of like a, I don’t want to say red flag, but it kind of. Um, light went off and I was like, well, if I’m going to put a year and a half or two years over here, you know, where do I want to be in a year and a half for two years?
Or where else could I be? Um, and so I just kind of had that thought. And then about a week later, um, I saw somebody posting about a associate consulting engineer position that kind of caught my attention, [00:45:00]
A.J. Murray: uh, a friend and a community that you,
Chris Randall: you even had that thought is kind of something not kind of, but it’s definitely something special about kind of your mentality and how you’ve gone through your
A.J. Murray: career is you got this job in, in, you’re already
Chris Randall: thinking about your next step and your long game and that kind of thing.
And that’s. That’s not something you see in everybody. So I think that, that says a lot about you and your character that you were already kind of seeing, Hey, this place is kind of slow moving. I’m trying to build a life out of being in the tech industry or doing tech related jobs. Maybe I need to already start looking at the next thing.
So that, that was really cool to hear you analyze that kind of right. Issue got into one door. Yeah. It was one of those like, um, you know, you did an opportunity and then the better opportunity always comes up right after. Um, and it was a hard decision. Um, I, you know, uh, you know, shout out to Weezy [00:46:00] net seq, wheezy for the opportunity I had kind of just inquired about what was going on, um, after he posted it and just what it was.
And so I had sat back for about two weeks and thought it over, talked to the wife and I was like, yeah, This would be a really fast move. I just got an opportunity. I mean, I’m locked in here. I can take it slow, take my time, you know, keep going, what I’m doing, and then try to jump up, you know, and run the rat race.
Or there’s this really like sounds too good to be true opportunity over here. Um, you know, should I go investigate that more? And you know, the wife is all important for it. So I started thinking wheezy a little bit more, a little bit more, and um, one thing led to another and it was just the right. It was the right path because other things were going on.
Um, you know, where I was already at that were just kind of like, yeah, this long-term, it’s not going to be the opportunity I want for myself.
A.J. Murray: Where did you see that post? Where do Weezy
Chris Randall: posts that [00:47:00] job? So, um, Weezie posted it up. I think it was in jobs. And I just so happened to come across it. Cause that’s one of those ones that I had needed at the time, the discord area yeah.
In the discord. And so, um,
A.J. Murray: so the community, another community platform. So I wanted to point at like Twitter got you that first gig and now, you know, different community platform. Plugged in, into the community seems to be paying
Chris Randall: off, right? Yeah. Um, networking and networking network, the network. Um, I had like only high conversations with Louisa you back and forth.
I mean, everybody knows he’s a huge cheerleader, um, super supportive guy. And so. Been back and forth with him on Twitter a little while, a little bit. Um, but never really chatted with them. And so I got to know him a little bit, going back and forth, um, in the discord in a one channel, just talking about like, Hey, what’s this opportunity?
What’s it look like? And that’s when, like he dropped it on me that he was [00:48:00] actually in the program. Um, and so he had like firsthand experience to tell me what was going on. And so that’s when, um, kind of started that process. So at that point twice out of the three opportunities I’d gotten, you know, networking and community.
Once again.
A.J. Murray: It’s nice to hear.
Chris Randall: Yeah, that’s incredible. So what do you have in front of you? You’ve got this,
A.J. Murray: uh, you said it was a 12 to 18 month ACE
Chris Randall: program that they’re trying to get you to get through it in 12. What does it look like after that? Are you working directly with customers or what are you going to be doing?
Yeah, so fall into a full-time consulting engineer position. Uh, post-sales doing deployments, um, things like that for, uh, customers, whether they’re returning things like that for Azure deployments, um, I’m on like the hybrid infrastructure side, so, uh, that’ll be exciting. And then [00:49:00] I’m hoping to develop more of like the infrastructure is code platform that they have.
Uh, hold on.
A.J. Murray: So it’ll be, you’ll be post-sales will you go install stuff, but you know, to cloud man, it’s just, it’s just, I mean, it’s right here to install. I mean, are you, I don’t know. Maybe I don’t understand, like, you know, it’s somebody else’s infrastructure, right? So what do you install posts if somebody’s going to want to connect to Azure and you’re going to help them connect to Azure?
Chris Randall: Yeah, it’s a lot of, um, Cut off hybrid blends of like taking their, you know, their Ady and moving up into the cloud. Um, maybe there’s some Greenfield deployments, things like that. My understanding is that there’s a lot of, uh, what you call it. They’re bringing over a lot of stuff into the cloud that they already had on prem.
Especially with everybody going to less of a physical [00:50:00] footprint these days with staff, you know, you don’t need the big buildings and things like that. So they’re just getting rid of physical infrastructure. Right. So
A.J. Murray: moving
Chris Randall: people up into the cloud. So yeah, I hear the cloud’s a big thing. It’s as big as you want it to be.
Yeah. Yeah. I mean,
A.J. Murray: that’s, that’s the place to be right
Chris Randall: now. Right? It’s it’s a very good direction. My opinion. Yeah. I think it’s, um, for me like the big, um, Attraction is that automation’s a big one for me. Um, that’s just how my brain works. I’m always like that concept. I do like some of the coding aspect and things.
So that’s where like infrastructure scout comes into play. Um, and just the mobility, I think, you know, going forward, you know, the work from home thing going on, things like that, the lack of physical hardware that people have access to think the cloud only gets stronger, um, over the next decade or two, which is really important for me.
So I wanted to be as ahead of the curve as I could be on [00:51:00] whatever I could do. So,
A.J. Murray: um, we’ve talked about it before, but I’m amazed at how quickly. The whole model has changed to like that just distributed, you know, instead of everything, you know, instead of going there, pinning through your hub for everything the way it was not that long ago now there’s just stuff everywhere.
It’s, it’s, it’s all distributed all over the place. It happened pretty quickly. I guess the COVID thing kind of accelerated it maybe right. With everybody at home. And, uh, I dunno, it’s, it’s been amazing to watch. Like when I started not too long ago, it was all on prem and I managed our data centers. And I blinked my eyes and multicloud and everything’s moving there and, you know, agile speed of deployment.
Go, go, go. Like it’s I, I see the benefits, right?
Chris Randall: It’s it’s real. Yeah. It’s a, COVID definitely had a massive impact on that. I mean, if you didn’t have everybody working from home and, um, needing the inter-operative operability of everything like that, I don’t think it [00:52:00] would’ve happened for. That’s five years or so you went up sold so many people and then, you know, with the supply chain things going on too, people can’t get physical hardware.
It’s like, well, why not go to the cloud? And at the same time, if you do it right, you know, you can be efficient in your cost. And, you know, maybe save a little bit of money. What’s
A.J. Murray: magical to me is the ability to spin up capacity instantly. Like as one example, when COVID hit, I work for a large company and just everybody went home and they did not have the capacity with our VPN infrastructure in our data centers to accommodate that.
So you were constantly getting kicked out. It would take an hour and a half to get logged in in the morning. And it all got spun up in a cloud provider. It was overnight. And we went from, nobody could connect for weeks to consistently to like, oh, there it is. You know? I mean, that’s, you know, how long from a guy who’s been building.
Infrastructure in on-prem data set. It [00:53:00] takes forever to get that crap rack stack, working circuits, like, you know, whatever you need to add capacity and to be able to do it instantly in the cloud. And that’s just the speed at which things are moving. This is just really insane. And the cloud enables that.
It’s
Chris Randall: really cool. Yeah. That’s crazy. You going from like, you know, building simple networks and doing all this stuff in the CC and I, and my like network admin stuff, and then turn around and like hop in Azure and even like through Terraform and things like that, just spin up. Here’s a, of the net. And within that, I can just drop some nets and it’s all in just a matter of like 30 seconds, it can be spun up.
I mean, all that works, but. In the background. So it’s crazy to see you kind of like, I don’t wanna say old school, but you know, it was a very traditional and, um, you know, physical way to do it and then go hop into the extremely virtualized side of it and see how quick it is. And so I don’t want you to give away company secrets or anything like that, but [00:54:00] can you, can you kind of
A.J. Murray: unpack this, uh, this ACE program
Chris Randall: it’s really intriguing to me that they, they bring people in that, in this case you didn’t have any cloud experience, but they’re willing to put you through this 12 to 18 month program, kind of at a high level.
What does that program look like? Do they got you going through Azure certification programs? Are you just shadowing other team members all day? What does it look. Yeah. So, um, I’ve only been there a couple of weeks too, so take everything with a grain of salt, but, um, um, and if anybody from CDW have only been there two weeks, so take it with a grain of salt.
But so yeah, I mean, it’s a pretty well kept secret. It’s one of those things where, I mean, CDW is massive. I think, you know, well over the 10,000 employee mark, and they’re constantly trying to, you know, keep the pipeline stacked with like talented [00:55:00] individuals and passionate individuals. And that was a big thing that was thrown at me.
I think I had five or six interviews during the process, um, with people from the program and above the program and, you know, it was all management and things like that. Some technical interviews, some consulting, interviews, things like that. And what they’re really looking for is somebody who’s passionate and driven.
Um, they said, you know, we can teach you the technology, but we need somebody who’s going to show up and want to do it. And also somebody who can speak to people, um, because you know, as Adrian with now being a consultant, things like that, you have to talk to a variety of people and, you know, be able to translate everything that’s going on.
Um, effectively of all sides of it. So secret
A.J. Murray: sauce, Chris, secret sauce, passion drive and communication. That’s I hear this a lot and I’ve experienced it myself. We can teach you the tech, what we see your passion. We can see that you’re [00:56:00] driven and you’re able to communicate, oh my God. There are the three
Chris Randall: things right there.
I’ve got the cheat code, right? Like I was a manager for the out of those 13 years in food service. So, you know, I know what to look for people that I know what I was looking for. So, um, if I’m going to do it, I’m going to do it right. And be that person that gets noticed because yeah, call it cheating or maybe even brown nose, but you know, kind of, you have to know how to play the game a little bit too as well.
So
A.J. Murray: we have to be good with people. And that’s what I was thinking. As you were telling your story earlier in the restaurant business, I mean, it’s a people business, right? Like. You’re working with people. You’re feeding people. It’s, you’re constantly interfacing with people and communication and nonverbal communication picking up on cues.
Like, yeah, you, you build all those skills, right. And, and that gig, and now it’s transferable, but I’ve been, I I’ve been given jobs by the way that I was underqualified for. And they told me the same exact thing. We can teach you the tech, we see you’re passionate, you know, home lab, community [00:57:00] engagement, whatever, you know, we can see that you’re driven.
You have certification, just study a lot, you know, when you can communicate. And that’s what we need. And I’ve heard that from a lot. I’ve been on a lot of interviews. Just, you just got me all excited. Those three things, I think have been my secret sauce so far. And it seems to be working for
Chris Randall: you too. Yeah.
I mean, people want to work with people who they like, you know, and they can get along with us and we’ve all worked with the wrong person. And so, you know, especially when you’re going to invest so much into somebody from a technical aspect like that, or be somebody who, you know, is going to show up, want to do it, you can turn your head and not have to worry about what they’re doing in the background.
And like in this program, I mean, I’m sitting at home, you know, and being, being that work from home makes it even more challenging because for me, I don’t have that face to face contact. Like you said, you know, where I can kind of start to network in person, which is a little bit easier. Um, now trying to do every single for meetings, virtual meetings and things like that.
So, um, a curve ball for me, but, [00:58:00] you know, having the accountability and things to do my studies, do my, you know, keep up on my tasks, things like that happen and network where I can and do what I have to do. Um, you know, that’s going to be, you know, where you start showing up. Showing that you’re really passionate about what you’re doing.
Cause you’re just keeping up on everything without anybody telling you to.
A.J. Murray: And I didn’t mean to Pivotus away from Tim’s question. Just a fantastic question. I just got excited. So you’re doing the certification stuff. You’re learning Azure, you’re shadowing people. That is, that, is that the
Chris Randall: crux of the program?
A.J. Murray: How are they getting skilled
Chris Randall: up specifically? Yeah, it’s um, I mean, imagine just like college courses or anything like that. They, you know, they build upon each other and there’s like a soft skill side to it as well as the technical side. And they blend in together. Um, There’s certain tracks that we have to go down that are predefined for us and being like a Microsoft partner.
Um, we have pretty good access to all those Azure stuff. We’ve got like O’Reilly learning and LinkedIn and CBT [00:59:00] and things like that. So, um, we kind of have keys to the kingdom when it comes to education and resources, which is really nice. Um, uh, thankful for that because every time I’ve needed something it’s been there
A.J. Murray: and you’re afforded the time during the day to learn stuff, right?
Like, is your job right now? Just to learn, to get certified.
Chris Randall: Yeah. So really for the next 12 months, my whole job is to be learned, to be the best Azure engineer that I can be. Um, we’ve got, uh, like I said, we blend in like those shadowing and consulting, so you get that side of it. Um, and that takes up part of your time, but as well, Right now 60, 70, 80% of my time is just burnt up with studying and I’m going through all the technical content trying to get through it.
That’s
A.J. Murray: fantastic. You’re going to be a beast at the end of a year. It’s
Chris Randall: just
gonna be,
A.J. Murray: you know, and that is your beast, right? Sorry.
Chris Randall: Yeah. Yeah. Yeah, it will be interesting. So I just have like my [01:00:00] first meeting and went over goals. I still have to get my security plus, which I’ve been studying for, for like four months. So, um, but I’ll have it done at the end of the month. I’ll have, I’m going to sit for my easy 1 0 4, which is like the intermediate, like admin exam.
Um, I’ll set it for that before the end of the year and hopefully pass that. And then by the end of February, I’ll probably have the Linux like certified administrator. And then by may I plan on having the Azure expert certs, so it’s going to be fast paced.
A.J. Murray: Wow. How does one lab for cloud studies? I kind of know the answer because I was on the AWS track for a minute, but just for people listening, you know, you build, you said earlier you built a physical lab.
So if you’re studying cloud, how do you lab cloud?
Chris Randall: Yes, it was a really cool thing about that is, uh, um, Azure, like Microsoft offers. Uh, 12 months, um, free trial with like $150, $200 credit for your first month. And then AWS has the same thing for [01:01:00] like 12 months. You can hop on, they have a free tier, so you can go play with things.
And so, um, if you go hop on, like Microsoft has a really good setup or on Microsoft learn, um, it takes you through all the topics that they built themselves that attached to the different certs. And then, you know, you can go take that because some of them have integrated labs to go hop on your free account and just start playing around with it.
And as long as you don’t mess anything up, which if you’re trying to learn, you can learn your billing instructions and things like that. Um, you don’t spend any of your personal money and you can have a, basically a virtual.
A.J. Murray: Set billing alerts, right? That’s
Chris Randall: the key there? Yeah. I got scared. I got one this morning from AWS and I haven’t played with that in like four months.
Um, it was only like $7. I’ve seen people with like five digit bills come through because it didn’t shut something off.
A.J. Murray: And I’ve heard that. Oops. I forgot to turn something off. All flips
Chris Randall: a $5 alert on that one. [01:02:00] We’ve got like a, an allowance at work, which is nice. Um, and then on top of that, it’s pretty restricted so that we don’t go spending too much company money.
A.J. Murray: Oh man. Uh, th this is just absolutely incredible. I, I hate to say it, but we’re coming to the end of our hour here, Chris. And yeah, I know. Right. Um, anything that you want to like cap this off with, you know, advice that you have for people, either looking to break in or, or jump from one career to another, such as you have done, what what’s, what’s the best words of wisdom that you wouldn’t want to give them?
Chris Randall: I think the one thing is that you’ve got to be able to try, um, and it’s worth it. If you put the effort into it, um, the opportunities are out there. Um, you’re going to have to go outside of your comfort zone to find them, but they’re there. If you’re willing to go and if you’re willing to go find them, they’re there for you.
And so it might not seem like it at first telling me that I went six, eight months and. [01:03:00] Didn’t seem, I didn’t know if it was going to happen. And then all of a sudden it just, it clicked and, you know, so, um, you know, be networking, always be laughing, all those fun things, but just put yourself out there.
A.J. Murray: I love it from, uh, from like culinary master chef to a.
Cloud network engineer, what an incredible journey. Uh, Chris, thank you so much for joining us this week. Uh, thank you so much to all of our Patriots. Uh, if you’re interested in joining the Patriot and hanging out with us every week here you can do so@patrion.com forward slash R of net enj. And, uh, Chris, if people want to follow you, learn more about you, where can they do that?
How can they do that?
Chris Randall: Um, so it’s IPV folk on all the handles, um, IPV, pho,
A.J. Murray: um, and so good by the way, I just want to give you props it’s it’s a great, awesome.
Chris Randall: I actually have people with. It’s actually, [01:04:00] it’s a Vietnamese soup, a noodle soup, and I got to give it to HIV botched at one day on the winds. And so that was enough for me to switch it from what used to be.
A.J. Murray: It was good as well. Was it
Chris Randall: before it was bites to bits. So, you know, but even I would forget it that’d be like as a BITSA bites or bites to bids and then everybody else watched it and I was like, okay, if nobody else can remember that.
A.J. Murray: So your blog is so bites to this. We got to work on some branding there, but I do want to just give your blog a shout out because I, sorry, I know we’re wrapping up, but I wanted to hit this, that I have been playing with GitHub off and on.
Right. Do it a little bit at work. And I, I get, I know how to do what I have to do, but I didn’t really understand what’s happening. But under the hood in certain things. And when I saw, I forget where I saw it, but I’m using GitHub to take notes, blog posts on bits to bites, [01:05:00] kind of put it all together for me.
And like, I mean, I didn’t even know you could do that. First of all, I didn’t know. You could take notes, you know, you know, in and get hubs. So it’s just a great, I really like your blog. I really liked the content you’ve been putting out the get hub for me, for a guy who struggles with coding and concepts, like get hub and CSED blah, blah, blah.
Like, I really like how you distill this stuff down and you have a good way of describing it. And you helped me with get hub. And I’m a guy who has been using GitHub for a year at work. So, um, you know, good blog. I liked your content.
Chris Randall: Um,
A.J. Murray: Sorry, JJ. So where, where, where can we find you? It’s going to stay BITSA bites, bites to bits
Chris Randall: for the blog I’m working on.
There’s some more in the hopper for the, for all of that. That’s not like it probably won’t happen this year, but yeah, for now it’s there. I think it’s linked on my Twitter and on my LinkedIn. Um, yeah, but there’s more to come with that for sure.
A.J. Murray: All right. And we will drop all of those links and the show notes, [01:06:00] the Twitter, the blog, and the Lincoln.
And, uh, you can make sure you connect and follow Chris wherever he’s at. Chris. Thank you so much for joining us this week, man. Thank you, gentlemen, graduations. Uh, congratulations to you. You’ve definitely earned it. Uh, and we’re, we’re going to keep watching you. Can’t wait to see what you do.
Chris Randall: Thanks.
A.J. Murray: Awesome. Well, thank you so much. And, uh, that’s a wrap. Thank you. And, uh, we’ll see you next week. On another episode of the art of network engineering.
Hey everyone. This is AIJ. If you like what you heard today, then make sure you subscribe to our podcast and your favorite podcatcher smash that bell icon to get notified of all of our future episodes.
Also follow us on Twitter and Instagram. We are at art net enj that’s art of N
E T E N G. You can also find us on the web. At art of network engineering.com, where we post all of our show notes, you can read blog articles from the Cohosts and guests, and also a lot more news and info from [01:07:00] the networking world.
There’s no denying that network engineers can be a tricky group to shop for, especially if you aren’t a network engineer yourself. This year-round guide can help you shop for the network engineer in your life, regardless of the occasion. Use this list for some inspiration to help make their work lives a little bit better. You may even find yourself on their gift-giving lists in return!
**This article contains affiliate links as part of the Amazon Associates Program which means if you click through and make a purchase we get a small commission. We only recommend products we love!**
10 Gifts for Network Engineers
Wireless Console Cable
Every engineer has been here. In a data center or a data closet or a wiring closet. Countless hours sitting on concrete floors gave them a sore back, sore legs, and sore everything else. Simply because they’re limited to the 6ft/2m length of a standard console cable. If only there was a way for an engineer to extend that so they could feel free to sit nearly wherever they want. That’s where the wireless console cable comes into place. Enabling the engineer on your list to sit more comfortably while they work will certainly go a long way for them.
Photo Credit: Cloudstore Limited
Air Console makes a series of products that will help your engineer out. Their entry product, the LE, works perfectly fine over Bluetooth for $59. However, if you step above the LE into either the Mini/Standard-Pro/XL, the addition of Wi-Fi and Ethernet-based IP connectivity is a terrific addition. Those step above models start at $85 and range up to $150.
Collapsible Chair
Speaking of those hard floors, engineers can’t always expect to have a comfortable place to sit at a job site. The job can take them from warehouses to factories to retail stores and it’s not realistic to assume there will always be a good chair available. This is where a good, portable, compact and easy to carry chair can be a back saver.
Photo Credit: Trekology
Something like this Yizi Go Portable ($40) chair would be an ideal addition to any engineer’s trunk. Unlike other compact chairs, it has a seat back to reduce strain while retaining its compact and easy-to-carry profile. This is guaranteed to make the work days a bit easier.
Sergeant Clips
Unfortunately not every task a network engineer has in front of them can be performed from a newly gifted chair. Many times they need to get hands on with a lot of little cables, and losing track of those cables can lead to longer and more stressful days. One way to get around this is to label every cable, which can be pretty tedious.
Photo Credit: SergeantClip
A nicer way to work is with a tool that clamps onto the cables in groups and keeps them in alignment. Over at SeargentClip.com (£12.50 – £37.00, ships from the UK) they make a handy little tool that clips onto cables, in groups of 6 or 12, and keeps all of those cables in alignment. If you aren’t certain how many to buy, I’d suggest starting with a 48 port bundle. The largest number of ports, and cables, you’ll see on a single switch is 48 ports. SeargeantClip is also available at Amazon.com.
Multi-use Headlamp
A common theme here, which was highlighted under with chairs as well, is the fact that every environment is different. It’s easy to take a chair for granted, good lighting falls into this category as well. Poorly lit environments can wreck what would otherwise be a productive day. It’s not uncommon for a new site to not be fully lit when a network is being installed. It’s not uncommon for an existing site to forget to change the lights in a network closet. Having a good headlamp ahead of time is a great way to avoid any of these scenarios up front.
Photo Credit:Victroper
There are a lot of headlamps you can choose from. I’ll recommend one type specifically, this lamp made by Victroper, for a very specific reason. It has multiple types of headlamps in one. If you need to flood an entire room with light, it can do that. If you need to spotlight something right in front of you, it can do that. There are some other nice features for outside of work, such as red LEDs and strobe, but the ability to recharge it can be very handy.
Cage Nut Tool
If you’ve ever seen a network engineer with band-aids on their fingers and knuckles odds are they were working on installing equipment within the past few days. It’s hard to fully describe the perils of this sort of work but messing with small thin bits of pressure-loaded metal, it’s not uncommon for accidents to occur. Some rack manufactures include a basic version of this tool, but it’s often discarded. Many engineers work for years without knowing a tool like this even exists. You can help in those situations, and more, by gifting an upgraded version.
Photo Credit: StarCase
This screwdriver-ish-looking tool made by STARcase is an upgraded version of what an engineer may find attached to a new rack. Those tools are usually a small piece of curved metal. This upgraded version provides a sturdier install with an easy-to-grip handle which will reduce on inadvertently cut-up knuckles.
Work Bench Safe Drinking Vessel
After all this work, any network engineer is going to require some work-appropriate hydration to stay healthy. One of the trickier things to do, depending on where they’re working, is to make sure their beverage of choice stays where it should be. A spill on a work bench could be devastating and lead to a RGE (Resume Generating Event).
Photo Credit: Coleman
I’m partial to this Coleman Autoseal bottle. Comes in 2 different sizes, 6 different colors, and the feature that keeps it safe is a push button valve to control when liquid flows or not. Knock it over or turn it upside down, the liquid stays inside. It’s also a stainless steel insulated bottle, so no worries about the bottle sweating either.
Loopback Keychain
When it comes to testing equipment an engineer can find themselves in a pinch without some really simple tools. These tools can go high tech or low tech. Each of their time and place. A nice, and affordable, low tech tool is a loopback tester. It’s the equivalent of calling a friend to see if your new headset sounds good, but for a network engineer.
Photo Credit: Networx
It’s hard to know exactly what sort of equipment any given engineer could be working on. I’d suggest at least these two: – Ethernet loopback ($9) – LC Multimode loopback ($15)
One very common task a network engineer may have to perform is to check if there is “light” coming through a fiber-optic connection. It’s recommended that you do not look into the fiber optic cable directly as the laser light can damage your eyes, but some people do it anyway. A clever workaround is to use your phone camera, but this may not work for 10gig or single-mode fiber. A good way to make sure they can always safely see the light? With another somewhat low tech tool specifically for the task.
Photo Credit: GESD
This Visual Fault Finder ($30) is technically used to find breaks in fiber runs but can double as a handy locator for perfectly good fiber connections. This can save an engineer a good amount of troubleshooting on something you’re not technically supposed to look at.
NetAlly LinkSprinter
This is a big-ticket, high-tech item, but it can truly be a lifesaver for an engineer in the field. The NetAlly LinkSprinter is a pocket tool that packs a lot of information into a small, handheld, unit. When working at a job site it can be pretty unpredictable where cables connect behind the scenes. Even when it appears predictable, you never know when you’ll come across an oddball that connects somewhere totally unexpected!
Photo Credit: NetAlly
The LinkSprinter 300 ($400) helps answer a good number of questions. It can tell an engineer where they’re connecting, how their connection is configured, if the connection is good, and a slew of other good information in the palm of their hands. It can shave hours of troubleshooting time by eliminating a game of hide and seek around a facility.
Raspberry Pi Kit
This last item isn’t specifically for a network engineer, really any technology savvy person, but it’s hard to go wrong with a Raspberry Pi kit. It can help them set up a test bed for learning how to learn programming, which is becoming a common trend for network engineers. It can run dedicated applications aside from their regular computers. It can serve as a house wide ad blocker. A good digital sandbox like this can be truly invaluable.
Photo Credit: CanaKit
You’ve got two ways to go about this. You can buy the Raspberry Pi on it’s own but I prefer to gift someone an entire kit to save them having to pick up some odds and ends they’d need to really put it all together. A good starter kit ($130) will cost more but it will give them everything they need, and more, to start using it on day one.
Wrapping it all up – literally!
So there you have it! 10 items that can really help an engineer in their work day year-round. With a few items off this list you can help save them from body pain, or hours of wasted troubleshooting time, and maybe give them a nice learning tool in the process!
Prices are subject to change at any time. The prices displayed herein were the prices as of the publication of this article (December 2021)
This is not meant to be a “hooray for me” success story. The purpose of this post is to be a message of hope. I’m not someone who goes out and gets 10+ certifications a year. There is absolutely nothing wrong with that, I respect and admire the determination and focus of people that are able to accomplish that, but that is not me. I move slow. Perhaps too slow, but that is the pace I typically adopt when preparing for a certification exam. Recently, I passed the Cisco 350-401 ENCOR exam. Yes, it was on the first attempt, but there is much more to the story. Remember the slow pace I mentioned? I began studying for the ENCOR exam in January of 2020. It took me until November of 2021 to feel ready enough to take the test. It really wasn’t too much of an on again/off again thing either. Other than a few breaks here and there, I studied a fair amount of those almost two years. Now, if you are thinking about or already working toward this certification, this isn’t meant to scare you. There are people out there that have accomplished this in much less time. There is a critical mistake that I feel like I made in that first year that caused me to practically reset my study progress at the beginning of 2021. I’ll get into that in the next section to try to prevent others from falling into the same trap. Back to the message of hope. I don’t consider myself someone who can just jump into anything and absorb/retain concepts right away. What I do have is passion, drive, and determination. I feel like those three things, along with discipline (CC: @TeneyiaW) will get you there when it comes to this certification. The exam blueprint is definitely wide, but I believe in you. I mean this in the most sincere way possible, if I can do this, you can do this.
Alright, now let’s get into the study plan that helped me reach this goal. Therein lies the first step, in my opinion. Make a plan and stick to it. That does not mean that you cannot modify it, but making a plan gives you a guide. I used five main resources to prepare for the ENCOR exam:
CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide (OCG)
What I have above is not meant to be “one size fits all”, it is just what worked for me, and I should caveat that my employer got me access to CBT Nuggets and the Cisco On Demand learning and I am incredibly grateful. Now that we have the resources squared away, what’s the plan? I started with the the OCG. I would cover a chapter (or grouping of chapters if it made sense), then cover the same topics with the relevant CBT Nuggets and Cisco On Demand learning content. With all three resources I would create Anki flashcards along the way and set time aside to try to review cards as close to every day as possible. Finally, I would leverage CML and EVE-NG to lab up any concepts that made sense to do so. I do feel that getting experience either through on-the-job or labs is very important to really tie concepts together so that they actually make sense in practice. You are probably beginning to see what took me so long to reach my goal. Again, I want to highlight that this is not the only, or even the best way. This was the plan/strategy that I chose, and it eventually got me there. Now, what was that critical mistake that followed me throughout 2020? It was the lack of flashcards and review. Basically, all through 2020 I was just going to content in the three platforms I have mentioned and doing some labs. I was not taking notes/flashcards or reviewing anything. Looking back, what I was doing made zero sense. Because I wasn’t reviewing anything, I was essentially losing things that I learned shortly after going through the content. Thanks to the advice from the AONE podcast, I adopted the Anki application both on a computer and my phone and I absolutely love it. Typically, I would create cards on the PC app while going through content, sync the cards, then review on my phone so I could also walk on the treadmill. The flashcards were really a critical piece of reaching this goal for me. Finally, being tapped into the community as a resource was very helpful as well. There are many bright and encouraging people there that are willing to help. Whether it is providing advice, teaching a concept, or giving encouragement, they are there and they are inspiring.
I’ll admit, this whole process was tough for me, but it was an excellent learning experience. Not just because of what I learned through the content, but I also essentially learned how to learn (and retain). Preparing for the ENCOR exam provided me the repeatable modular plan to prepare for the next challenge. For me, that next challenge will be the 300-420 Designing Cisco Enterprise Networks (ENSLD) exam. My advice to you is that if you are invested in studying for ENCOR, don’t quit, don’t give up. There were multiple times that I felt overwhelmed and just wanted to stop. Seeing that notification that I passed the exam made it all worth it. Reach out for help if and when you need, and try not to neglect your support system. I will definitely be taking some time off to rest and give time back to the ones I love.
In this episode, we talk to John Capobianco! John recently won the DevNet Creator Award for all of his work in the community! John works as a Network Engineer for the Canadian House of Commons. John started working in a factory but went to school to study software development. From there John got into infrastructure through a co-op with the school. Shortly after that, he was assigned to work in the networking field! Enjoy hearing more about John’s career and how he got into automation.
It’s been a few months since I last checked in blog wise. It’s been a long stretch for me personally, maybe it’s been the first time I’ve been feeling Covid fatigue, work burnout or maybe interviewing for a job just introduces a lot of anxiety into my bloodstream. In any case, blogging here was the first to go as far as where I’ve spent my time. That doesn’t mean I haven’t been doing anything and I’m writing today to catch up a bit!
Hacking Passwords
One of my work projects recently had me figuring out how to use hashcat with a list in an attempt to crack Linux hashes of our users. The best little cheat sheet that has helped me along the way came courtesy of Black Hills. Embarrassingly, it took me a week and a half to get a command together that would actually start cracking hashes. The worst of it was simply figuring out that I needed the hashes by themselves for processing to begin. I was initially trying to process usernames:hash thinking hashcat would simply find the hashes in my document but instead just threw an error. There are a lot of tutorials out there on using hashcat for the first time, so I won’t do that here. Instead, I’ll highlight a little ‘automation’ I did once I had my hashcat output file. Here is a representation of what my original file looked like when I pulled down every users hash:
My list was a lot longer, and had actual hashes but for demonstration purposes this should suffice. I simply need to use the cut command from here to get the hashes by themselves and then run that file through hashcat…
If you redirect that to a file, call it hashcat.txt, you’d be ready to run hashcat. And using Black Hills cheatsheet, you can specify with the -m what hashes you are running, which in my case I was doing SHA512 unix hashes. By the time I got this going, it was exciting to check my output file and see it filling up. We were really cracking some hashes. This was exciting. The next part of the journey was marrying up the password of the cracked hash with the user name. This is because the output of the cracked.txt (output file from hashcat) is hash:password like so:
$ cat cracked.txt
$6$aaabbbbccccd:1qaz2wsx!QAZ@WSX
$6$aabbbbccccdd:1q2w3e4r!Q@W#E$R
# this is a cool file and all, but what username does this
# belong to???
To begin, I was manually using grep and going back to my original file that had the usernames:hash, but who wants to do everything manual forever? Also, my list was pretty long so figuring out how to do this more efficiently was worth the investment. So I came up with a quick little bash script that allowed me to grep each hash from my cracked.txt from my original list (hashes.txt):
$ cat script
cat cracked.txt | cut -d : -f 1 | while read -r line; do
grep $line hashes.txt >> grep.txt
done
# running the script
$ bash script
# checking out the file created from script
$ cat grep.txt
poopd:$6$aaabbbbccccd
poodf:$6$aabbbbccccdd
At this point I was half way there. I had each username that I cracked a password of, now I just needed to get the password. To finish the job, I used the cut command one more time to isolate just the passwords and then used the paste command to put everything together:
I eventually added this all up in one bash script and I was set to get a file with usernames and passwords. There are probably 18 more ways to do this and I may have done the least effective way of them all but I just wanted to share the little journey I went on cracking my first hashes. Most exciting of all I got to play with a new command, I’d never used the paste command and it works perfectly here.
GIAC Network Forensic Analyst
I was lucky enough to take SANS FOR572, advanced network forensics course which maps to the GNFA exam. This was my second SANS course and GIAC exam. The first being SEC503 and the GCIA. I’ve got to say, the order in which I took these courses was great for me. SEC503 and FOR572 use a lot of the same tools: Zeek, nfdump, tcpdump, tshark. Both courses even go over some of the same protocols, like DNS and HTTP(S). But, in my opinion SEC503 stands to be a great intro to these topics if you are not fully immersed already, and FOR572 takes these topics and applies them to ‘real world’ type data and scenarios over and over again. I’d recommend taking a course from Phil Hagen, the gentlemen behind my instruction, any day of the week.
Exam wise, I found the GNFA to be a solid 5x to 10x harder than the GCIA although the GCIA was pretty cool in that you had to interact with data on a VM for a few questions and the GNFA, at least today, is all multiple choice. But the questions for the GNFA were very applied compared to the GCIA. Instead of just knowing the proper switch for a command, you were looking at some output and had to interpret something 2-3 levels deeper than what’s simply displayed. This was very challenging and rewarding. The closest to ‘real world experience’ I’ve ever felt while prepping for an exam.
As I look at SANS catalogue and contemplate what comes next, it’s hard to choose. Thinking of shooting for FOR508, and even if there is overlap with courses I’ve already taken I think getting insight and another instructors perspective is always useful.
Interview
Now it’s time to delve into somethings that didn’t come out as an immediate success. I got to interview, 4 in total, for a position in which I was really excited about. A possibly life changing opportunity. The job was remote, working on SIEM of sorts for a networking vendor as a technical writer.
I hadn’t interviewed for positions since the 2016-18 time frame. But I enjoyed these interviews and come to find out I really like doing interviews in a video chat over in person. Felt way more comfortable. Looking back, I was always a way more nervous wreck checking in with the receptionist and being in the fancy corporate building than I was during this iteration of interviews. In the comfort of my own home, wearing more comfortable clothes and sipping a coffee from my home espresso set up was something I’d sign up to do again if I have the choice.
After interviews I waited about 3 weeks before I heard that I wasn’t going to be extended an offer. Which hurt, as my mind couldn’t help but daydream about possibilities during the wait. In truth, the interview process and having a shot for something like this consumed me, I was useless as far as studying for the exam above, another exam, the Cisco SCOR exam, I failed during this time. Trying to do any sort of studying or focus on anything was very difficult for me. I ended up pushing my GNFA exam out as far as possible, and got closure that I wasn’t selected before I sat for that exam, which I think helped. It was exciting to go through the process and be considered but the process of waiting to see if I was going to be selected was excruciating for me.
I didn’t get picked up for the position but I did get practice telling my story and I think I made a good pitch for myself irregardless of the outcome, in any case, I’m improving in that area. I’ve never been that great at pumping my own tires but I’m getting more and more confident as my cyber belonging goes. As long as I keep my head to the ground I’m confident an opportunity I’m excited about will present itself when the time is right.
In this, our 70th episode, we interview Chris Denney – a very prominent member of our Discord community! Chris has built an amazing career, and the foundation is his willingness to take on anything! Chris is also a huge team player – both on and off the field. He is huge into soccer but when he isn’t on the field he is committed to working on whatever he can while doing a site visit. Printers might not be part of his job anymore as a network engineer but if he’s onsite and someone needs help with one, he’s all over it! There are many more sweet bits of experience that Chris shares that every listener should take with them throughout their own journeys!
In this episode, we interview Girard! Girard was inspired at a young age to fix some broken computers in his basement. His first tech job was in Geek Squad. There he got some essential skills troubleshooting tech and working with customers. Girard’s journey from there is really quite amazing, and he has the energy to match!
This episode was recorded just before Halloween and we had a lot of fun with it. Make sure you check out the video version on our YouTube channel!
This week we chat with Eyvonne Sharp! Eyvonne shares how she got her start working at a small ISP in her hometown and how she has progressed throughout her career to land as an Architect working for a large Cloud provider.
This week we are joined by NetBeez CEO Stefano Gridelli! Stefano takes us through his career as a Network Engineer and explains how he identified the need for NetBeez and started creating it. He then goes on to discuss how he made the leap from working on NetBeez part-time to making it a full-time job. We then discuss with him the features of NetBeez, how it works, and a whole lot more!
Make sure you also check out the NetBeez website and blog as it’s packed with great information on NetEng, Linux, Wi-Fi, and NetBeez. https://netbeez.net/
In this episode, we talk about Cisco Live – aka Nerd Summer Camp! Tim and A.J. share their experiences attending our industry’s largest conference. We highlight reasons to attend, and even how to pitch the idea to your manager. It’s never to early to start that process. Cisco has recently announced its intent to hold Cisco Live 2022 in person in Las Vegas! So, let’s get excited and talk about all things Cisco Live.
In this episode the team talks about Enterprise Network Design. We cover a lot – everything from the 3 tiered design, routed vs switch access layer, and they even dip into a little bit of wireless!
In this episode, we’re talking about the technical, non-networking, skills you need to be successful in your career these days! We’re not talking about soft skills this time either. There’s so much we touch as Network Engineers. We talk about the skills you should have and the technologies you should understand as a Network Engineer. It’s not always about the certifications too, there’s plenty of knowledge you can gain without chasing paper.
In my quest to pursue my next certification I sat down and thought about what cert I should dedicate time studying for. There were many things I was interested in which is my first reason to pursue a cert. I was knee deep in Security products at work and even now that doesn’t seem to be going away anytime soon. Most of the products were Cisco, so it made sense to give the CCNP Security a shot. I looked online at Cisco’s site as a start and dived in. Months later, I passed the SCOR exam! I then chose to give the SESA exam a shot and passed (barely)! The CCNP Security however has been completed so I want to take some time to write about my experience related to exam material, relevancy, and difficulty.
Before diving into the exam material, I believe it is important to mention what it takes to earn the CCNP Security certification. To earn the CCNP Security, you will pass two exams. A core exam must be passed as well as one concentration exam. You can find the list of exams at Cisco’s site. There are several concentration exams. Passing a concentration exam also nets you an individual Specialist cert. As an example, if you are interested in learning more about Cisco’s Identity Services Engine, the 300-715 SISE might be the concentration exam for you. Passing that exam also grants you a Specialist cert. However, to obtain the full CCNP Security, you would need to pursue the core exam.
Material
When I study for a certification exam I like to rely on multiple resources. I want to read something. I want to watch something. I want to lab something. I believe doing each of those things can lead to success. Gain knowledge from multiple sources. I attacked the Core exam first (350-701 SCOR).
The first thing I looked at was the Exam objectives and the outline. This is exactly what Cisco is expecting you to know for the exam. Copying this over to Microsoft’s OneNote, I could make individual notes under each of the topics in the outline as I study them.
I ordered the CCNP and CCIE Security Core Official Cert Guide. The book was my main study source. I wouldn’t call the book an easy read at first. The first chapter is a journey, but it covers important fundamentals and dives into various attacks. My weaknesses are Cryptography and VPNs, which each have their own chapters. I found those chapters to be an uphill climb, but that might possibly be because I am weaker in those areas.
I spoke to my manager about training. This led to be able to take the online, self-paced SCOR course on Cisco Digital Learning. This probably made the biggest impact since it included a few labs to follow through online.
Finally, I was able to go through Pluralsight’s Cisco Core Security (by Craig Stansbury). I would usually watch this on my phone whenever I was out of the house or while laying in bed right before sleep.
As you can see, I had a plethora of material for the SCOR exam. However, it was the opposite for the concentration exam Securing Email with Cisco Email Security Appliance (300-720 SESA). The SCOR material covered Email Security, but it was not a deep dive. The SCOR exam glances over the importance of Email Security, how it works, and some of the components, but not everything. Studying for the SESA involved me recycling the above resources I had access to specifically only for Email Security information. Thankfully, my experience at work with Cisco’s ESA and CES made up for the lack of material.
Difficulty
For the SCOR exam, I did use the Official Cert Guide’s Pearson Test Prep engine that comes with the book. I also used Boson’s test engine for the SCOR practice tests. Between those two, I preferred the Boson test engine. The Pearson Test prep questions inserted a ton of fill in the blank questions. Those usually throw me for a loop. That probably led me to fail most of my practice test attempts. With that in mind, I went into the SCOR exam thinking it would be a very difficult exam. I believe reviewing all the topics the day before was a big help in passing the exam. I found the practice exams a bit more difficult than the actual test. However, I cannot say the same for the SESA Concentration exam. I’d like to say I spend a decent amount of time in the Email Security world, so I went into that test thinking that it would be an easy test. It was not. This was the test I barely passed. If I needed 10 points to pass, 10 points was exactly what I passed with. I believe the lack of material for the SESA exam led me to have a difficult time during the test since I simply relied on most of the material from the SCOR exam and my own personal experiences.
Relevancy
Is the CCNP Security exam relevant to what is happening in the world today? Yes! Especially Chapter 1 of the SCOR Official Cert Guide. Chapter 1 was one of the longest chapters as it covered a wide range of agencies, documents, attacks, and defenses. This is mostly general information that applies to the security world, not just Cisco security. As I mentioned earlier, this chapter is a journey, but one that was extremely educational. With everything we do in our professional lives, we should always have a security mindset. As I have experience with most of the security products covered in the guide, the SCOR and the SESA were personally relevant. The CCNP Security would be a certification to pursue if you are going to work with or have experience with the products. It’s mostly Cisco-centric and not a general security cert. My advice is to also pick a concentration exam that you might have experience with, or at least have some materials to use for your studies.
I found pursuing the CCNP Security to be a pleasant, but mildly challenging journey. It was not the most difficult certification I’ve pursued, but it made sure to keep my stress levels elevated during the exams. There is plenty of material and test engines out there for the core SCOR exam. If you are working with Cisco’s security products, give this one a try.
In this episode, we break down our thoughts on the recent Tech Field Day event, Networking Field 26! Both A.J. and Tim were in attendance for the event and learned a lot from each of the presentations. They break down what they saw and Andy and Dan ask some questions and give their thoughts on the event as well.
In this episode we talk to Tracket Pacer, aka Lexie! Lexie has been making waves on social media as she live streams her learning and preparations for the ENSARI Exam. Lexie works as a Network Engineer for a large cloud focused company, but how she got there is one amazing story!
In this episode we are talking about home labs! Where do you start? Is there actually merit in having a physical lab? We share our experiences and thoughts on the matter. Our conclusions may surprise you! (But probably not…)
Affiliate Links: Nord VPN – 73% off a 2 Year Subscription + 4 Months absolutely Free!! https://nordvpn.com/taone or use promo code TAONE (for The Art of Network Engineering) at checkout.
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Chris Denney (AKA Smilin_Chris) was born and raised in a suburb of Jackson, Mississippi and currently resides in Asheville, North Carolina. Chris has done it all since he started working, as a teenager. At the age of fifteen, he had a summer job working for the city doing everything from laying asphalt, to maintaining ballfields and cemeteries. That job taught Chris the lesson that he did not want to do that kind of work long term. During college, Chris managed a clothing store in between soccer seasons. Like many others we have talked to, Chris gained an interest for technology from video games. A good friend from high school helped him build a computer from spare parts so they could play Counterstrike together. A few years later, the company that his friend was working for was looking for an IT tech and Chris was recommended for the position. Other than building a couple of computers, he had not had professional experience in IT so he was starting off in the deep end of the pool. Chris was immediately supporting lawyers, doctors, dentists, and a small processing plant. It was wild, scary, and awesome all at the same time. He learned a lot and is very grateful that this company took a chance on him. While Chris kind of fell into IT, he chose to pursue networking as a discipline. Most everything else he had encountered in IT just made sense, while networking took some more work. That drove him to want to dig deeper, so when a work opportunity presented itself that was geared toward networking, Chris jumped on it. When it comes to the future, the only given direction for Chris is growth; stagnation is terrifying and he wants to keep moving forward!
What advice do you have for aspiring IT professionals? If you’re looking for a job, be patient. This is an ever-expanding field and opportunities will continue to make themselves available. Keep studying. Keep applying. Also, don’t be afraid to take a job that isn’t a perfect fit for you. Get in, get some experience, and move on. If you’re just starting out at a company and trying to make a name for yourself, find a hole in your team’s armor and fill it. Then, be the go-to person for it. Prove your value.
What is something you enjoy doing outside of work? I’ve played soccer for over 30 years. I hope I’ve got another 30+ years in me. A few other things I truly enjoy are chasing waterfalls and overlooks with my wife, hanging out with friends, watching concerts/music live, and traveling to any place that is wholly unlike anything I grew up around.
How do you manage your work/life balance? Poorly, lol. I’ve allowed myself to become the “go to” guy for too many things and I’m always the first call on them all. That includes after hours, unfortunately. I’ve been working to make sure that everyone on my team knows where to find my documentation for troubleshooting/creating tickets.
What is your strongest “on the job” skill? That’s a good question. I’d love to tell you that I’m the “knower of all things technical.” Since I’ll probably never be the smartest person in the room when it comes to tech…I’d have to say it’s either my dependability or my soft skills. I take great pride in my ability to see things through to completion. Also, having a very diverse work history helps me communicate with pretty much anyone in my corporate environment.
What motivates you on a daily basis? My family and my team. I never want to let either of them down. They both deserve the best version of myself I can offer, and I continue to work to ensure that they get that.
Bert’s Brief
I’m not just saying this because he plays soccer, but Chris is a team player, for sure. What I really enjoy about Chris is that he is incredibly personable. He will always ask you how you are doing and what you are up to before ever bringing anything up about himself. Chris brings a strong balance of technical and soft skills to the table and has to be a bright spot on any team. It’s always great to have Chris on the IAATJ Happy Hours, where I believe he is definitely a fan favorite.
In this episode, Andy and A.J. talk about what returning to the office looks likes, and is it really a requirement for IT Professionals? What’s your situation? Are you being asked to return to the office full time or a portion of the time, or is it still optional? Hit us up on Twitter so we can hear more sides to this story!
Affiliate Links: Nord VPN – 73% off a 2 Year Subscription + 4 Months absolutely Free!! https://nordvpn.com/taone or use promo code TAONE (for The Art of Network Engineering) at checkout.
This week we talk to Lily Clark. Lily has taken an amazing journey from Sales, to Customer Success, to Marketing, and she has recently landed in Offensive Security! Hear how Lily has taken on learning tech and landing her dream job working in Offensive Security.
This week we talk to Luis, better known as NetSecWheezy! Luis shares his journey with us on how he went from slinging ice cream to Network Engineering! He’s had an exciting career so far and made some risky, yet rewarding moves. Wheezy is also one of the most active members of our Discord community, he is always pushing people to be and do their best, and he’s usually the first to congratulate someone when they post in #winning. He even shares some super exciting #winning news of his own, but you have to listen to hear it!
In this episode, we interview Tom Hollingsworth! Tom shares how he went from being a Sr. Network Engineer at a Partner to the face of Tech Field Day! Tom also shares his journey to the CCIE, #29213. Also, if you’re interested in joining TFD as a delicate you’ll want to listen in!
In this episode, we talk about their experience and the importance of documenting the network. We also go over the various tools used to document the network as well as the different types of diagrams. We’ll even discuss how you can get started and learn how to document your network for free – no need for expensive tools to make a basic network diagram.
This weekend I definitely felt old online. I was trying to figure out how to get into DEFCON’s packet hacking village’s CTF Friday morning. I couldn’t figure out the process for the life of me and had to ask for help…very specific help. ‘Go to this channel and type exactly this’…I felt like a real old dude trying to figure out technology. You had to access their Discord server, choose the correct role, go to a specific room and type out a specific cmd for a bot to put you into a queue.
The CTF was pretty cool. First of all, you had to actually capture traffic. I haven’t done that many CTFs but all previous ones involved a pcap that you download. Here they had packet generators and you had to use tcpdump, tshark or wireshark to capture the traffic. This in itself was neat. You did all of this inside a linux VM that you get creds for once you follow all the steps described above. Second of all, you had a 2-hour time limit in which to solve your prompts. I could get about half done of most of the prompts, but they didn’t just ask you to find a certain type of traffic. You then had to do some sort of forensics, to download and decode a pdf or mount an image to find a file. So, since I don’t have much of the forensic type of experience, and nothing with those sorts of tools, with say pdfcracker, I didn’t far too well. I think I left after 90 minutes and a score of negative 250 (I took some hints) I felt like I have a lot more to learn. I did tell the person helping me in the chat that I would do better next year 🙂
In the midst of all this, at some point after the CTF, I was messing around with some settings in Discord, and accidentally called a friend I’ve been chatting with online for some time now. Tony E didn’t answer but called back a few seconds later. We maybe only chatted for ten or fifteen minutes but something he said during this conversation, along with the conversation in it of itself struck me, he said:
You can’t spread yourself too thin on a whole bunch of different social apps if you want to have meaningful online relationships.
This one thought, one sentence, really made me reflect a bit for the rest of the afternoon. I had been chatting with Tony for maybe a year, almost daily but we have never hopped on a chat. In this one chat, he got to meet my daughter, he showed me some cool note taking ideas. I feel, I can’t speak for him, that in regards to a ‘meaningful online relationship’ hopping on a live chat can really help facilitate that.
My main social app, ever since my mom died, has been Twitter full stop. I was mostly on Facebook to upload photos of the family for my mom to see. I’ve found quite a few friends on Twitter. People I talk with all the time. After my conversation with Tony I was wondering; Am I really having as meaningful online relationships as I can? I mean, the people I talk with everyday are really cool, but what if, we just jumped on a call? Would they be down with that? These thoughts lead me to think perhaps I can move more to Discord and spend less on Twitter.
Morning.
Thinking of moving mostly to discord as my main social app and off Twitter.
Accidentally called someone I’d been chatting with for awhile and it was pretty cool. He said stuff about the quality of your relationships…not spreading too thin…
Today, I got on a thirty minute call with Robin. He helped me troubleshoot somethings on my end and I got to try and figure out some issues he was having with his home lab. Again, nothing really ground breaking came of the conversation itself but moving beyond text, how I mostly interact on Twitter, to video on Discord did seem more meaningful (by a lot).
I’ve tried doing the Art of Network Engineering’s ‘happy hour’ and while I do enjoy the time I’m on there, it is a bit harder to be around a larger group of people I don’t know online. When do I chime in, what do I saw or talk about?! Being an old guy, I realize this is something I probably quickly got to get more familiar and comfortable with.
A lot of people, like Network Chuck, will tell people to create a blog right now. Teach people things. Get active on social media…put yourself out there. I see a lot of blog posts or youtube videos that are really not good, where you can tell the person didn’t put that much time into it. It looks more like they were trying to put themselves out there before they figured out what they were putting out or trying to package it well. I’ve never really like accounts on Twitter that are heavily curated, only sharing articles, never in the replies, never having an opinion. I’ve always tried for the most part to have meaningful interactions online, straying away from things I don’t like and doubling down on being authentic and myself.
This blog, my social presence, due to a short conversation I had on Discord by accident, will be a bit more intentional in creating more meaningful interactions and relationships and to that I’m grateful to those I’ve made friends with and those who’ve I’ve not yet to meet. All the best. Till next time.
This week we discuss every IT Pro’s most hated, yet most helpful, thing – change management. What is it? Why does it exist? Why is such a pain? But, yet, why is it so helpful to us? We get to the bottom of these answers and more!
Special shoutout to our Patreon members for making this episode extra fun! We had a last minute change in scheduling and the Patreons recommended the topic and were there asking questions a long the way. If you’re interested in being an AONE Patron go to patreon.com/artofneteng.
So I was just checking the Cumulus Docs as you do to see if they finished this feature I was really excited about and guess what, it looks to be up! The big thing I’d been waiting for was the ability to build your own topology on their ‘Cumulus in the Cloud‘ platform. This will also be my first post, of which I’m somewhere up to 15, that will be primarily image driven so that I can show the true beauty of the platform.
You’ll have to create an account but accessing and using their platform comes with zero out of pocket, at worst, you may receive an email from time to time. Once you login you’ll wind up on this screen, where you can choose between building a prebuilt simulation or creating your own.
Alright, this is where I was getting a bit excited, my pupils began to dilate and a slight rush of euphoria began to run throughout my body. Let’s click on ‘Create your own’ and check out this awesome UI!
Alright, once you drag and drop your devices and connect them, which is very intuitive I might add, you’ll be able to either save your simulation in a multitude of ways and/or simply start your simulation by clicking the button in the top right. Options you have of each node are host name, OS, Memory, CPUs and hardware model. All hardware model seems to do is map the correct amount of ports to the chosen model. If you wanted to, save this simulation for later use. You’d want to save this as a .dot file. I’m a leave it at default kind of guy when first trying something out.
Once you are all loaded up, you’ll be able to console your devices right from the browser and all of your devices can be nicely tabbed in the same window, as shown below, for pretty gosh darn easy access.
One thing you may want to consider when building a configuration is creating a ZTP file or just know that no configuration will be completed when your simulation comes online. Even devices you have connected in your prebuild beautiful UI will need to be administratively turned on once you are all booted up.
Another cool thing to check out, after you have fun connecting up and running all your little devices is cumulus netq, which is fun to check out from the gui or the command line.
The only thing that I tried to do, but couldn’t get to work on the custom build as opposed to their prebuilt simulations was the ability to enable ssh. I kept getting an error, whereas, when I use the prebuilt configurations I’m able to upload a key and get a IP and port number so that I can connect to my simulation from my laptop instead of using the console through the website like I showed above. Perhaps I have to do a bit more configuration but adding a service isn’t outlined in the docs as of this writing. One other thing I’ll have to further investigate is what the minimum configuration needed to get my nodes connected to the internet like the prebuilt simulations are.
What is cool is that you can, in perpetuity, run your network simulations on someone else’s CPU cycles which I think is pretty darn cool. It lowers the barrier of what you need to build a multi-node simulation. You don’t need your own server, just an internet connection. If time is running out on your current lab you can bring down your configuration and relaunch the same exact simulation. It’s got to be possible to connect to your devices from your local machine and have the devices in your simulation connected to the internet which pretty much means the possibilities are endless.
This week we talk to CCIE, Technical Solutions Architect, Cisco Press Author, Pilot, and Blogger – Roddie Hasan. Roddie has over 30 years of experience in networking, and today focuses on Cisco Software-Defined Access, among other technologies. We’ll hear how Roddie got into IT and what ultimately influenced him to choose networking. Roddie also shares his experience on obtaining his CCIE and becoming a published Author.
This is the art of network engineering podcast. In this podcast to sportiness technologies and talented people, we aim to bring you information to expand your skill sets and toolbox and share the stories of fellow network engineers.
We’ve all seen the stories, heard the tales. For years now, local networks have been flirting with packets demanding Internet access. Depletion of IPV for addresses is continuing rapidly. Of course, IPv6 is the ultimate answer. But adoption is slow.
We live in the age of the Internet of things in there were oh, so many. I’m pretty sure you can even connect your toilet directly to the Internet now. I mean, seriously, what the heck? Why would you do that?
Luckily, all these years there has been a service working tirelessly to keep the lights on, bridging that gap until IPv6 saves us all in that gap. Bridger. It’s me. I am that man in this is the R2 network engineering that mad dash.
All right. Thank you, NAT-man. I am AJ Murray @noBlinkyBlinky NAT-man is Tim Bertino @TimBertino. NAT-man, how are you doing?
Not too shabby. Nathman is an extremely low budget film,
but
it is unrated so anything can happen. Hmm.
Can we expect multiple sequels of Nathman like we have other popular. Oh, I hope not rhyme with that. I don’t know, I think I think we need. I don’t want to do that when I’m in or at least other characters that we might find in that
man, that man versus
animal. I’m just dyslexic battle.
Dan, Dan made it home from Vermont. Dan, how are you doing?
Well, I’m I’m a little bit sadder, but I made it home safely. So that’s all that matters, I guess.
I know my wife had to keep checking with me. She’s like, oh, you’re sad. You know, I miss my friend. I miss my buddy. We had so much fun. We did. He got really drunk, too. No, he didn’t.
No, we really didn’t. We have a lot to drink, we think.
We did. Yes, we did. Lots of beer was was consumed.
Andy, how are you? I’m good, A.J..
Not too much to report. I had some ice cream tonight.
Hey, that’s a good night.
I’m mad at you, by the way. Yeah. Because the time I had gone a fairly decent amount of time without without hitting the ice cream bucket and you started talking about it a few weeks ago. You’re welcome. Yeah, I appreciate that.
You can afford it. You look like all of 90 pounds soaking wet.
So have you got it just for you, Andy? Thanks, brother.
All right, guys, we do have a guest this evening, but before we introduce our guests, we’ll get through our normal playlist here. So Andy, can I get a goat scream for the winning? Grabbing out
what? Your battery in the battery area? Hey, look, there it is. Was that yours or mine? It sounds like you
have to ask Andy if you have to ask.
Wait a minute. My goats failing. Hold on.
That’s a failure, reply Cornetto.
Time for Mattocks. Word out. But we learned the
winning this week is Bill Murray. He passed his VCP seven. Oh, congratulations, Bill. Eric Smith passed the security plus exam. OK. This is my favorite win this week. The underscore EOC accepted a position as a network deployment engineer at Red River graduation night.
Did he know who works there?
Yeah.
Yes. He knows who works there. Thank you, Tim. You’re welcome. At your coworker, the underscore EOC.
We need to get him on, by the way. I know a little bit about him and he’s got a great story.
Yeah, I agree. I’m sure we will.
So he started or when does he start?
I believe he starts mid-August. Okay. Acceptance of position. And is working through that process, so we’ll expect to see him here in mid-August. Mick, Manny McMahon and me, if I can pronounce that right, Nicholas passed his definite associate and the MS1.
Are you familiar with the ECMs? No, no. That is engineering Cissoko Meraki Solutions. Oh, OK. So did they change the two parter? There’s part one and part two. And he’s completed part one and moving on to part two.
But more importantly, they passed the definite associate. That’s that’s a big one.
Yeah, that’s nice.
Yeah, we talked through that in the happy hour last week. That was really cool.
Yeah. Now, is that the. I’m not even trying to pronounce it. Ah, say the alphabet there. But is that the see him in a like 2.0?
Sure. So the the CMA is a partner related. I think it’s like partner only like partner and Cisco employee only kind of thing. And then the ECMs is the customer side. So I forget what it used to be called.
There was like a Cisco, there’s this and a which is the partner side. And then there was the C and O, which is the Cisco Meraki network operator.
Okay, Samone, it’s just a course you attend for a day. Yeah, I got you. Right.
Right. Gotcha. Yeah, Mike T got another security plus win, so congratulations, Mike. D.J., Ninja and Z, which I can only imagine stands for New Zealand, accepted their first network focused role at an MSB, of course, in New Zealand.
So congratulations menja awesome hard reset the screen name hard reset. Got their first IT job offer. So congratulations. Hard reset. Yeah, nice. Got some new patriots. The words Get the Patriot. So welcome aboard, Josh. Jordan. Manny and I got to say their last names because they’re both get the same first name and the same last initials.
So welcome. Bill Murray and Bill Maskey, Ethan and Javier, who joined moments ago just before we started recording. So I had to slide that on there. So welcome. Welcome. Thank you, Caitríona. Yes. Thank you very much. Appreciate that.
We really appreciate your support. Andy, can I get another goat screen?
I’ll try.
There we go. Got him warmed up.
Don’t stop. Be quiet. Your goat. Yeah. Once you get my good started, Ajja. Oh, boy. What kind of podcast is this? I don’t know.
My editing this one. This is going to be a yeah. Slice and dice. This one. Yep. OK. Very excited for our guests this evening. They are a Cissoko press author and sieci, i.e. 74 72. Everybody, please welcome Arati to the show.
Thank you so much for joining us.
Thanks for having me.
Everybody really appreciate you taking the time to be with us this evening.
Appreciate it. Thank you.
So, Randi, what do you do?
It’s in my bio.
So I that’s nice. Yeah, I’m a
technical solutions architect at Cisco Systems. Been there for 13 years, 13.
Wow. All right. Yeah.
So what does the day to day look like
of a of a TSA? So I’m at the
the worldwide level focused on DNA center software, defined access ice. So TSA is generally TSA is an overlay to the community generally, right. OK, Nancy would have a direct customer relationship with TSA or technical solutions architect would be brought in for as an SME, for a focus either of enterprise networks focus or away in focus or data
center focus. And then that’s that’s usually kind of at the area level. And then at the worldwide level, we’re kind of hyper focused on technology. So my focus is did a center software defined? So I haven’t had to really think too much about when beyond connecting it to sday or DNA center or data center.
I haven’t had to do much of that at most most the last three years and spent just doing DNA center and software client access.
So Vanessa is working with a potential client, and then they need like an s the access guru.
They’ll bring me in the bring me in to do a park or to do a demo or to help them in their lab or to answer to have architecture, discussions, that kind of stuff. So it’s pretty.
Are you the guy like your your build that stuff?
I will. If it’s on
site, I’ll help you build it on site or on the customer site, rather. We don’t have port facilities at Cisco, but I don’t. And then we’ll do demos, anything kind of presales are we kind of elite usually leave once the architecture and migration discussion is done.
Move on. It’s kind of a small group within this because we don’t scale that long.
So did you get in on the ground floor of SD access?
I did.
I was I was a TSA, an enterprise networks, TSA in the federal space at Cisco when DNA Center in SD Access came out. So my focus was included, that kind of stuff. So soon as SGA started the prerelease stuff and the demos and giving those, that’s when I started learning.
So you have been around since day one.
So speaking of you being like a TSA and you’re talking about SD access, what else have you done?
So, Ben, do networking for the 30 years, OK, believe it or not. So before you go before being Izzet, I was in SC, so I covered everything. For that, I was I was in the federal space as a network engineer.
The network design engineer at a federal entity for a few years. Did again mostly land and win stuff when it was called SD win. For that, I was with Sprint, did a lot of us a lot of wind stuff at Sprint as well, Cisco stuff.
And then so now networking goes back almost 30 years. But I also did Microsoft stuff and that where stuff at the same time is Solaris stuff. Auclair certified way back then as well. And then before I did everything I could.
How far are we going back then?
Doing great. Yeah, it’s origin stories are concerned.
I did everything I could to avoid getting into it. I was I was really I got started and I think I got my first computer in eighty four. And so I got started really early. I was really good at it.
Everybody called. I was the kid that would help them fix their printer or whatever. But I never wanted to do it as a lesson. You know, just just I did everything I could to avoid it. So I went I majored in music in college.
I drove a taxi for a couple of years.
Wait, what instrument? I play drums. You have to pickiness, drums,
drums, piano, drums was my main one. And then I play piano and moved back there. Which is a hobby, too.
Yeah, yeah, yeah. Yeah, that’s yeah. Do you have a kid at home?
I do. Yeah. Yeah. What do you
have? A Gretsch Maple that I rarely ever play.
Oh, nice. Yeah. Is that going to be the next episode? Yeah.
We’re going to have a jam session. Oh, me too. Many drummers.
Yeah. Yeah. If I start playing probably around the same time, I got a computer around 12 or 13 years old. So.
So I did everything in the music. Whatever you wanted to go in the music? I did. I did well. I didn’t want to go into it.
And of course, I was in bands in the eighties in high school and loved doing that kind of stuff and thought to get big hair.
I, I had
big Robert Smith, the cure hair. Yes, I did.
I guess I’m just discovering that right now. I still got a good head of hair,
but it was pretty big and most was the thing back then. So I just finished it with Hairspray and my mom would get mad because I would use all our hairspray.
So, you know, I tried I
tried everything, got it in music, drove a taxi for a couple of years. So cars sold insurance and mutual funds just did all kinds of crazy stuff. Wow.
You did have it. You had a diverse background there.
I did, yeah. And got married. Fairly young and had a kid and realized I actually needed to make some money and pay, you know, pay for things, so here we go, I’ll start doing Kinsolving. So I started doing consulting it, consulting officially in 92, 93.
OK, based on what skills?
So back then it was just pieces are just learning IPX and SBX back then. And then eventually at ninety three, five, one and four into.
Were you self-taught because you didn’t go to school with South Korea?
No, I was completely. So I had a knack.
You taught you?
I did, yeah. I had the MSDOS three point two manual, and I just read manuals. I literally would read vendor manuals. That’s all we had. We didn’t have the first book I bought was in ninety six. It was the Unix System Administrators Handbook.
So you could get an interview and a job based on like, yeah, I read the manual and I know how to answer your questions, like is that how you say.
Yeah, I would just break stuff. I just, you know, decide I took
a part with the computer that my parents spent so much money on, and I broke it and then figured out how to fix it. And it’s really
nice. Yeah. Yeah. Because, you know, I think back, you know, back in the 90s and whatnot, like, you know, the Internet was just booming at that time. Right. And so, you
know, late, late 90s, it was. Yeah. Yeah.
What I’m getting at is that’s impressive that you were able to, you know, teach yourself this, because, you know, nowadays, I mean, we’ve got a plethora of things to learn from. We have, you know, online video courses. You can you can go to online, you know, regular college courses now.
It’s just insane. Like we’ve got all these manuals, we’ve got all these, you know, Fisher Cert guides, all that stuff. And you guys didn’t have all that back in the day. And and so that’s very impressive. I like hearing that.
Yet I still complain, Dan. Yeah, I know, right?
Yeah. We we didn’t have YouTube.
We didn’t
have. Right. There you
go to the library and use the Dewey Decimal
System. I absolutely used to do it at school systems.
And Andy and I
know Andy for our listeners that don’t know what that is. Can you please
put a link in the show notes?
So don’t do that. How do you transition from I am fixing the PCs to to networking.
So I started
working at a computer store in
ninety five, I think ninety
four right before Windows ninety five came out and I was building PCs and fixing and assembling PCs. And then it was a service called This Company Wants to Buy Five Pieces. We need to figure out how to connect them together.
And back then it was B and C Connectors and IPX. So I learned NetWare on my own to do that. And then he came out and I put IP and IPX on the same network with those cards and just kind of taught myself and figured it out at the shop and then kind of like the networking piece
I opened up. I helped start one of the first commercial ISPs in Canada. OK. And through that, I learned Unix and IP. I think I opened a tap case in like ninety three, 92, 93, and the tac engineer taught me subnet.
And that’s how I learned subediting. This attack engineer taught me a subnet
and then that was it. I’m not sure they do that anymore. So they probably don’t. I looked him up the other day
because I can look him up in the directory. He’s long gone. But I found the email. Here’s here’s what a network Maska is. And everything was still class will back then. And here’s why you can’t use this this mass with this IP address and
that a P one or a P two
is it’s OK.
So remember the case, man? It was a courier connecting a T a frame relay T one to twenty five hundred router to get this ISP up and running. And again,
that’s very cool. Like, did you print that email out? Because I print that out and like, you know,
Frank, should I do have I do have the email somewhere.
I looked it up a couple of months ago because I wanted to look up this guy just to thank them. Right. Because that was it. Like I did a lot of it stuff and I was good at computers and fixing computers.
And I was the guy that would call. But actual IP networking and networking in general was really because of this. I mean, I was doing Unix stuff at the ISP.
Yeah. Did you find networking as easy as you found working with hardware? I did.
I did. I was a they say math music folks that are good at music are also good at math. So I was always a good math guy. And so that was that was the easy part. And it was fun.
Yeah. Yeah. I just found it enjoyable to do. So I kept on. Now.
OK, so why did you go for your first Cisco, sir?
That would have been two thousand. So I got. I moved it from the Canada, the U.S. I had had my Mxi and I had my network certifications that the U.S. got my S.K in in late 99, early 2000.
Now, were
you were you still doing the consulting gig during all
this? Yeah, I was with a
company called Paraná. Andy might remember them. They were they were bought by Sprint, but they were one of the big consulting firms.
And that was before my time.
You did say decade? Yeah. I’m sorry. I’m just I’m just kidding.
And you could you could tell me to pound sand if it’s too personal. But why did you move from Canada to the states? Was it for job opportunities,
job or mostly job opportunities?
I was tired of the cold. I was tired of the snow. You know, it’s now it’s the opposite now. I’m tired of the heat. Right. I would give anything if it would snow right now because I could get a good night’s sleep.
So. So back then, you know, it was 98. The economy was booming down here, especially in Dallas. And the cost of living is really low. And your companies were throwing money left, right, center at you. They were flying you wherever for your just for an interview.
They would fly just to do a you just to do it. And they paid for the move and all that kind of stuff. So I just decided to go for it. And it’s just a good change. Different different cultures, different food down here.
So I, I was mainly with Paramatta that I was doing Cissoko stuff, Solara stuff and Microsoft stuff. And they wanted they really encourage certain stations back then at Sprint bottom. And so I got my I think in ninety I think it was early two thousand.
And then within six weeks I went to see a CD, a C CNPC CD. So I did an exam a week for like, oh, wow, seven or eight weeks. All three of those knocked out. Yeah. It was just
like, I don’t know how I do it. My fifth. Wait a minute.
What what exam’s
ACDA copycatted in five weeks?
Can grief. Oh, did you did you have a wife at that point or.
I did. I had a wife and I now know a life. A life for the wife. No, no, no, no. I mean, it’s the same thing, Daniel. I would I would work.
I would come home and read the book whenever the book was for that exam. Yeah. And I would just go and do the exam.
I, I don’t know how I did it, to be honest. Where the 800 page books.
Yeah. Yeah, they’re the big thick system guides. Yeah. Yeah. I don’t know how I honestly I mean, I’m almost fifty right now and I don’t know how I was able to do that back then. How? I can’t read a brief page right now without falling asleep.
On the same way. Yeah. So so obviously,
you know, then the kind of next step in the progression of the CCRA and back then Sprint would pay for the lab. OK. But you had to use your own time to study. So I went to my. So I was like I think I was seven exams in for all those Cissoko exams.
In my eighth exam was the written.
So did you fail any of those seven, not one.
I have I have never failed a Cissoko exam in my life.
Casada like you.
Yeah.
So I think it’s honestly I think I’m just stubborn. It’s like I think my my mindset is if I fail
is I’m not going to do it again. So I’ll just go. Which is really a bad attitude, especially for your listeners, don’t you?
It’s OK.
I, I have an idyllic memory, so I’m able to retain stuff really easily. So what does eidetic mean? It’s like a photographic memory, but it’s more associative.
And how do we get one of those?
Yeah, it’s it’s a curse. It’s a curse, because
I can still tell AJ how how bad I felt when he tried to get me that dude podcast a few months ago. And I completely forgot about me because I still remember those feelings,
because I find out. So. So it’s
a curse. It’s a blessing and a curse.
What do you remember everything that’s ever happened to you? I can recall pretty much everything.
Yeah, it’s I might need a
reminder here and there, but as soon as I get
the reminder, it just pops
into my head. What’s your face from taxi? You remember that woman? I forget her name, the pretty woman from Taxi, one of the actress.
I mean, I think she has whatever
she remembers, everything that’s ever happened to her. She’s been on all these shows and like you can ask her anything she said today, the date, the weather like.
Yeah, it sounds awful. Yeah. Yeah, it’s good for exams, though.
It’s it’s good for exams and it’s good. It’s good for work. It really is good for because I can have a conversation with the customer and six months later they call me and say, remember this? And I’ll be like, oh, yeah, that’s right.
And then I can talk to you. You don’t have to take notes.
Probably.
I can’t take notes. If I take notes, I actually forget.
I said, you’re not paying attention, right. Because you’re trying to say, yeah, yeah.
My my the part of my brain that remembers is focused on figuring out how to use a pen.
So. All right. He’s never going to
forget about Nathman.
Yeah. And that picture stuck. I won’t forget about Nathman or all
the jokes he made about Andy before he joined
up. Yeah. Yeah, I’m used to it. I’m a beat man. So.
So, CCRA, you were studying on your own.
Sprent was going to pay. I was going to pay for it. So I went did the written pass that first time. And so.
So what was the written like? Because if you’re to compare that to today, because terrible today, if you take the copy, you’re also taking these i.e. written. Oh, yeah, yeah, yeah. No, no. Then, you know, there was probably multiple exams to do the copy and then you still had to do this essay written and then you still
had to do the CCI lab.
Correct. Yeah. So they the Q&A was the one exam day was one exam. PE was four more and then the other one in addition to C, C and. Yeah, and as you got higher, this the the certs were newer and they had been around for a few years by then.
So the exams were pretty good and pretty solid. But as you got further into up the chain of certifications, those exams got a lot sloppier, is not as many people were doing them or proofing them or giving each other.
OK, so by the time you got to the IEEE, so my numbers. Seventy four. Seventy two. So there were six thousand by then, right? Right.
And for anybody else, because no one was like one thousand twenty four. Not one. Yeah. Right.
Okay. Thank you. So so by the time I got to that exam is one hundred question Multiple-Choice, just like all the rest. But it was very rough. Very sloppy. I mean. But by then I was used to it because I had done the DPI was pretty rough as well.
And then got the got the CCI written out of the way, and I kind of made. And for those that are going to go for the CCI, I know it’s different now than it was when I did it back then.
But I kind of I wouldn’t let myself Labbe use lab equipment until I passed the written exam. Because the written exams. The MP, the that we’re all theory, you were you could learn on equipment and you can type OSPF 16 and configure and OSPF network, but that’s not going to help you in a multiple choice questions just
church, just not you need to know the timers. You need to know the default. You need to know this man versus this command as written, but not at the root of especially. And I think what I’ve seen happen with people I’ve mentored in the past is they’ll learn how to do it on the device and think they’re
going to face the exam, that the exam is wrong, because, you know, the old the old saying is that there’s the right answer to the wrong answer and then the Cissoko answer. So the Cissoko answer on the exam is doesn’t necessarily have to be the one that matches what you did on your router or switches the one
that you read in the book. The books are written for a reason. The blueprints are written for a reason. So I kind of band myself from touching network here on work related until I got the CCRA written out of the way.
And then once that was out of the way, I went on eBay and bought one rather at a time and built my own lab at home and spent six months, used all my vacation time in that six months and passed the exam on May twenty third.
Twenty one.
Wow. Your first shot? My first shot, it was a two day exam, so two
day and it had high p ipx apple to that boUi Adobe you Atim Lane. It had all the non IP protocols. One day was a IP, the other day was not IP. So it was a two day exam.
You you didn’t find out if you made it to the second day until the next morning. So you do your first hour should stress.
That’s brutal. I allowed to curse on this podcast because so lots of fun. So I,
I went I did the first day. And you sit down, you do the exam and you know, you’re stressed. Everybody’s talking about this. This is so difficult. You’re never going to pass first time. And there is me like I’m not going to do this again if I don’t understand that.
So I did it got through the first eight stressed out. And you go back to the hotel. I did it in San Jose. I woke up at three in the morning and in my head was shit. I forgot to send communities like that.
Was this that was like. And for those listening, is it the same communities as the
BGP command you need to actually pass the communities on to to the neighbors. So I woke up remembering that I forgot to type me because I had practiced every scenario leading up to the exam and I knew what to type.
And so you get into the lab the next day to the lab room the next day. And if there’s a booklet on your desk, you sit and you start day two. And if there’s not, you wait for the doctor to call you up so they can review what goes wrong.
Everything was done in person. Back in the lab, you had a rack beside your your your table and you had the cable at cabling, gave you points the way you cabled your equipment, because they would for troubleshooting, they would bend the pin.
So you had to straighten the pins out to figure things out. Wow. So you got points for the way you cabled your network. You got points for a network diagram. You had a big sheet of construction paper on your desk that you had to color in with pencils to do your routing protocols and your ass numbers.
And redistributing Mark where you research points were was it was a grind?
Was that the first version of Visio right there? Yeah, the sixty four parts of what
they gave caveman visio. Man five, five, five pencil
crayons that a sheet of construction paper. Nice.
So pardon pardon my ignorance here Roddy but. Was were there concentrations for the CIA back then or was it just route switch that there was one,
i.e. there were
three there was a sky blue, which was based on the mainframe delice w IBM stock. You’re saying trigger
words for me right now, which might be IBM or Adobe LSW.
Yeah, I that was I was. But when I was working in federal deals, w was my thing.
So I know who the CIA blew. That was I
think there was a security one now. There wasn’t a security one. There was a when ESP one. So CXP sky blue and CIA roots, which I think those were the three. And then later came the voice in the security.
Gotcha. Yeah. And they aspe one resol employee and it was all strata come ATM stuff.
And did you say that was in 2001, right?
I got my. I just hit my twenty year anniversary just a couple of months ago.
Nice. Yeah. Congrats on that. Thank you.
Did you get your plaque and all that stuff?
Yeah. Long story. No, not yet. I’m still
working. OK, I have my my original plaque. I have my
10 year plaque, but they haven’t sent me my 10 year.
I got you. I got you. Yeah.
So before the IEEE, you mentioned doing the KNP or the CDP. Did you just want to get into design or was it just something to do?
It was just something to do. You back then you only needed the CNA to be able to write the CCI written. But it had been told I talked to a couple of guys that were at Sprint at the time, and they said, get get all of the certifications on your way up, even if you think you’re not
going to use it or it’s not something you want to do. It’s DPE was one extra exam on top of the N.P. or two extra exams because
just a week, right? Yeah. Well, we do. Yeah. Yeah, that’s true. Yeah. Yeah, maybe I’m oversimplifying it, but because back then it was. Yes, you are.
Yeah. It was just product knowledge, right? It was, it was six hundred rueter. What model of this router has this kind of interface that kind of OK? At the time, though, I was in pre-sales with Sprint, Paraná, they were called back then.
And so that’s not helped. So, you know, it did help me get into I didn’t really have an idea of what exactly I wanted to do in networking. We just did know I was a consulting engineer back then.
So that’s what we did. I sold network stuff and I implemented network stuff and everything counted. Right.
Gotcha. So you’re saying while you were at Sprint, you were actually consulting doing that?
OK, gotcha. Yeah, I was a kid.
The thing I can’t remember my exact title, but yeah, my title at Sprint, I was a consultant, a network consultant. No, I didn’t actually work for Sprint proper running their network. I was a salesman. Yeah.
Okay. Gotcha. So it sounds like because we’re in 2001 right now. Right. That that’s where we’re at and on this timeline. And so you were in consulting from 92, 93 ish all the way up to 2001. Pretty much.
Okay. Yeah, it’s interesting. I don’t think we’ve heard that yet. So when starting their first gig is consulting. So. So is that the same as a contractor or consultant?
Yeah, in a way, it wasn’t we didn’t we weren’t a body shop, so it wasn’t like you would get somebody in for six months just to be a network engineer. It was more presale stuff. I did a lot of pre sales during that time.
Yeah. Which, you know, is good and bad, I guess. I mean, that’s what I’m doing again now. So it kind of came around for of full circle. Yeah.
Yeah. So like SC is a pre sales
position or not? It is. SC is a preacher at
Cisco as high as a pre sales position? Yeah.
Yeah. Right. So you kind of went from did you go from consulting to SC like like formally?
No. So I went from
consulting and I got on to a project at a federal entity and got home from the project. And the guy guy there just actually recently passed away. He called me up and said, hey, we really like the work you did here.
You want to come to our lead network design engineer. Oh, OK. So that was it. So I went there. I was there for six years. And then so I was you by then. Obviously see it better than you.
OK. And so so yeah, this story ended. So I passed past. Got it, got the number and went back to doing whatever I was doing and ended up as a network design engineer network. Yeah, network design engineer. I think it was my formal title for this federal entity for six years
that the CCI, you change your life. Did you get better jobs?
More money? Yeah. Back then. Yeah, yeah. Okay. Back then, absolutely. I mean, Sprint had the deal. If I passed, they would pay for everything. And then if I passed, I would get this bonus or this pay increase at the time when jobs when consulting gigs would come up.
Customers were asking for cecilians. So it opened up a lot of consulting jobs within Sprint on behalf of Sprint. While I was there. Right. So there were no society needed for to do this, that I qualified for that.
Once I got my say, yeah, it was almost immediate. It was like the day after I got back, I started getting, hey, do you want to go do this gig somewhere else or do you want to go to this?
Yeah, absolutely. Yeah.
Yeah, it was worthwhile. And you did it in less than a year, right?
I did it in six months.
Yeah. So why do you only have one?
It’s so easy. Yeah, that’s a good question. Yeah, I only like Eipe.
I don’t like IPv6.
Let’s beat up on Piecyk now. You know, I
was never a security guy. I was never a real voice. The voice focused words. I probably could have done the service vider one because I did do a lot of emplace while I was at Sprint. Yeah. And the blue one may have been handy, but the blue one had retired, I think, by about 2004.
2005.
Yeah. So. So how long were you there at Sprint then? Because we were at two chiasm one. That’s when you passed your I.D.. So how long were you still at Sprint for then?
I was at Sprint for three years, from ninety three to ninety eight to twenty one.
OK, so after you get your ideas.
Yeah, 98 to 22. So she
doesn’t bounce
for some. I stayed my mandatory one. So funny story. So the other agreement was. But they would they would move me down from Canada and they would sponsor me for all the stuff. And I had to stay a year after my Sikhi and a year after the sponsorship was done.
Well, they decided to get out of the consulting business and they were going to start laying folks off that were in my division and that I wasn’t going to be one of them. So I went to my. So this this customer called me and said, hey, we want you over here.
This was in 2002. We want you at this federal entity. Love the job you did. What do you say? So I called my bosses for it and say, can you lay me off?
That is a funny story. I it’s something we’ve heard that either. What are you talking about?
I said, yeah, I got a lot of stories. They said, what are you talking about? I said I said, it’ll save you have to layoff so-and-so. I’ve got a job lined up. They’re going to close the division eventually, anyway, I got to find something else within Sprint or find something else, it’s done.
So it did. I got my severance. I got all my stuff covered and fast to the next job a week later. So that was I was at the federal entity for six years.
For six years. Yeah. Yeah. And where did you say your title was some sort of like a design network?
Design engineer. OK. But I did.
Some operations as well, implementations, but overall, I was responsible for. I can’t. I can’t tell you who it is, but it
was yeah, you know, that’s a
very large, important national network and it covers all areas of the U.S. And so I, I was kind of at the top of the food chain at that point. So I could I was in charge of network, the land designs, the land designs, connecting all the sites together, making sure everything talked to the mainframes with the.
That’s where my deal is. W stuff came in and then eventually Internet connectivity and orders and that kind of stuff.
Did did they let you see the aliens?
No. No, because remember, I am Canadian, so I was technically he was a walking one. Yeah. It’s not a
sacred place, but it’s just not one that I talk about. Yeah. Yeah.
So so in your six years there, did you did you gain over a lot of experience in that six years or so? So what I’m what I’m getting to is did you ever feel like you were starting to.
There’s a there’s a term going around our discord thanks to river and discord arrest out. Right. Like do you feel like you you were not not being challenged at this job or did did you do a lot of growing in this job?
What I did a lot of growing probably for the
first four
years. First for, you know, until I
got the network to a point where it was modern and stable. So we converted from twenty five links to four, and that was project one. Right. So that we did get through that kind of stuff and then get rid of we we started taking out mainframes and places and replacing them with servers.
OK. Right. And then virtualization, virtualization started to come in. So we had to get rid of now we get rid of the Solaris servers and bring in Linux servers so that they could run virtualization and then the Windows stuff.
And so getting that stuff connected, the network getting lips to move between data centers. But this was all new. Right. So once I think once I got to that point, I think I kind of peaked from a technical perspective, at least from what not that I knew everything, but for what my employer needed.
I got it. I got it all done. And that’s my last thing, was getting the win stuff off of frame relay, because I had put the frame relay in initially. And then a few years later, we’re yanking out the Premiere and putting a lesser distance, getting Jerry and IP sec working over that, using Internet as a backup
, getting everything connected, virtually overtops using overlays. Can you know? Yeah.
Yeah. Can you also hit on. So you said something that that I don’t know if you wanna say triggered me or not, but so I’ve been at my job for about nine years or nine years. Like last month.
And you said that you got the network to where you were wanting it. Right. And you said in about four years, like, how does that feel? Because I haven’t gotten mine to where I want yet.
So it’s like, did did you
get over that mountain? You were just like, oh, finally, it’s the way I wanted it designed.
Yeah, it’s it’s a good feeling. I mean, it I’ve been fortunate.
I’ll tell this to anybody this I’ve been really lucky. I’ve had some really solid managers that trusted me and that knew what I was good at and knew that if I wasn’t good at something, I would say I wasn’t good at it or I wouldn’t pretend to be something like something I don’t want to do in this
industry is tell people, you know, something that you don’t know because it shows. So my managers, I’ve been really lucky with managers throughout my career, honestly, from day one. And he trusted me. And he he would come to me and say, this customer wants this.
Our internal customers, this application has this requirement. So we figure out how to get this done. I would say this is how it’s done. They would come back and say, well, I met so-and-so on an airplane and he said not to do this.
And I would say, don’t listen to that crap. My boss, my boss would go back to them and say, no, we’re not going to do it that way. So I didn’t get a lot of pushback. OK. Not that I was always right, because I was still growing and still learning, but I was I was given a lot
of flexibility to do things the right way because I kind of had a methodology. I knew I knew the concepts between behind and availability and redundancy and all that kind of stuff. I wasn’t as very methodical in my approach what configuring it as a network or designing a network.
So I was given a lot of freedom, flexibility. Not everybody has that I can appreciate. So it can be tough. But yeah, I felt it felt good. It. It freed me up to once I was done. It freed me up for some of the silly things that customers would ask for, and that’s kind of where it started
wearing thin a little bit. And it’s like, you know what, maybe I need to get back into consulting, but, you know, working. The difference for me, at least, because I started off consulting and then I went into an actual network position where I owned the network.
I got an appreciation for outages. What those cost in terms of money and reputation. Right. I got an appreciation for being on call all the time. I got an appreciation for what that takes and being careful when you’re considering something and planning something properly before you can figure it so you don’t cause an outage.
And then and this is something to help me and my skyy checking your work after you do it, no matter how good you are and how smart and how many times you’ve done it. Everybody makes mistakes. And if you know those verification commands or you know what to test and what to look for when you’re done, you’re
going to save yourself so much time down the road. Especially if you don’t answer your phone and somebody else has to troubleshoot it, right, so.
We’ve been there solid advice, they’re very leery.
So you left there. You climb that mountain, you left there and you went to Cisco.
Yeah. My ultimate goal once I started getting my keanna and stuff was to work at Cisco. I was just I just that was just where I wanted to be. And honestly, it was that Ptak engineer that inspired me.
And I just like I said, you know what? I want to work there. And so. Twenty eight. So 15 years later, 15 years after I had that encounter or the interaction with the tech engineer, I was at Cisco 2008, ajoint Cisco.
And I’ve been here ever since.
Nice. What was that first job? Cisco.
Yes, it was hard only because they have a pretty involved interview process. Right. My first job was as a network consulting engineer covering large financial accounts at Cisco. And in that time, that’s presales that was post sales. And I did post sales for four, five years at Cisco.
And still consulting, but sales consultant. So I would help them when they would add to their network. But I was still kind of having the same discussions, the architecture, discussions and design discussions that I was having when I was doing pre-sales evidence was I didn’t have a number.
And I would also be the one that they would call if something went wrong.
So this might be a dumb question. I call tech when something goes wrong. So what what is post sales, exactly how they differ from support.
So if if you have if you’re a large customer. And you’ve got a global network that needs so so TAC is great, but Ptak doesn’t necessarily know your network and the time it takes to open a case. Tell them your problem.
Figure out the solution. The problem they don’t have time to remember or to learn your network. So advanced services exists for customers that want to buy a block of ours.
Well, you’re a dedicated architect to certain clients, right?
Yeah, yeah, yeah. You’re dedicating certain clients.
So you have familiarity with their staff, with their processes and also processes for the Canadian people, their staff, their processes, their their network. You’re engaged with them throughout your contract, not your your contract with their contract with Cisco.
You can be a dedicated resource. You can cover three or four accounts. Kind of like an Etsy, right. As he’s would generally know their account. So nces that as they recall back then, I don’t know what they’re called something else now, but Networx consulting engineers knew their accounts and so they would still call Tilk.
So they called me and said, hey, we’re having this issue. I would say open Takase. I’ll have a look at it in the morning. But if they needed help moving the case along or getting bug scrubs done or researching code or Ptak tells them to do something, they would run it by me.
That’s the kind of stuff we weren’t Ptak. And we were very careful to position ourselves not being tapped, because I don’t have a lab where I can test every scenario.
So now. So if you pay enough, you get one of you.
Yes, that’s it.
Yeah, that’s exactly it. You get one to me or five of me. Yeah.
In my work as a partner during deployments and stuff, I’ve worked with advance services and talk about sharp.
Yeah. Yeah, it’s it’s
I, I didn’t I had fun because I was doing peer networking, but what I found when I was in advanced services, I did learn, but I didn’t I only learned what my customer. I had no opportunity to learn what I didn’t know that Cisco made servers until I got out of advanced services because my customer didn’t use
UCS. Yeah, I knew what they bought and because I would only see it when I would show up and I’d have to go help them install it or put it in. But it was the ease and the TSA that we’re ahead of the game in that new Cisco products.
I didn’t learn about I didn’t know a product or an OS until I actually the customer needed it. I didn’t have time to go learn. I didn’t get to go see the announcements and all that kind of stuff.
So in that way, I kind of feel like I lost a couple of years. I mean, it wasn’t a waste. I did get better at networking and I got really, really good at Nexus seven thousand sixty five hundred, but I didn’t know some of the other stuff that Cisco was doing.
So you said when you were just starting out into networking that you wanted to work at Cisco. Did you have an ultimate goal of what you wanted your role to be or you just wanted to get in the door and see what happened?
I just wanted to get in the door and see what happened. I would I was I would have gone to task. I would have gone to as I would have gone to be able to go gone today. OK, I just wanted to be at Cisco.
Yeah.
So how did you pick your position? Like, was it the first that came up? Or you’re like, well, I’ve been a consultant before. I’ll do that for Cisco.
Yeah, it was the first
the first that came up. They offered me a job and I took it. Yeah.
Is the culture as good as I hear?
Yeah, it is. And that’s to to answer Tim’s
question, I know I had a question like I, I was an important question. I don’t want to forget it. But everything you’ve heard about Cisco, I mean, of course, it depends on your manager and your team, but it’s a really good place to work.
I mean, they don’t have the startup mentality that a lot of startups still have. And a lot of companies do think we don’t. You don’t get the free sodas in the in the break rooms anymore. But they they they they are very good at empowering employees and trusting employees.
We don’t. One of the things that drove me nuts about being in federal. And when I worked at the federal entity was our laptops were so locked down to a point of being almost useless. So we had to be patient.
So, you know this story.
So, you know, we can’t tell you
where I work. But you’re preaching to the choir there.
It was it actually got as bad as we had to carry two laptops. I can have a laptop that I can access my network devices with and I can have a laptop that I could do my emails with.
Right. And it was just very slow. So you know what I’m talking about, right. So at Cisco, I did one of the
first first things I get is I get this packet with my laptop and its cover sheet saying, OK, it’s got windows wherever we are up to back then XP or something on it. If you want to install your own ass or OS, you’re on your own.
But go for it. Here’s how you access the network.
You actually have admin privileges on your work, but
I still do are still even in 2021. I do. I mean, we have they’ll still make sure my screensaver
set to 10 minutes and that I have a password that changes every six months. But at the federal place, we had to change our stupid password every month and we didn’t have single sign on. So I was changing 20 passwords every month and they had different password requirements up trash.
And my old employer, I
realized they had to describe a different password requirements. And then they would lock the laptop
down and lock. You can install security because we don’t have this. And I have a license. No, you can’t install it. You don’t have admin rights. So I have to open a ticket to get them to install a piece of software for me that I need to do my job right.
And it was just so frightening. You know, we can laugh about it and complain about it, but it actually was stressful because I would. Those laptops are so bad, they would take like 10 minutes to boot up.
Right. And I was sitting there, my pagers going off,
and there’s an outage in Philadelphia. Some guy named Andy did something wrong. Yeah, I got it.
I’m waiting for a very plausible I’m waiting for my laptop to boot up. And it because it’s sitting
there doing the decrypt process that some goofball engineer put on there. Right. So anyway, they’re very empowering. They’re very trusting. So even today, we get control over you. But, you know, who knows? Of course, depends on your manager.
But it’s a fun place to work. There’s the cool part, and this is why I don’t know that I’ll ever leave, as there’s always someone smarter than you. Hmm. And that’s the way you learn. Right. And and honestly, to to a person at Cisco, I’ve never once gone to somebody for help and had them say, I’m too
busy, I can help you go somewhere. And I’ve been here 13 years. I’ve never want to come across that mentality. Every TSA or see or as you see or AM is always willing to help you on your customer, whether they get paid on it or not.
Right. I could go to attack guy and not have to open a case to get a question answered. I could go. They don’t sit there and say, oh, open the package and I’ll answer the question. Just hit them up on our chat program is the answer.
Right. So, yeah, it’s a great it’s a great place to work, honestly. I mean, you know, if they don’t pay startup money, it’s a big company. We have sixty thousand employees, but. I like it here. I do like it.
It’s awesome.
Yeah, A.J., what did you want? Yeah, I know you guys, you
have a question? Yeah.
Yeah, I was just going to, you know, kind of prompt you. How did you get from that post sales into pre-sales?
So so would that be the systems engineer job?
That was
my job. Yeah. So funny. There’s another funny story.
So I was in L.A. for
five years covering a large financial account and the. See that covered?
The place I used to work, the federal entity,
was moving to another account.
Hmm. So my boss, my ex boss at this federal entity asked Cisco,
can we move Roddie over to the RC
South?
So nobody asked Rotty if that’s what he wanted.
Nobody asked. Right. So they had this conversation. This is that’s a good point, Tim. So they had this conversation.
I had no idea. I hadn’t talked to any of these folks five years. And I get a call from the account manager and he says, hey, I was just talking to so-and-so at the customer. And I was like, oh, how’s he doing?
He’s like, he’s good, but there he is leaving and they want you to be dressing.
So full circle again,
I end up moving from advanced services to the sales organization and federal to cover to be the for my old employer.
So I built I had built that network.
So I knew the network. Yeah, I knew the funkiness. The government places, the federal institutions do. I knew the processes. I knew the politics. I knew the staff. I knew all the people there. So I didn’t that was a cool again, I’ve been so lucky I didn’t have to learn that stuff as well as learn how to
be an SC. I got you right. I got to learn how to be Annecy in an environment that I was 100 percent Premiere Pro. That’s pretty. I didn’t have to introduce myself to anybody, I didn’t have to go and say, OK, here’s how I do things.
They knew how I did things. They knew how to talk.
They knew what to expect. Basically.
Yeah. Yeah. So it’s, again, very, very, very lucky. I mean, I don’t yeah, I don’t I’ve been really lucky in my career. Those kinds of things I was there for as. Yes. On that account for three years.
And then what does it do?
What does it you do? So I’m not trying to be. No, that’s a good question.
It’s it seems like a really great gig. We’ve talked to a couple. Yeah, I’ve never talked to a Cisco SC, but. You know, you’re a very technical guy. You built the network. What does that SC role look like for you, like what do you have to learn and do differently that you were doing in your engineering job
? Yeah, it’s it’s a different it’s a different.
So Cissoko now calls are eskies. They call them essays. And I have to correct myself sometimes. So now it’s system architects instead of system Virginia Junior Seau. And he is the. So an account team at Cisco is made up of an account manager and an essay.
So the account manager does the number of sales, these type stuff, and the essay does the technical sales. So the AI is responsible for recommending a platform to fit a requirement or recommending a solution to fit a requirement.
Learning the customer network, learning how what they need, anticipating what they might need in the future. You’ve got a bunch of these routers that are going to be end of sale in a year. Let’s start planning to migrate away.
Here’s the new platform. Essay will go on and do tech talks to tell them about new platforms and new software features.
It’s a hard it’s
I would say that the SC position or as a position at Cisco is a hard decision. Hmm. And it’s mostly because you are responsible for all things Cisco.
Was going to ask you, do you only have a narrow set of products? No.
At all? No. An essay is a generalist, so you have to know routers, switches, data center, enterprise security, collaboration, storage servers. What else do we do? Whatever cloud stuff, all the stuff that we do and say, Hachemi, you can’t you can you can’t know everything about everything, unfortunately.
But that’s what makes it hard, as you have to know at least a little bit about everything. So so you can at least have the first conversation and then know who to call to bring it. So then you would bring in T.S.A..
Right. So a lot of essays have a Calabro background. So their focus is collapse of the really strong collab, but they’re not so strong on routing and switching. So they’ll bring it T.S.A. and sooner than a regular essay.
Right. But that’s what makes the job hard, is you have to keep on top of all of those solutions and technologies and know what Cisco is bringing out, because you’re responsible for making sure those solutions get in front of customers.
So how did you personally gauge how deep you had to go in any given discipline?
I don’t know that I thought about
it too much, Tim, I and my career, I was a route switch guy, so that was the no brainer for me. I mean, so when when we would come out with the Nexus stuff, I would learn I wasn’t a.
You mean when I was working at the federal entity, we didn’t have access right. To cats. About a hundred was the switch of the data center and the switch. The campus didn’t. There was no distinction between data center technology.
So when I became by the time I became an essay, there were the data center was its own world and had its own product line. So I guess I wanted to just using data centers, example, I wanted to get as good a data center as I was at campus and Branch Technologies.
OK. But I didn’t want to get into being really good at firewalls and really good at telepresence or really good at sort of just I didn’t have an interest. Now, is that true?
Yeah, I do want to say I appreciate your pun. You said that at your core, your about switchgear.
Appreciate it. Okay. I that was intentional. Yeah, absolutely not intentional.
Thank you, Tim, for pointing out my bias.
So we spent a lot of time on your story and how you got to where you were, which is amazing just before we run out of time. I have no idea what SD access or DNA center are. Oh, so I don’t know when we want to pivot to that.
But if you could just do like a high level because they’re your areas, right? They are, yes. The book UROD. And so can you teach a dummy like what is this stuff really quick and like?
Well, yeah, right
before you get into that, though, but why why SD access? Because there’s a certain book in a. Oh, yeah. Like how did you get into that, you know.
So she didn’t.
For some reason, I thought we just finished the intro. It’s just the whole podcast
because it goes by myself. I’ve caught myself like I’m
you proud of you’re talking way too much about
yourself, but I guess.
Well, you’re an interesting cat who’s done a lot. And I’m really learning a lot from this. So that’s you know, now we’re at the part for me. We’re like, well,
what is this? Who’s an expert at? And I just I thought I was just
supposed to introduce myself. I didn’t realize that the podcast would actually be my story, which is kind of cool. I just.
OK, so. Yeah, so Dan
wants to know why I got into ASTIA or why a customer should get into
it. So there’s a book out there.
There is a book out there. Yeah, I’m trying to get to your book. I wrote a book. Yeah, that’s all right. Yes. So OK. So Andy, I’ll come back to your
question after I talk about my book that I really don’t publicize whole. You don’t know. I’m just not comfortable doing it.
But I guess so. We fast forward
a little bit. So I was an essay for three years, and then I was a TSA still in federal covering just enterprise technology. So land and when and then I had this opportunity come up about three and a half years ago, focused on DNA center a.D.A.
So about a year and a half, two years ago, a friend of mine had written a couple of books for Cissoko Press, we were just kind of talking back and forth. And I said, you know, one of my kind of bucket list items was to write a book.
That’s what I got started reading when I started to do my certification. So. And he said, yeah, you said when I talked to the to the the publishing house once in a while, there’s a topic that comes up that I think would be good at.
We’ll do it. So a couple of months later gives me a call and said they want an e-book. Are you in? I said, sure,
let’s do it. Oh, yeah. Do you have a writing background? No, I mean, are we counting blogs and trolling people on Twitter? I was like six guys, man. I should have been trolling. I guess I should
write a book on trolling people on Twitter.
No, I had
I’d never written anything beyond. I mean, I’ve written white papers and written kind of architecture documents and stuff like that. But I’d never written anything like a book and.
I do want to talk about the book experience a little bit,
because it’s yeah, people a lot of people ask me, and so he said, yeah, let’s write a book on Sa’dah. So I was like, OK, it’s been on my list. I always wanted to have my name on a Cissoko press book because I knew a lot of authors and they were always really sharp and always helpful.
I want to be one of those people,
so I’ll never do it again. Just wait. That’s that’s the entire experience that I did it and I’ll never do it again.
It’s I’ll tell you, man, it’s a mine. It is it is a different experience, and I can write I can write an email, I can write tiar, I can go back and forth with A.J. I could write a blog post about food and networking and talk about it, but I’m going to write the way I speak.
Hmm. When you’re writing a book. First of all, you you have deadlines, right? I’m writing a blog post, I have like 15 posts and drafts right now
that have been there for like two and a half years. I know that’s not his right. So, I mean,
I have posts on like IPv6, so like I’ll never get to them. Right, because I believe this is never going to be a thing.
So I, I
should get at it that way to
it. Oh, no. I really mean every bit. So we’ve got that right. Yes. So you get this
this you know, here’s your milestone’s, right? You want to get one fifth of the way through by this day, one, two fifths, three, 350, four, etc..
And, you know, I kind of got in my head
what I want to talk about. But I sat down to do this damn book and I started writing it like a lab guide. And I thought, this isn’t going to fill a book. This is like 15 pages at best.
Right. And so I called the my
buddy who coauthored it, Jason Goule. And I said, and I’m writing this, and it just doesn’t feel right. I’m writing a lab guide and I know we don’t want a lab. And so we kind of gave me some ideas because he had written a couple of books before and I started doing it, but I just kept running
out of words. And you hear authors, tactical, not tactical, talk about sitting in front of a blank word document, not knowing what to type. I was like that every damn day.
I mean, I know my shit.
I know Sa’dah at this point. I know how to talk about SDI. I know how to sell S.J I know how to help people test you. How do you how do you write about it in a book? So I started and I went into the oh, here’s the history of automation, I think, OK, I’ll start historical and
maybe that’ll kind of give me some ideas. And so I did a little bit of that and talked about Ansible and all that kind of stuff. So I sent some drafts to the publisher and they came it was marked to hell.
So you can’t use you. You can’t use wi you can’t use my you to use has to be impersonal.
How many how many passwords that they have to cut out to you? Yeah. Just curious. Personal. The impersonal, you know, way of writing is intentional.
It is. It it’s like so, you know, again, I would if I read on my
blog post right now, I would say, you know, next thing you’re going to do is do this and then we’re going to see what happens. Right. You can’t write something like that in an official book. Be more engaged, and that’s not well, you think.
I don’t know why. Right. I don’t get it. But it’s that’s the rule.
And it’s just I’m not saying people shouldn’t do it. There are some fantastic to suppress authors, authors out there. And I’ve learned a lot from those books.
I’m just beating up on the you know, because it’s in fashion.
Yeah, but.
But it just wasn’t for me. Like I couldn’t I can write in my natural language in the way I speak and. Because maybe it’s just maybe I’m weird, right, because but because of the way my brain works, communicating that stuff has to be communicated in my style.
I’m sitting there and you tell me to write this, but write it in this way. I really struggle. And it took me I missed deadline after I felt so bad for Jason. And he was getting crap from the publisher because I was the deadline and we got it done.
We have done at two coauthors and we got the book done. And it’s been out, I think, since August. So it’s been out for almost a year. Just got a couple of copies there, I believe. I do believe he’s going to probably steal one and be helping the others.
So the book is about software,
Cissoko software to find access. And so answered to get to your question, Andy. You want to hold it up there
and there it is. I say,
listeners to the people actually get to watch these videos.
Oh, yeah, yeah, yeah, absolutely. Oh, you did your hair. I like this one. But you’re blue for some reason, Mr. Poppets. Very, very, very. Yoho’s very bad. His new nickname. Wait, wait.
How does how does it feel to hold that book like when it’s done and you suffered through it and now you’re on a Cissoko press book? I mean, that’s got to be a high watermark, right?
Like, yeah, I’ll never do it again. Right. But I was it felt good. No, that’s a good question. It really is. That’s a great
question.
I and I’ve
had people ask me, it feels great. I have my name on Cisco. You can I have an author page on Amazon. Hmm. Right. You Google my name now with software defined access or Cissoko. Now you’re getting hits for my book, not shitty blog posts that I wrote down
or tweets where I’m trolling IPV six people. You’re actually getting a legitimate
author page on Google and an author page on Amazon. So that’s pretty cool. That is really cool. Yeah, it was. I think I was I think I was so anxious to get it done because I was so it took a lot of me just it was so stressful because of the whole language thing and being able to
talk. I don’t know that I enjoyed it as much as I should have. I wish I had I wish I had it. Yeah, it’s a big deal and it’s a big deal. And it kind of opens up things people can introduce me as author.
I don’t consider myself an author. I wrote some pages for a book, but but yeah, it is you know, I can sit there and say, look, I you know, I probably read my first Cissoko press book in ninety eight.
Ninety nine. And, you know, here we are twenty three years later. And I have my name on one now.
So, yes, I’d have them all over my
house and be given to people like, look what I did. That’s I. Yeah, yeah, yeah. That’s what I’ve been doing. And it came out kind of
during the pandemic. So I wasn’t able to we didn’t have a book signing this bill. And that was all right. Yeah. We were supposed to have a book signing. It’s just a lot of us and it’s just a lot of Europe.
But those got called off.
Well, well, next year what we can do that. Twenty twenty two in Vegas. I’ll be able to get your book signed by you. Is that if
they if they’re going to do. Yeah. Regardless whether or not there’s a book signing, Andy, I’ll go and I’ll sign
the book for Alison. Yeah.
You can finally figure out what the access is.
Yeah. And have a
conversation. Breakout session. Yeah.
There you go. Meet the engineer.
So you talked about timelines. Were you getting to write this is part of your Tsay job or was this all on your own time?
It’s all my own time.
Oh, yeah. It’s it just prid like saying you got to be on a book or like the Cissoko, say, hey, we’re going to give you a bonus because you’re on up now. There’s only 10 percent of sales. Sounds like a
program you get.
It’s a separate it’s yeah. It’s writing for Cissoko. Press has nothing to do with working at Cisco. I don’t know which you
and the publisher and
the publisher. Yeah. Yeah, my my boss knows because I told him that I was writing it. Other than that, there’s absolutely no tie and I get paid from the publisher. Okay. You know, again, you don’t I didn’t do it for the money.
I don’t. Yeah. Yeah. Right. You don’t write. There is writing books to make money is don’t do it because you don’t like it.
But I did it. I mean, I did it because I love the technology. Right. I didn’t do it.
It was it wasn’t an ego thing. It was there was some pride there. I did want to have my name on it. And, of course, Cisco Press. But that was just more of a cool not because I want my name out there.
I plan on a different career, man. I’m fifty years old. I’m at where I’m at and I’m happy where I’m at.
But isn’t it interesting how difficult it is to put into words or like to take the technical stuff that you know how to do and how it works? Like I remember when we were starting out and then we played around with some YouTube stuff.
And like like it’s it’s so difficult. Like, I know how to do this. I do it for a living. I do it every day. But then to try to explain it and put it into words and have it make sense and bring somebody along, it’s just really, really difficult.
It’s tough.
And I can do it so.
So I could do it talking to you interactively. No problem. I can give a Cisco Live presentation and talk about SD access. Right? I’ve done lots of those those.
But putting it in a form is a different thing, putting
it in a form, especially
in something where a certain amount of content or words are expected.
Yeah, right. That’s pressure, too. It is.
And not every technology is conducive to a book. And I’ll say that about FDA, right? It’s matured and changed. The gooi has changed drastically since we did the book and the books. Only a year old, so. Mhm. Yeah, it is.
It’s tough. And I, I was like I said, I’m proud, proud that I got my name on it. Proud that I got it done. I’m glad I got it done. I don’t regret it one single bit, but one of the draft blog posts.
In my on my blog is why I wrote a book and why I’ll never do it again.
I want to read that post. Spoiler alert. Just listen to this episode. Yeah. Are you a Patriot member and you should join the Patriot. Yeah, that’s nice.
So, Cerutty, let’s answer Andys in these questions now. What? At a high level, what is as the access.
So. I’m going to try not to be sales on purpose, because, again, I’m
I’m really not if you want, I’m really not sales.
And so software to find access is I modify my language. So we’re supposed to say Cisco software to find.
Right, right.
We’re not allowed to say USTDA or just so Cisco software defined access.
Andrew is is is an overlay
as a fabric technology for the campus and branch. And what it that so if you’re familiar with Asiye, it’s kind of like aiki. But for the fabric, for the campus and branch where you have users and Iot devices versus servers and applications,
can I ask you an embarrassing question? We’re in the trust tree. Right.
And it depends on who’s editing this episode.
Yeah, that’s a question.
What the hell’s the fabric, OK.
Yeah, I don’t like that word.
I shouldn’t use it.
I don’t either. People keep explaining it to me. And I think it’s a bunch of damn switches tied together somehow. But I don’t get it.
It’s it’s a it’s a. I don’t know who can explain it better than me, so.
Well, the way I look at it is it’s a bunch of virtual people. You know, if you want. But I just. Yeah, I don’t know when. As soon as you said Fabrica Mike, I still don’t know. Do you use like which brand of fabric fabric softener do you have to use, you know, cynically make it act right
and all that.
Yeah. So now is an abstraction. Is it the fabric? I would I would
call it an abstraction. You’re basically you’re glomming a whole bunch of network devices together to perform one to look cohesive so that you can plug anything into that. Glam of NOWER devices in and have it be the same,
but of all these disparate pieces.
Yeah. Instead of necessarily having an object.
Yeah, it’s a it’s logical, right? Exactly right. So if they don’t have to be directly connected together. Right. Your fabric could ride over a whole bunch of infrastructure. But so technically, your employees network is a fabric. Right, you’re rippin from side to side, B is a fabric fed ramp.
It’s an overlay. Right. It’s an overlay
with those with those be considered threads.
Are you getting
mad at this? I’m sorry. I didn’t mean to pull you off and distract. So, OK, so I think I got fabric at my core.
I’m a distribution guy.
That’s how you do upon Dan. So to answer that, that, too.
And you just you said it would get weird. So software defined access is an overlay technology. I prefer that word. Thanks, A.J.. And so what did what? I’ll get into the features in a minute. But what it allows you to do is basically set up this overlay between your floors, buildings, sites, department departments, the departments, more biological
. Yeah, absolutely. And wear anything that wherever you plug in your your your laptop or your Iot device. It and a better way to say this.
It doesn’t matter which port you can connect to any any
port on this fabric’s which will behave on a
specific port. Right. Right.
You don’t have to statically assigned the VLAN or make sure that that beeland has access to this defo gateway, because this is where the router is with this layer three. Right. Everything’s kind of overlaid on top. So it’s software and software defined, and that’s where we get into the data center part in a minute, but it’s an
overlay technology using the land and list to accomplish this. Right. So you have a bunch of layer three capable switches that are set up as routed access. Right. That’s your underlay. OK. And if you remember the way Cisco used to recommend to do networks probably eight years ago is we wanted layer three on every switch and every
switch is the default gateway. So NZDF access fabric, that’s how you configure your underlaid, because the underlays role is to forward layer three packets as quickly as possible wherever they need to go. OK. Those packets. Are the FDA overlay package.
OK, so when you send a ping to Dan, regardless of where Dan’s laptop is plugged in, that package is going to get encapsulated by your access switch. And it will be sent directly to the lookback address of the switch, the ban is connected to it.
Hmm. Right. So it’s not going to go through the network natively. It’s not going to have the same disbands destination IP address all the way through the network, the destination IP address. As soon as that packet leaves, your switch is going to be the loopback address of the switch that Dan is connected to.
And then that could be excellent tunnel. The excellent tolit. It’s exactly the excellent uses Lisp as the control plane and find out where Dan lives. Right. So it’ll say, OK, this pack, it’s going to 10 one or sorry, f, e, a B colon a
one four seven colon.
Oh, wait a minute. We’re not using that technology.
So it’s going to go to 10 one, one,
one, and it’ll do a list lookup, say, hey, where is 10, one on one list build the control plan will say it’s on this switch. Here’s the loopback address to the switch. The switch will then encapsulate it and be excellent and send it directly to that switch.
So the beauty is there can be anything in between those switches. OK. It’s layer three all the way through the network. So you can use SCMP to load balance between your lines. So you’re no longer there’s no spanning tree.
Right. Which is. So that’s when I want to be the sales guy that started when when I when I want to be the sales guy, I
find the oldest person in the room
and tell them that they’re going to get rid of Andy. You’re going to get rid of Sansho. You’re never going to have to worry about a
spanning tree loop or root bridges or priorities or any of that stuff ever again, because I love every switch. Is layer three connected to every other switch? Every link is a point to point slash thirty or slash 31, depending on how weird you are.
And then I’m going to throw the statement, I’m going to troll the slash.
Thirty one people next. So.
Hey, listen, it should be slash thirty one. It’s a point the point. There’s no reason to waste time. Oh, my gosh.
There we go. Look at my my serenity. Now, my opinion. You just want to live in a lower body in any
broadcast address or gateway and a
point to point, because that’s what the guy that invented IP said to do. Yes, but he was wrong then. You know what? Why send a broadcast but also point them off when we standardize on IPV? Andy, you can do whatever you want with whatever technology.
Right now, I’m changing
the phrase it’s now get off Andys overlay.
Yeah.
Listen, if a slash 31 didn’t work, he should have wrote the protocol so that a slash thirty one wouldn’t. All right. Well, we found out who the weirdo of our group is.
So anyways, I thought the point to point connections, obviously, like the ad thing was bad, but
man, nothing matches
the answer you want. So so anyway, so talking about. Oh, so you get rid of fantasy.
That’s that’s what I do. I find the oldest guy in in the room named Andy, and I tell him, hey, you get rid of spanning tree because everything is layer three. We’re going to use it to bounce across these layer three.
So we’re going to use your links efficiently. You can, even if you’re really weird, have non Cisco devices in between. If you if your mandate, because you work at a federal agency, says you have to have other devices and you want to put a.
Juniper Rueter in between your two fabrics, which is you can do that, did it juniper out or can brute layer three packets between the two? It’s good.
Did did that hurt to say that
it looked a little painful? I was just wondering how to use the F word before I said it.
So it’s not a magical feature in a Cissoko image.
It’s standards based.
It’s OK.
Yeah, it’s naturally whatever it is.
Yeah, it’s based on. And you just have to
be able to root on your
switch and your good. Yeah, you. Well, the nonsense Cisco switch doesn’t even know that it’s Sa’dah, right? It’s just routing a layer through packet from point to point. He doesn’t care. He’s not part of that conversation. He doesn’t know about the Zoolander list.
So where’s that magic happening on the
edge to these two end point switches? Right, that the axis
has to be Cissoko. Yes, that’s the members of your fabrica.
You’re going to have a border, which is how traffic gets in and out of the fabric, the control plane, which is like the dnes server for the stuff and an edge switch, which is your axis. So all of those functions have to be Cissoko, Catalist ninety three hundred ninety five hundred ninety four.
Does it have to match the the the 9000 series? Because I know like in Asia, you have to have the Nexus nine, like the ninety three hundred nine, so.
Yeah. So it’s Cesc for Catullus 9000 series. All of them. And the catalyst thirty eight fifty in the Catullus thirty five sixty all support SDI the ISR for case support the border function. Because you might want to have a router’s a border instead of a switch.
And then there are some other different models that are.
Well now, now you’ve piqued my interest here. I’m curious why the thirty five sixty legacy.
It’s it was a learson when we came out with
this nine K hadn’t come out yet. So as came out about eight months before the ninety three. Probably a year before the cat. OK, so we were we had already designed it, but we we came out with kind of just after each other.
So the cat thirty eight fifty and the thirty six fifty the layer three people on licensable support.
OK. Now, so let me ask this. Do you have to have a certain OS for that?
I mean, it’s going to be current anything now. So he has to has been out for five years old.
So like on the ECI side, you know, you have to have the inex OS, the Asai mode kind of thing. So you don’t have to have.
No, it’s asexually.
OK, it’s just your plane asexually. And so the other things that before I forget, the other things that it gives you, so you get the fabric. And so that’s the fabric piece and being able to plug in. But it also has the excellent implementation we’re using supports scalable group tags for seats or secure group tags, depending on
what you want to call them, which allow you to mark your traffic. Based on the authentication and authorization process. So when you log in, your port is enabled for anyone to say you’re going to log in username and password.
IPv6 thinks ice is going to that
have a policy. I got to stop. I said I ice ice has a policy
that says, OK, you’re allowed in. I’m going to look at my ID and that password matches. And it’s I’m going to put them on this VLAN and I’m going to assign them this to you because using group engineers.
And then Dan loggin, same process happened, but Dan might be ingroup accounts. Right. So all of your traffic and issues, it hits a network is going to be marked in the engineering group, all dance traffic is going to be marked in the accounts all the way through.
That will stay in the Beachland header is the.
The policy is
that it’s just a
tag. That’s the market. Right.
And then and then you can write policies that say permit based on the tax permit, engineering to accounting Dinni ingenuity, accounting. They’re written as standard or standard ACLs, almost, right? They’re not stateful. It’s not a firewall. But you can have what they call micro segmentation within the fabric very easily.
So am I writing these policies? In DNA center or in ICE?
Yeah, so I’m going to. So that’s that’ll get me to the day center topic. So DNA center orchestrates. The state configuration. So when you when you want to build your network, you either discover or onboard your devices in the center so they can be preexisting if you manually configured your underlain or you can pull them out of
the box and put them and do what we call LAN automation, which will build the underlay automatically for you based on whatever parameters you give it. So it’ll go into a brand new factory out of the box switch and the switches come and play it plug and play mode.
Now they have four, six, six, seven years. Right. It’ll discover it. It’ll push the appropriate underlying configuration to it. It’ll give it a name and IP address. It’ll onboard it into the center and then indignation or you pick your fabric rules.
I want this switch to be an an edge switch. I want this switch to be my board or I want this switch to be the control plane. I want this these authentication policies, dot one, X map, whatever it will orchestrate all the configuration on the switch, as well as some of the configuration in ice.
So you start to build your authorization authentication policies in ice. But you’re. Security policies, so the permitting accounting to engineering you actually do in DNA center and DNA sender will push them to ice. There’s no magic. This is trussing, right?
This is Cisco Kossak. So all the policies are still live in ice, and ice is the one that pushes the policies down to the edge, which is whenever you log in. But the orchestration and the configuration is done in Indianness.
Did you have a wind question? So if you’re doing. Veselin, across the network, you’re doing Veselin across the way, and you got to have jumbo frames enable that, correct?
You should have jumbo frames, and so we tell you to have jumbo frames in it. So how does that. One hundred and fifty bytes. I think you need so you you got to get up to six fifty somehow.
OK, so how would that work with like SD win if you’re leveraging diey that maybe the carrier doesn’t support that. How do you make Sa’dah function? Sorry, Cisco software defined access. How could you make that function? Does it fragment or do you just say, no, sorry, it’s not going to work?
No. So.
St. Cisco software defined access is a is a campus branch technology, it’s not a wind technology, so we don’t actually support stretching of fabric across a.
OK, so you just treat it as separate sites. I’m just trying to piece together.
So what will happen is if if
one is the host at one side is on state fabric in the house, on the other side is not all of the excellent stuff gets stripped as soon as it leaves the border. So, again, you don’t have your empty wissam’s if you’re running a technology called multisite, which allows you to do and end SGA or end to
end segmentation. I think right now at. I don’t want to say this without knowing for sure. I think right now we still require six hundred MTU across the way, and if you want to do multisite. OK, but I have to confirm that yet.
Yeah, because you have to allow for the overhead. I mean, obviously the. The old solution for us old folks is to adjust the PM to you on the end hose or to use it. That seems to be a just mess on the edge, which will work, but it won’t work with Euterpe.
So if you’ve got Euterpe traffic that’s 50 underbite, it’s going to get it’s going to get dropped or fragmented, which is worse. Right.
Gotcha.
OK, so A.J., I don’t think we want to go too much further in SD access because I think we want to actually do an episode just on access, right?
Oh, yeah.
We were getting fired up.
So these are the questions. We should certainly get questions. Yeah, I love it.
I love them. Back to the great.
So, yeah. So I just want to go like a little bit deeper into the DNA center as being like the central hub of it. And then and then we can put a bow on it.
Sure. So to do center will orchestrate
software to find access so that software defined access. Oresteia is one of the applications in DNA center. DNA Center also does software image management. So you can I’m going to start to sound like a salesperson now, but you can upgrade each define your golden image per site, per building, per floor, per platform, per model, and automatically upgrade
those devices to that version of code. Download it from Cisco automatically. You can schedule it to stage it ahead of time. You could schedule to reboot it later. You could scheduled to happen right away. Software image management is another one.
Hold on. Yes. How do you deal with the licensing?
So you hesitated, rotty? I did, because it sounds stuff has changed.
Yeah, well, it sounds magical. It’s about it is magic how to deal with. But then you got to deal with the licensing. You can’t just push stuff without buying licenses.
It’s magical now. You know, so so we have now. That’s a good question. So we we have changed
things a little bit recently. However, we don’t distribute images based on license features. We’ve had one image philosophy now for a few years. So there is one ninety three, 48 eight. That’s forty eight image out there for. Seventy six three.
There’s not one for services, there’s not one for enterprise, you don’t we don’t have different images for different lights and more. So the licensing is actually in the configuration. Oh, OK. Right. So you enable your license on your switch.
You can have a talk to smart licensing to validate online, or you can download a path and then enable it locally. So image distribution, upgrading your router license doesn’t matter. It’s the configuration will hold the license information. OK, OK.
Sweet. I hated that answer so much.
He’s done, he’s gone, Adoree, he’s anti rage quited once again. He’s got that stance, which
is now because he knows he doesn’t have to worry about losing anyone, which is great. So Swim is the name of that feature and DNA center software image management. It does templates. So you can again, based on your config, you can type in configuration templates in DNA center and have it roll those templates out to different platforms
, different buildings, different sites. You can standardize based on any of those parameters or criteria that it has assurance, which is like a monitoring platform that will it’s the strength right now are very wireless centric. So it can look at the onboarding process.
It’ll tell you all your Sanaa’s and all your wireless stuff, know wireless parts. And all these words don’t mean anything to me, but I’ve seen them on screens. So I know they’re I know they’re legit. So I don’t tell you what the scenario is.
And if there’s any interference and rogue apps and all that kind of stuff, it allow you to place apps based on strength. It doesn’t have all of the features that Cisco Prime has found of Cisco prime is the big thing right now with wireless, with Cisco Wireless.
But most of those features are being copied into Cisco DNA. So. It lets you see the usage on your devices, usage on your links. We have application assurance which will actually get down to Office 365, is having issues in this building.
This router is part of that conversation. This is how many users are affected because we’re getting all the user information from ICE. Right. This is how many users are affected. Here’s this device, it’s unhealthy. This is probably the cause of the problem.
So that’s kind of things that insurance will do. It’s based on. It takes information from S&P syslog, NetFlow streaming telemetry. And correlates it all together and matches it against a known set of issues that it’s in the database, that database comes from 30 odd years of packages.
So they basically said, what are what of our customers? What are the most common issues our customers have run into over the last 30 odd years? Let’s put those into insurance and let’s get it. Sure. Let’s teach decenter insurance how to recognize these issues based on this specific message and syslog or this message is in a trap
or this message in that or this kind of pattern in that. So it will do that. It’ll give you it’ll tell you what the issue is. It’ll give you a list of suggested actions. If the suggested action is something you can do on a switch that’s in the or a router, you can click perform action now and
it will actually go through that action. It’ll say open attack case and send them a show IP, SPF, neighbor, click here to get that command. So you click the button that pops up to show IP. Hmm. OK. I’m I really I know I sound like a sales guy now because
I know you do some magic so. Well, some of that stuff is good. Some of that stuff works most of the time. It’s not it’s not magical yet, but I think it will get there.
I like the direction they’re going. I really do. Otherwise I wouldn’t be as passionate about it when I talk.
Does it make anybody else like weirded out that, you know, we spend all this time learning Seelie and now everything’s getting pushed to like Gooi and just.
Yeah, it’s weird, right? It took me took me six
months to be on board with this because I went through the experience of Asai, like Dan mentioned, where you have to run a different code base or a different image or different mode on the switch where you didn’t have access to the sea a lot.
And that really that really pissed me off.
I, I
was so furious. And then so I get into Asda and we’re doing the same thing. It’s like, no, stay away from sealife, because if you type of command, there’s a chance of DNA change going to reverse. And so honestly, it took me six months to JUSTMENT.
So it really did. I really had a lot
to let a lot of things go. And I run into this when talking to people about this whole time. It’s again, it’s usually the oldest person in the room, and it’s like, I’m not going to give up Mights
and Avel password and and that’s
true and that’s not where I’m going with it, because it seems like the benefits and the magic of I mean, it’s totally worth it if I’d be fine never touching it. So I figure if I could get all the benefits that you’re spelling out.
Yeah, that I think the
the the caveat I give is that that assumes that we that we Cissoko got everything right.
Right.
Yeah, right. Which if you could do in this lifetime, you know that there are always going to be. So now are things are getting better? Where do I trust automation? More absolute. I started doing stuff about four and a half, five years ago, and there were a lot of times where I needed to get into the Seelie
to verify things. I never jump on the Seelie right now other than to reset around it.
So that’s what’s scary is you’re handing over the keys to the kingdom to this.
Yeah.
You trust this total ecosystem in the. Okay, here you go. Don’t don’t destroy me. But companies
have I mean, I worked I
did a good job with that stuff, Miraki. Right. Right. You’ve never seen a Muraki Seelie. It does. It doesn’t exist.
So it can be done. I think that
I’m not going to criticize Cisco at this point. But what we’re kind of trying to do this on a platform that has a history of the Seelie first and now iOS sexy. But previous to that, it was Ilson.
We got folks that have been in this industry for a long time that have always done it this way. And we’re still calling it Catalyst’s, right? If you had said Catalist OS when I was getting my Skype, it was it was Catto’s.
It was the SEC commands like the stuff has been around for a long time. And people are are used to using it and it’s ingrained in them. First thing you want to do is know your enable password so they can go in and can take things right.
So, yeah, if we can get it right, it is it’s it’s great. And I think honestly, it is better now. It is a lot better now. We have six months to stop. Hesitating with the automation.
Wow. Amazing. Also sounds expensive.
Well, that’s a conversation for another day.
Yeah, there are a lot of other things that DNA center does. So if we ever
if we do another one of these and I can screen share, I can demo DNA to go through, the
100 percent want to do this. Absolutely. For sure.
I would love to do that. Yeah. OK, I’ll cut down on the puns in the jokes.
Oh, no, don’t do that. This Covid. So this has been great. Oh, I fly airplanes. I am a pilot. Oh, yeah, yeah, yeah. Oh, yes. I forgot about that.
I did forget your copious free time when you’re not getting every certification there is.
I haven’t flown in like eight years, but I did get it just to get it. That was a bucket list. Cissoko pressing and getting my pilot’s license and with your bucket list.
Nice stuff
for you. I do want to bring one thing back up from. Yeah, towards the beginning of the show, because I think we cut you off. You were telling a story about your secret lab and you got through the first day.
You walked self up in the middle of the night because you forgot the Sun community or you thought you did. What did the second day, the morning you walked in, what happened?
So second day. So you really have no idea
how you did. Right. You get in there because it’s it’s it was a nine hour day. Your Dossett from traveling in a couple of days before. So you’re already tired. You go and you do that full day. You’re overwhelmed, even though you’ve done practice labs and you really have no idea.
So I go to the hotel, wake up 3:00 in the morning, say, oh, shit, I forgot to send communities, walk in. I see the booklet on my desk.
And I realize
I bought myself another three hours of this, so the first half of the second day is all of the non Eppie stuff that I talked about so that we IPX will talk to you as an audience member. So you get again.
So there’s a new booklet now with new exercises and new scenarios that you have to do, that you have to configure, and that takes you to lunch time. So same process you go for lunch, and when you come back, if there’s a book put on your desk, you sit down
and you
complete the lab. If there isn’t, you’ve failed. You’ve got to sit and wait for the profit. So I go to line to come back. There’s a book under my desk, so now is the troubleshooting. So I don’t know how it’s done now.
So I know that the lab is just a one day lab now back then. And I mentioned earlier we had the physical equipment was all there. And they wouldn’t just mess with your configurations, they would mess with your cables, they would take a T1 cable and they would jam it in upside down, well, if you’ve ever used
it to one cable, it doesn’t go upside down. They do it upside. So the pins would bend. So you’d have to look and identify event. Chuck the cable and grab another cable. And so this was the troubleshooting.
So I, I got.
Got there. Got the troublesome section that was that was the part I was looking forward to the most. Once I once I got to that part, I was I was like, I love television because I had all my config memorized.
So first thing I did was do a show run.
And I did well, I didn’t type that got rid of that command.
Oh, that’s that’s different that I don’t get rid of that Covid. Oh, I that photographic. There was a different line between
these two commands. I got to add that command back in so that that part was easy. Got the physical stuff that my connectivity up and running and I passed. And the only thing I got wrong in the two days was that stupid sent me in.
And you woke up, he said like 3:00 in the morning.
And and I was like, yeah, I knew I got it wrong. Yeah, it was I you know, I’ve been lucky. I was I was prepared.
I, I really did burn up all of my. All of my vacation time to do things. Mm hmm. And that’s not easy to do when you got shoes for at the time at a four year old daughter. So I would take I would spend the day with her and then I would be up all night, literally.
She went to bed. I would be up all night in my lab. And I had a stack of six, twenty five hundred, a bunch of back to back T1 cables. And I had an Estienne emulator and I had.
A terminal server that I would have to catalist switch and I would just go through scenario after saying back then you had to buy these scenarios online and then they’d send them to you and big stacks of paper and reams of paper scenarios.
So I basically went through every scenario every night, all night until I had them all memorized. But I was still trying to this is the comment I made earlier about verifying thing I would even though I had to memorize and exactly what to do for every single one of them, I got more practice doing the show commands
in the verification commands, know what to look for, to know that it worked, because that would still make a typo. Right. But at that point, I knew if I made a typo, I knew exactly what. But it’s just because I looked at that output so many times and it was repetitive, repetitive, so the repetition helped me a
lot.
And your lab instead of sleeping, is
that what you said? Yeah, I
would I would maybe sleep. I drop Robert school in the morning at eight o’clock, eight thirty. I’d sleep for like three hours and then I’d get up and start working again. And I let’s start doing other stuff.
So like three hours a day. Sleep more? Yeah, for six months.
That was the vacation time was. No, that was
like five weeks of vacation where I was really hardcore. But the six months per area was still. Yeah, I was still doing a minimum of six, seven hours a night. So I was working. And then I come home and then spend some time with my kids.
It didn’t mess with your retention or your mental health or anything, just guessing yourself.
I was now I was 30. I had plenty of energy
just last week. I’m 31. There’s there’s no way I could do it. Yeah. I mean, I think the that was tough.
It was tough. But I don’t know. I honestly don’t know how it is. I really don’t know. I won’t say it was easy. It was tough. I just I don’t know that I could do it now. But part of it was I really I really loved the technology.
Like it’s like today I’ll go mess with I don’t do any docker’s part of my day job. But I’m I’m trash and containers all day long. It’s just stuff I like doing. It’s interesting. So, um, so that stuff you networking has always been interesting to me.
So it was fun for me to do that. It wasn’t it didn’t feel like work or it was a challenge for sure, because I was learning a lot about the protocols. But it’s just fun. No, but you do.
Oh.
Oh, excellent. Well, he is rotty, he has never failed a Cissoko exam. He is CCRA 74 72. He is a Cissoko press author. The book is Cisco Software Defined Access. We will drop a link to our show notes and you can pick it up there and wherever books are sold, I’m sure.
Rodney, where can people find you? Twitter. Back.
What you got
today? I’m going to lock my Twitter after this.
You know,
I’m just I’m just thinking, A.J., I may have failed one of the research for that six years ago, but it’s a different story for another time.
But they said that I was like, oh, that helped.
And that no, that is exactly what the listeners needed to hear, that you got to fail.
Yeah, that’s correct. Yes. Yes. Don’t don’t
don’t do anything that I’ve done in the last 30
years that don’t have the attitude
that I’ve had in the last three years now. Yeah, I think so. The question was, where can you find me? You can find me on Twitter, usually trolling people. My handle is doesn’t have a pronunciation. I don’t know.
This is for you on here. You guys know my handle. Do you know what it means? No idea.
The squirrely
no, no Arabic, that’s
Arabic, that’s my name in Arabic, but what is my hair? What is my my Twitter ID?
Hmm. Eido?
Yeah. Do you know
what it is?
No, I do not. Come on. All right, so it’s literally my first name backwards. Oh, that’s so. And it’s right here. It’s right in front of my face. So we automatically go to acronyms. It’s just what we do.
Yeah, the squeaky the squiggly
stuff that you pointed out and is my name in Arabic. So, yeah, the squiggly stuff.
That’s what they call it. Yeah. Sorry, I, I didn’t want to
be Andy insensitive, so I just use the language
they used today by my Twitter. My handle is eEye
DDR, which is my first name backwards, which now everybody knows the secret. Yes, that’s
that’s where I hang almost. I do have a YouTube channel, actually.
The I’ve got some videos up on that YouTube channel if you want to Google me, but
you can watch your YouTube
channel. I have just Broady. I don’t know. Hassan, YouTube. Yeah. Yeah, I think I find it. Yeah.
Yeah. It’s it’s I know I’m not good at self promotion. I’m really not going to stop
trying to do it. I believe there’s a there’s a blog in there, too. Right. Oh, there’s a blog dot TV. OK, so the blog is mostly technical.
Not Cisco centric, per se. But there’s also some cooking stuff on there, because I am also I also love to cook. It’s my theory.
You’re you’re in Texas. Have you been
to Franklin Barbecue?
Have been to Franklin Barbecue? Yes. Yes. How is it if you like barbecue, it’s good.
I love barbecue. I’m reading his book. He’s my hero when I come to Texas. Definitely. Please go to Franklin Barbecue.
We can.
It’s in Austin. It’s about four and a half hours away for me. But you let me know and we’ll get down there.
It’s like an hour and a half. Wait in line, right, to get this, guys?
Yeah, yeah, yeah. No, it’s good. It’s it is. If you like barbecue.
I’m not huge on barbecue, but if you like barbecue it, it’s good barbecue for sure.
All right, man. Yeah, that’s nice. Yeah.
All right, Randi, thank you so much for joining us. Any any last minute words?
No. Thanks for coming. This is a lot of fun. Wasn’t as weird as Tim
made it out to be. I knew he was going to like that. And I had now. And I honestly, again, if I if I,
I would have thought there’s no way he came up with that, just based on my tweet. So I feel better that you already had that plan. Yeah.
No, it was a good
time, guys. I’m glad we finally got to do this. You know, I give you guys I give you shit about forgetting about me, but
well, much, much deserved shit.
I feel lucky to be here and hopefully have come back and do a demo for you.
Yeah. Yeah, definitely. Absolutely.
Anytime, guys.
It’s actually. Well. Yeah. Join us again next week for another episode. Thanks again, Ronnie, and have a good night. Everyone, this is A.J. If you like what you heard today, then make sure you subscribe to our podcast on your favorite pod catcher, smash that bell icon.
You get notified of all of our future episodes. Also, follow us on Twitter and Instagram. We are at are of net, and that’s part of an AT&T. You can also find us on the Web at Art of Network Engineering dot com, or we post all of our show notes.
You can read the blog articles from the co-hosts and guests and also a lot more news and info from the networking world. Thanks for listening.
Today I’d like to talk to you a bit about studying in public, how I go about it and some of the benefits it has given me the last few years. Studying in public, which I’ve mostly done on Twitter until I started writing for this blog is something I’d recommend everyone trying to learn something new do. In the following I’ll give two examples of me ‘studying in public’ and then give insight along the way and conclude with it’s benefits.
As weird as this may sound, my favorite thing to do lately as it relates to tech is parsing logs and pcaps. I’ve enjoyed getting introduced to tools like editcap, tcpdump, tshark, jq, cut, uniq, and sort and piping them all into each other to extract just the right information and display them in a pleasing way. The past few months I often see people on my timeline getting acquainted with python and if it has anything to do with reading in a file and doing some parsing then printing I’m often running through my mind ‘how would I do that in bash…’
One tool I’ve yet to touch, which I feel may level up my log and pcap ninja slicing is awk. One coworker of mine, and now my current FOR572 instructor casually use this tool to do some amazing things. So perhaps it’s time for me to dip my toe in the awk waters?!
As I’m writing this very sentence, I’ve still not used awk, I’m literally going to try it out right here for the first time. What we need though, is a task, so let’s look at Kirk Byers first set of exercises for his free Python for Network Engineers course. To be clear, I’m not saying you shouldn’t learn python or that doing everything from bash is ‘better’ but I think it’s fun to learn how to do things using multiple tools, and also, you may find yourself on a Linux server that isn’t connected to the internet, may not have a certain version of python installed or you are missing the python packages to get your script to run but chances are you will have common bash tools at your disposal. We move.
Create a Python script that has three variables: ip_addr1, ip_addr2, ip_addr3 (representing three corresponding IP addresses). Print these three variables to standard output using a single print statement.
Well we won’t be using python to do this, let’s try this with awk in bash. [15 min passes while I went to the google and tried a few things out]. I’m back and we do have ourselves a bash one-liner that will solve the first prompt:
What did I learn doing this first exercise? Well, first off, to set a variable with awk you use the ‘-v’ option. Furthermore, their is no syntax I could find to do multiple variables with one ‘-v’ option, instead, as shown above you have to do a ‘-v’ for each variable. With print we are able to print all three of our variables separated by a ‘,’ within brackets and a quotation. I am left with one question though:
so…
why does echo | to awk give me one line and give me my prompt back but
awk by itself runs it over and over with each hit of <enter> and i have to <ctrl> <c> out of it?
I don’t understand why the command works with echo and doesn’t run the same way without it…what magic is echo doing here is the real question OR what is possibly missing syntax wise without echo. One cool thing about twitter is that people much smarter than me are willing to offer their time and provide insight, as Roddie and Quinn do here. I’m very thankful for having so many people out there helping me along 🙂
If I'm your go-to on this stuff — you need help 😉 That being said, you're right Roddie. Passing arguments using shell redirection provides the implicit <EOF> and executes the resulting command only on the piped input.
A quick aside, I often do learning in public, that was this blog post is and I think it’s helping me grow more than anything else. By posting what I’m doing, even if it’s the most trivial newbie thing it starts a lot of conversations. From other people learning at the same level as me or from more senior people showing best practices or alternative or faster ways to accomplish a task. I definitely recommend sharing what you are learning in some capacity on a platform where others can interject. You’ll learn a lot and make a few good connections along the way!
If you were curious how Kirk solved his prompt with python:
Another person who’s quick to help anyone learning is Kirk himself. This is yet another example of how studying in public can help open your eyes and give insight you’d otherwise be left in the dark about. For me, I’ve been doing a bit of tech stuff since the early 2000s. When I first started there wasn’t an online forum with people interacting. I thought I was doing ok, as compared to people in my office and those I interacted with, but today, with a bunch of people on line, I’m continually pushing myself and my boundaries of knowledge with people way smarter than me. So, even if I’m not being pushed were I’m at I have a whole world to help guide and help me grow now.
Looking a bit into awk it looks like I got a lot to learn, and once I get back into my bigger data sets at work I’ll dive deeper into it’s search and printing functionalities. I’ll also reference ‘Effective awk Programming’ Arnold Robbins on Oreilly Books. Did we learn a lot from this one example? Maybe not, but sometimes the first step is the hardest and I hadn’t written a post here on the Art of Network Engineering recently and I wanted to try and get back on the horse so to speak. If I’m able to break through in the next few months on the awk train, be sure to check back in for a more extensive awk walkthrough.
This was just one example of ‘learning in public’ and I found myself writing a script later the same night. Another thing I’m trying to navigate and get better at. I got help again when I was stuck and ended up finding out I could do my whole script in one line. I found out all these things in a matter of minutes and a good nights rest. If I wasn’t learning in public who knows how long it would of taken me to gain these insights.
If you are interested in the script you can follow this thread, or see the final version below:
for i in {0..599}; do
echo -n "Status Code ${i} seen: " >> ./statuscode.txt
tshark -n -r lab-1.2_capture.pcap -Y "http.response.code == ${i}" | wc -l >> ./statuscode.txt
done
sed -i '/seen: 0/d' ./statuscode.txt
This will give you the output:
$ cat statuscode.txt
Status Code 200 seen: 1138
Status Code 204 seen: 28
Status Code 301 seen: 2
Status Code 302 seen: 44
Status Code 304 seen: 21
Status Code 307 seen: 1
Status Code 403 seen: 1
Status Code 408 seen: 6
But, after a good night’s sleep I realized you can get this all done in one line much more efficiently:
So while I didn’t dive all the way in and provide a step by step tutorial I hope I was able to give you insight to another aspect of my learning style and perhaps it can help you when you are starting out on a new learning venture. I remember at first being a little nervous of putting myself out there or ‘sounding dumb’ and I soon realized everyone is out here beginning or everyone has at one time been a beginner. Will, that’s all today, happy learning!
Andre was gracious enough to let me give my thoughts on the “learning in public” concept. I share the same sentiment about getting started with writing publicly as you are learning something knew. I had the thoughts like:
If I’m new to this, what’s the point of writing a blog post? Nobody is going to get anything out of this this, right?
Do I really want to show the world that I’m a beginner in X, Y, or Z?
I’ve learned to throw those thoughts to side and I agree 100% with Andre. There are great benefits to learning in public, such as:
Writing a blog post about something you are learning forces you to explain what you learned. You become a teacher, if you will. This can really help you better understand concepts. You do NOT have to wait until you are an “expert” in something to write a post or teach it to someone else. This was a hurdle that I had to get over.
As far a blogs go as a method of learning in public; writing is a skill. Writing about what you are learning about allows you to practice the art and find your own style.
You never know when you might bring inspiration to others. You could be greatly helping other people who are at similar points in their journeys.
As Andre mentioned, just by posting a question on a social media platform like Twitter, you can make some awesome connections.
So, I encourage you; write that post, ask that question, practice your craft, and help others along the way. And if you need a platform to write blogs, connect with us here at the Art of Network Engineering!
In today’s episode we talk to Emmanuel Pimentel, aka Manny! Manny is a prominent member of our community. He joins us and shares his journey on breaking into Enterprise Networking via retail! He has that perfect balance of positivity, drive, determination, and compassion. When someone has a win or achievement posted within Discord or Twitter, Manny is always one of the first people with a “congratulations” comment. He is not only working hard to help himself to succeed, but he wants to see others succeed as well. Enjoy this episode with Manny!
Today we are excited to announce that we are launching our Patreon site! This comes just after hitting 100K downloads, and just prior to our 1st Birthday! Visit https://www.patreon.com/artofneteng to get started!
When we launched this podcast on July 24th 2020 with our first two episodes we had no idea we would be celebrating 100K downloads less than a year later. The community reaction has been amazing. The outpouring of appreciation for our podcast and other content has been positively overwhelming.
After being encouraged by much of our fan base to launch the Patreon we finally decided to do it. So, you might be asking, “What does that mean exactly?”
From the very beginning we made a commitment that we would never produce content behind a pay wall. So, even if you don’t subscribe to our Patreon you will still get every bit of content that we produce. So, now you might be asking “Well then what do I get for subscribing?”
There are 3 Levels of AONE Patreon Supporters. The first is Official Patron and that’s a $3/month donation. At that level you’ll receive a shoutout on the Podcast and know that your funds will go to covering the very minimal operating costs of the Podcast and YouTube channel, and we’ll be putting the rest back into the community.
The next level is our All-Access Pass at $5/month. At this tier you’ll get all the benefits of an Official Patron, plus: – You’ll get access to live stream as we record our episodes. You’ll get to watch in real time as we are creating new episodes. – You’ll also get to chat with the co-hosts and guests as we record. There may even be time for Live Q&A sessions with our guests.
The last level is the VIP Patron, at $10/month. In addition to the Official Patron and All-Access pass, as a VIP you’ll also get: – A 15% discount in our merch store as long as you’re a VIP – Early access to new content. We’ll make new content available to our VIPs ASAP, before we post it publicly. – Early access to new merch! We are currently working on new designs and you’ll get early access to them!
Whether you decide to become a Patron or not, please know that all of us at The Art of Network Engineering sincerely appreciate your support of our content! The biggest things you can do to help, that don’t cost you anything, is to listen, subscribe, like, comment and don’t forget to SMASH that bell icon to be notified of all of our future content!
From Collaboration to Cyber Security Engineer – this week we’re talking with Robin Canela! Robin shares his coming-up story, and how the quarantine in 2020 motivated him to make some big life changes. Hear how in this episode!
In this episode we’re talking about SD-WAN! We discuss the benefits of SD-WAN, over traditional WAN, and share our experiences with various SD-WAN offerings. We don’t deep dive because we were trying to keep the discussion vendor agnostic. Consider this our intro to SD-WAN as there is much, much, more to discuss on the topic, which we will in future episodes! Enjoy episode 51!
Pro tip for future podcasters – Keep the bullfrogs out of your recording studio.
You Tweeted us, DM’d us, emailed us, sent recordings, and some of you even sent us videos! We answered every single question we got in this 2 hour ask us anything special! Thank you for your support – now on to the next 50!!
In this episode we are talking about Burnout and Rust out! These will two are likely to hit any professional at some point in their career so we thought we’d take some time to discuss what these look like and how to most effectively deal with them. Special thanks to our Discord members for having this discussion and Riv3r for defining “Rust out.”
This episode is sponsored by OpenGear, providing secure remote management of your critical network infrastructure.
In this episode we talk to Dan Baxter, SE Manager, with OpenGear. We discuss Dan’s break into tech from Art Teacher to SE. We then answer the question “What is Out-Of-Band Management?” Then we touch on the OpenGear advantage! If you’re considering an Out-of-Band Management solution please take a look at OpenGear.
So Linux has never been my daily driver until a few months ago. Now it’s my daily driver for work and home and with that I’m learning a lot and since you can use a lot of the applications in conjunction with each other with piping and what not. So in essence, learning one new tool or application can open up unseen possibilities in other tools.
The coolest command I learned this past week is watch. In my day job I’m often deploying tools that create logs, like Zeek, and I’d often ls or ll to see if I was having logs created or if the conn.log was getting bigger. Enter watch, simply run any command as you normally would and ‘<ctrl> a’ and add watch to the beginning of the command. Doing this, you get your normal output but it updates every two seconds and if any values change they will change within the output. I found myself using this command again when I was monitoring my kubenertes cluster, instead of ‘kube get pods’ I’m now typing watch ‘kube get pods.’ I’d have it open like a dashboard when deploying or troubleshooting pods.
Then later on in the work week I started having an issue with trying to track time on all of my devices. I surmised that when time got too far off one of my applications would begin to fail. My first attempt was a bash script that simply ssh’d to each device and ran the time command. But by the time I got to the 8th or 9th device, since I was putting in the password, I wasn’t really getting the result I was looking for. So if you got a hammer use it on everything right?! I ended having 10+ windows open, all small and organized on my desktop running ‘watch timedatect’ and I would watch the timing of my devices slowly drift and in due time, prove my hypothesis.
Then came the weekend, and I started looking into ansible. I found an example where they had used one command to connect to and check the time of all the devices in their inventory file. This really perked my interest. Could I have found a tool even cooler than watch in less than a week?!
Interlude: I installed gns3 and started a small topology of cumulus Linux devices to go on this ansible adventure. I’m not going to dive too far into the specifics of the playbook as far as indention or how to or where to put vars as the documentation is really good. Google is your friend here. I’m just here to walk through my first playbook 🙂
The first thing I did when starting this adventure into my first interaction with ansible was creating an inventory file:
Next I used ssh-keygen and shipped a public key to all the devices in my topology so I could connect without username:password. A quick google search of ssh-keygen will get you squared away in no time. This is all what’s needed to do what I was trying to do at work earlier in the week, check the time on all my devices:
ansible all -a "date"
leaf01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine01 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
leaf03 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
spine02 | CHANGED | rc=0 >>
Sun 13 Jun 2021 12:37:15 AM UTC
Since I’m trying to learn automation I began to brainstorm what could my first ansible playbook do?! A playbook is simply a series of tasks rather than just running one task like illustrated above. To do this I followed along with the cumulus documentation and did one of my switches manually so I understood the steps and what was needed to accomplish this task. In short, here are the main things my ansible playbook needs to do:
edit two lines of a conf file
enable and start two services
Let’s try to go line by line-ish on what’s happening in my playbook.
---
- hosts: all
I guess the beginning of all yaml files, of which the playbook is, starts with a ‘—‘ and the second line is saying that I want to run what follows and all the things in my inventory file.
Become with the switch to yes is saying that you want to be root and on the next line i’m declaring the value of the variable conf_path which I’ll call later in the playbook.
Here is the first task, of which you can name whatever you want. In path, I call the variable above and then I do a regex search and then replace with the last line. The goal of this task is to comment out a line.
- name: edit another line from file
replace:
path: "{{ conf_path }}"
regexp: '# listen \[::]:8080 ipv6only=off ssl;'
replace: 'listen [::]:8080 ipv6only=off ssl;'
In this task I’m trying to uncomment a line. I also had to escape the [::] in the regex search, which tripped me up for a bit.
- name: enable nginx service
ansible.builtin.service:
name: nginx
enabled: yes
- name: start nginx service
ansible.builtin.service:
name: nginx
state: started
- name: enable restserver
ansible.builtin.service:
name: restserver
enabled: yes
- name: start restserver
ansible.builtin.service:
name: restserver
state: started
The rest of the playbook is just enabling and starting the needed services as speechified in the cumulus linux documentation. All together the playbook looks like the following, of which, with all yaml files indentation is very important.
To further improve this playbook, while it does work, I’ll build in some checks to verify everything is working as it should so you don’t have to do it after the playbook runs. To run the playbook I use the following command:
I use the –ask-become-pass so that I can enter in the root password for the devices instead of me hard coding them as a var or something. There maybe another way but today that is where we stand.
Thanks for hanging out with me and going through my very first ansible playbook journey. I’ll leave you with the verification that the REST service is working on the cumulus device, till next time!
This week we’re talking about everything on-call! What is it? What’s being “on-call” actually look like? What it means to various organizations. And most importantly – what you should look for when interviewing with a company when discussing being on call and compensation.
In this episode we’re talking about time management. We share tips and tactics we use to make the most of our time. What do you use to help manage your time? We’d love to hear from you! And, we’ve got some really exciting news, but you’ll have to listen to find out!
In this post of the CCNA Series, we will be covering endpoints and servers in the network. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > Endpoints and Servers. While studying in-depth enterprise network infrastructure topics and concepts, I think it can be easy to gloss over why the network is there in the first place. I always like to think of the network as a service that is there to support business functions. Businesses utilize technology for many reasons, for example to become efficient, scalable, and to provide excellent outcomes. Typically, they look to implement and leverage applications to achieve these goals. Well, those applications need to be able to be accessed and hosted (or served) somehow. That is where endpoints and servers enter the picture. If enterprises didn’t have endpoints and/or servers, then we wouldn’t really have a need for networks, would we?
Endpoints
Endpoints are the actual devices that connect to our networks so that we can gain access to those business critical applications that we brought up earlier in the post. In the last post around L2 and L3 switches, we introduced the concept of the three-tier architecture with the core, distribution, and access layers. As depicted in the image above, endpoints can be thought of as being at the edge of the network, so naturally, they connect to our access layer switches that provide initial connectivity or entry into the network at the edge. Endpoints can connect to the network either wired via directly connecting to a switch, or wirelessly, leveraging radio waves to connect to a wireless access point. Examples of common endpoints at the access layer are desktop and laptop computers, printers, phones, tablets, and scanners. Some endpoints, such as desktops and laptops are used to access applications and services, while other endpoints, such as printers, provide a service. For example, a laptop can communicate with a network attached printer to print documents. Endpoints in the network are used to gain access to services, as well as provide services themselves.
Servers
At a basic level, servers can be thought of as endpoints as well. They connect at the edge of the network just as end user endpoints do. The difference is that servers typically connect to the data center access layer versus the end user access layer such as a switch in a small data room on a floor of a building. It was stated earlier that businesses rely on the network to provide access to critical applications. Well, those applications are hosted on devices called servers. Servers can be physical (meaning typically one application per box), or virtual (meaning multiple apps/servers per physical machine). Also, servers can be hosted in on-premises data centers, external co-location facilities, as well as “in the cloud”. Examples of applications or services hosted on servers are email, websites, ecommerce systems, and media servers. To round this out, in our enterprise business example, servers house the applications that provide value to the business.
But Why?
Conclusion
I think it is important to remember that the network is a service (or potentially even a utility, if you want to take it that far). In an enterprise setting, the network is necessary because access to applications and information drives a business forward. Client or user endpoints are leveraged to gain access to those business critical applications, and servers house or host those applications and information. The network is there to provide the connectivity from the client endpoints to the servers that host the applications.
In this episode, Dan, A.J., guest host Tim Bertino, and returning episode guest Tim McC talk about soft skills, their importance, how to sharpen them, and more. Join us as we share our experience with our own soft skills and were we see their importance shine the most.
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Teneyia Wilson is a Network Engineer originally from Denver, Colorado, who recently found herself back home. In 2004, Teneyia and her family moved away from Colorado. Being part of a military family, she and her family have lived in many cities in the last sixteen years. Teneyia currently holds two network engineering positions (yes, you read that correctly, two), one of which as a Network Engineer III with the ISP, Spectrum. If you thought that holding two network engineering positions was impressive, get this, IT/network engineering is not Teneyia’s first profession. Before getting into IT professionally, she ran a personal training studio from 2012 to 2019, while also managing a retail store with GNC. Teneyia has been fascinated with technology since middle school and knew then that she wanted a degree in IT, but took a different path for a while. Then, in 2018, she decided to quit her retail job to become a Network Engineer. She went to Barnes and Noble to purchase the CompTIA Network+ book and the Cisco CCNA 200-125 book set. At that time she was not working, so she spent five to eight hours a day reading, taking notes, and watching videos to catch up on the technology that she had missed out on over that nine year window. Teneyia found quickly that getting certifications made sense to her to be able to break into IT so that she could build experience and grow on a technical level (but she has not stopped the certification study by any means). After achieving both the Network+ and CCNA certifications, Teneyia got a help desk position at a managed service provider (MSP). A year later, she earned the CCNP Routing and Switching certification, and accepted a position as a Network Administrator with DXC Technology. In August of 2020, Teneyia moved back to Colorado and is now a Network Engineer with a 911 dispatch center and Spectrum. Teneyia’s fascination with technology started early in life by taking apart a Nintendo NES, computers, and phones to see how they worked. Teneyia is always striving to be a great engineer, who is highly skilled at troubleshooting and design, while helping others along the way. She is currently studying for the CCIE certification and will one day become a Principal Engineer or Solutions Architect.
What did you want to be when you “grew up”? A multi-business owner. I had plans/ideas for restaurants and clothing lines. I use to love cooking and making clothes. I created a whole clothing line/brand between 2003-2009.
What advice do you have for aspiring IT professionals? Like anything else, don’t rush the process. Take your time to fully understand the technologies. Know how and when to use them. Ignore the imposter syndrome, no one knows everything. Take risks and never stop learning.
What is something you enjoy to do outside of work? Outside of work, I love lifting weights and competing in bodybuilding competitions. I also have a project car. I’m not in the car scene as much as I was when I was living in Los Angeles but still love fixing up and cruising in my 350z.
How do you manage your work/life balance? When studying for certs and/or training for a bodybuilding show, I create weekly schedules and stick to them. I schedule work, family time, errands, study, gym, everything. I prioritize most important to least and try not to deviate. In the off season and when I’m not preparing for a cert exam, work stays between 9am-5pm. I completely shut off computers and work thoughts to spend time doing what my family wants to do.
When learning something new, what methods work best for you? When learning something new, I like to get the information in multiple ways. I read books, watch videos, ask questions to people who have experience and get as many hands-on hours as I can. Even when I don’t have access to get hands-on practice, I find alternate ways to “do” the things I’m learning. For example, I write out or type in notepad configurations over and over when I don’t have access to physical equipment or an emulator. When I didn’t have real people to practice leading fitness classes, I setup my video camera and lead the workout like it was a gym full of people.
Bert’s Brief
“Discipline is more important than motivation!” This is the current pinned tweet on Teneyia’s Twitter profile. I guess I’ve always kind of thought that finding motivation or “the want” to do or accomplish something was the most important thing. Well, as Teneyia has shown, that’s only part of it. I’ve now shifted my thinking that motivation is really just the beginning. To achieve something that is important to you, discipline is the real secret sauce here. If you can find a way to stay consistent on your path, you will get there. Teneyia’s journey is great example of this. She decided to shift into IT just three years ago and what she has accomplished since then is really incredible. Teneyia does not keep her passion to herself, by working to help others along the way. Although she has already accomplished so much, this is really just the beginning for Teneyia and I predict that there are big things to come in the future. Check out Teneyia’s episode on the AONE podcast. One thing that I learned from that episode that I have already put in to practice is to give myself just five seconds to be scared or overwhelmed in a situation. After that five seconds, you put it behind you and focus. I have a feeling that will stick with me for a long time.
In this episode, two worlds collide! We chat with Frank Padikkala and the IT Factor podcast! We talk with Frank about the similarities between IT and AV professionals and how the two worlds often meet. We encourage Frank’s listeners to join us as we know a lot of the members of our own community have roots deeply embedded in AV. And we learned that Frank obtained his CCNA at just 17 years old!
If you’ve been following my feed a bit, you know I’ve been going pretty strong for the last four months into SANS503. More than half the blog posts I’ve had published on this site were dedicated to a tool introduced or covered in this course. Well, I cleared the exam and it’s probably in no small part due to blogging. Not that blogging or studying in public was the only thing that amounted to a successful exam but it surely did help in my opinion. In the following I’m going to reflect a bit on the SANS503 course and GCIA exam.
I know, the major drawback to SANS courses is cost, and I get that. Each 5-6 day course runs on the plus side of seven thousand dollars and a certification attempt is no small pocket change either. That aside, if we are just here to judge content, this was the best cyber related course I’ve taken and the best certification experience I’ve ever had. To put this into a little bit of context, I’ve taken 7 Cisco exams at the associate and professional level, 4 Juniper associate level tests and 3 CompTIA exams. I’ve subscribed to INE, CBT Nuggets, Pluralsight, Linux Academy and O’Reilly Books. This course bests everything I’ve done up to this point. Perhaps this is just a hint that I need to do more focused training and less video on demand type stuff?!
SANS503 (the course)
The number one thing I liked about the course was the Virtual Machine and the Lab Workbook. Each section of the class concluded with lab exercises that we completed on our vm. We created rules, tuned rules, searched pcaps, created packets, created scripts and had a comprehensive capstone exercise to bring everything together. I went through this workbook twice. I probably spent 100 hours in the exercises alone. I went through the first time as I was following along with the course. I needed a lot of hints and had to do a lot of extra research as most of these tools were new to me. The second time through, I did almost all the exercises without using any of the hints. Really felt like I got the foundational understanding of how to use the main tools discussed during the class, namely, snort, tcpdump, tshark, scapy, wireshark and zeek.
I did the self paced version of the course. I got a recorded version of the course that I could watch at my own pace. This was perfect for me. As I mentioned before, this was the first time I’d ever used snort or wrote a snort rule. So I got to take my time with the material and really hone in on the fundamentals of using the tool. The instructor was excellent, clear and engaging even though it was not interactive. Besides just learning some tools the class also dug into major protocols. We went through ethernet, ip, tcp, udp, icmp, dns, smb, http and tls. One of the major themes of the course was being able to parse these different packets in hex. After doing this for a few months it’s not so difficult to pull out the next header field and what have you.
GCIA (the certification)
The certification exam was difficult for me. I had done one practice exam before taking the actual exam and scored an 89%. Not only that, I had more than an hour to spare. This had me feeling very confident. On the actual exam, as opposed to the practice test I took, I didn’t get any feedback per question, whether it was right or wrong. For whatever reason, perhaps just the added pressure of it ‘being an exam’ I was second guessing myself and was looking up more answers and even verifying answers I knew were right (it’s an open book exam). When I submitted the last question I had one minute remaining of my four hour allotted testing time. I scored two points lower than my practice test when all was said and done, an 87%.
What I like most about the exam is that since it is open book, there isn’t any really stump the chump kind of feeling when an obscure question about an IP option comes up. Instead, using documentation you can easily decipher what you need and come up with the answer.
Before going through the examination process I had read in other blog posts or youtube videos of people making an index. People would go through each book and index terms so that when they came across a question they could go to their index and hopefully find the answer in a reasonable amount of time. I did not do this, I used the index provided in the lab book portion of the materials and truth be told I didn’t use it that much. My thought process is that if you put in the time on the material (there are five main books), you will have a pretty good idea of where to start looking for that topic.
Lastly, one of the coolest parts of the exam is that it has a VM portion where you interact with pcaps using the tools and protocol knowledge outlined in the course to pull out answers. This was way more slick than any Cisco simulation I’ve ever done. Overall I think the exam really covered everything in a fair and balanced way and didn’t at all feel like a random trivia question extravaganza.
Conclusion
If you get the chance definitely take the opportunity to do some of their training. I’m hoping to take FOR572, Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response and the associated GNFA next. It will, I’m sure, be covering a lot of the same tools but I’m excited to get the point of view of a different instructor that will hopefully shed light on new things.
Also, I think I’m going to continue to keep blogging a bit here. I started out not knowing whether I would like it or find it useful. I think blogging and ‘studying in public’ is kind of a way to hold myself accountable even when the passion or motivation maybe lacking a bit that day. Hope you will continue this journey with me and I’ll see you on the other side on our next adventure.
In this episode, we talk to Teneyia! She shares her upcoming story on how she went from being a fitness trainer to Network Engineer. She shares her viewpoints on motivation vs discipline, and why one matters way more than another. She also gives great advice on handling interviews, and what to do when you are in a situation that makes you feel nervous or scared. Enjoy this episode with Teneyia!
In this edition of the CCNA Series, we are going to cover network switches. In the CCNA exam topics, we are looking specifically at Network Fundamentals > Explain the role and function of network components > L2 and L3 switches. Before we get into the difference between Layer 2 and Layer 3 switches, let’s describe and understand what switches are and what their role is in a network. In their simplest form, switches are hardware or software devices that provide connectivity to the network. For the simplicity of this article, unless otherwise specified, we will be focusing on hardware based (physical) switches. Who and/or what do switches provide connectivity to the network? Well, that depends upon which “layer” the switch resides. In the traditional campus infrastructure model, we can look at the network as having three layers; access, distribution and core.
Traditional 3 layer campus design
Access Layer
The switches at the access layer provide endpoints, or devices their initial connectivity to the network. The access layer can be thought of as the edge of the campus network, because this is where the network begins for devices. This is where our computers, printers, phones, and much more, connect to the network. The network is providing the service of delivering data to the required destinations for the connecting devices.
Distribution Layer
While the purpose of the access layer is for switches to connect to endpoints, the distribution layer switches connect to other switches. The distribution layer bridges the gaps between access layer switches at the local site (intra-site communication), and the local site access layer and the core layer, which provides connectivity to other sites (inter-site communication). The distribution layer provides two main functions, that both stem from the concept of network scalability.
Acts as an aggregation layer for the access layer switches. As the number of access layer switches grows at a site, it is not functionally or cost effective to connect each access layer switch together directly to provide connectivity between them. It makes more sense to create a layer of switches “above” the access layer to provide the intra-site connectivity.
Provides connectivity to the core layer which in turn provides connectivity to other sites (inter-site connectivity).
Core Layer
The purpose of the core layer is similar to the distribution layer in that it provides the service of aggregating switches to provide scalability. However, rather than aggregating access layer switches, the core layer ties together the different distribution layer switches between sites. Configuration and service-wise, we try not to get too fancy with the core layer. The core is there primarily to move packets through the network (between sites, if you will) as quickly as possible. In depth security and authentication services are typically handled in the lower layers of this three-tier model.
Now that we have covered the very basics around the purpose of switches and their roles depending on where they live in the network, let’s now describe, compare, and contrast Layer 2 and Layer 3 switches. Back in the “old days”, switches solely provided the Layer 2 functions in the network and routers (previous post) solely handled the Layer 3 functions. Switches typically have many physical ports and as stated earlier, connect to either devices at the edge of the network, or to other switches to get up or downstream in the network. Routers, on the other hand, tend to have fewer ports and provided routed (Layer 3) connectivity between different network segments. What do we mean in the traditional sense of switches operating at Layer 2 and routers at Layer 3? At Layer 2 of the OSI Model, we forward data (called frames) through switches based on their destination MAC addresses (burned in, or hardware addresses). In contrast, at Layer 3, data (called packets) is forwarded through routers based on destination IP addresses (logical addresses).
Layer 2 Switches
As covered in the previous section, switches operate at Layer 2 of the OSI Model by default. As frames flow through a switch, the switch builds what is called the MAC address database (aka the MAC table). The MAC table is used to properly forward data frames to the correct destinations. When a frame enters a switchport, the switch takes note of the source MAC address, the port the frame entered the switch on, and the VLAN that the port belongs to, and adds that as an entry into the MAC table. Later, when a frame enters the switch with a destination address of that first MAC address that was added to the table, the switch knows which port to forward that frame out. If that original device/MAC address gets moved to another port, the MAC table will be updated to reflect the port move. At Layer 2, VLANs are used to provide network segmentation. An access port on a switch can only belong to a single data VLAN, and traffic from a VLAN should only be forwarded out ports in the same VLAN. For traffic to cross VLANs, a routing function is needed.
Layer 3 Switches
Again, traditionally, Layer 2 functions have been handled with switches, and when subnets have been needed to be defined and Layer 3 forwarding used, we had relied on separate devices, called routers. As switches developed over the years and resources could be added to them, they began to be able to handle more functions. It then became a popular question that if switches can handle handle routing functions from a resource standpoint, do we really need separate hardware routers everywhere in the network that we define a Layer 3 boundary? Enter, Layer 3 switches. Layer 3 switching is just another way to say that we are providing routing functions in a switch. This can be handled in few different ways from an interface standpoint.
Routed Port
This is a native Layer 3 interface on a switch and most resembles a “normal” interface on a traditional router. To recap, switches operate a Layer 2 by default, so to convert a Cisco switchport to a routed port, the command no switchport is entered on the interface. After that, an IP address and subnet mask can be entered just like on a traditional router interface.
SVI (Switch Virtual Interface)
An SVI is a virtual Layer 3 interface on a switch that corresponds to a specific VLAN. Before Layer 3 switches, to provide routing for devices on a VLAN, we would need connectivity to an external router via access or trunk ports and the router would handle the Layer 3 functions of separating routed networks and forwarding packets between networks/subnets. An SVI is initiated by entering the global config command of interface vlanvlan-id. Then, an IP address and subnet mask can be defined. Finally, the SVI needs to be enabled with the no shutdown command.
Layer 3 Portchannel
To provide higher bandwidth and resiliency at Layer 3 on a switch, a Layer 3 portchannel can be used. The physical member interfaces need to be configured for Layer 3 with the no switchport, added into a portchannel, then the IP and subnet mask information is configured on the portchannel interface.
But Why?
Summary
Many switches out there today can operate at both Layer 2 and 3, which can cut down on the amount of network hardware that is needed. As always, when selecting solutions, you need to determine your network requirements to make sure you are selecting the correct gear to suit your needs. You can think of a Layer 3 switch as a switch that can also act as a router.
Enter Cumulus Linux, the networking arm of Nvidia. They’ve had a cumulus in the cloud offering for sometime now and I logged in the other day after a long hiatus just to check things out. They are currently running Cumulus Linux version 4.3 with vim now on it’s standard image 🙂
wouldn't it be cool if you could just spin up this lab in minutes…using someone else's hardware…for free
There was one new thing that really caught my eye. One of the ‘Demo Modes’ they have now, once you are all logged in and have your virtual 2 racks of equipment powered on, virtually cabled and spun up is called ‘Challenge Labs.’ Currently, there are 4 challenge labs. Each lab is loaded and solution validated from the oob-management-server within the topology by way of an bash script. To load the first challenge you simply run a bash script that loads the configuration to the applicable devices using an ansible playbook.
cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a load
Challange #1
Server01 is unable to ping server02 or server03. Server02 and server03 are able to ping each other.
Challenge #1 Topology
Here we go! Are your wheels spinning? Are you coming up with possible issues and areas to look? The first thing I like to do when I first encounter a problem ticket is:
Recreate the issue, in this case, verify the ping fails from server01 -> server[02|03]
I don’t really have to worry about power here since we are all virtual but I can verify that the IPs in the diagram and the interfaces connecting the devices are correct. Let’s take a look at server01, is it’s IP correct and is it using ‘eth1’ as specified in the diagram?
cumulus@server01:~$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 44:38:39:00:00:32 brd ff:ff:ff:ff:ff:ff
inet 10.1.10.101/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::4638:39ff:fe00:32/64 scope link
valid_lft forever preferred_lft forever
Now, when we look into our first cumulus switch, I can discuss one thing that’s really cool about it. You can check the port configuration the same way we did above, with ‘ip a’ or we can use more of a traditional ‘command line’ for a networking device utilizing what they call nclu (network command line utility). Let’s log into leaf01 and have a look:
cumulus@leaf01:mgmt:~$ ip a show swp49
51: swp49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9216 qdisc pfifo_fast master bridge state UP group default qlen 1000
link/ether 44:38:39:00:00:59 brd ff:ff:ff:ff:ff:ff
So ‘ip a’ isn’t showing us everything we want here but I think it’s mighty cool that i’m on a ‘switch’ and i got native Linux commands at my disposal. We can tell we don’t have an IP address configured so we are operating at layer 2 and we are up.
A command I like to go to straight away on a Cisco device is ‘show ip int br’ and we can get a lot of the same sort of data with Cumulus’ nclu command ‘net show interface’:
cumulus@leaf01:mgmt:~$ net show interface
State Name Spd MTU Mode LLDP Summary
----- ------ --- ----- --------- ---------------------------- ---------------------------
UP lo N/A 65536 Loopback IP: 127.0.0.1/8
lo IP: ::1/128
UP eth0 1G 1500 Mgmt oob-mgmt-switch (swp10) Master: mgmt(UP)
eth0 IP: 192.168.200.11/24(DHCP)
UP swp1 1G 9216 Trunk/L2 server01 (44:38:39:00:00:32) Master: bridge(UP)
UP swp49 1G 9216 Trunk/L2 leaf02 (swp49) Master: bridge(UP)
UP bridge N/A 9216 Bridge/L2
UP mgmt N/A 65536 VRF IP: 127.0.0.1/8
With Cumulus, if configured, I always find myself typing ‘net show lldp’ as one of my first orientation sort of activities. LLDP (link layer discovery protocol)
OK. Now let’s verify the issue. Let’s see if server one can ping the other servers in the topology:
cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms
pipe 3
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
From 10.1.10.101 icmp_seq=1 Destination Host Unreachable
From 10.1.10.101 icmp_seq=2 Destination Host Unreachable
From 10.1.10.101 icmp_seq=3 Destination Host Unreachable
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2027ms
pipe 3
You may have seen the issue already, you may not. But let us get on the working switch, the one where both hosts can ping each other, and see if you can spot the difference:
We can see that the ‘good’ switch has access ports to their servers and the ‘bad’ server is configured as a trunk. Two solutions come to mind straight away. One, we could configure the server link to the switch as a trunk. Since we are working with ‘cumulus linux’ within the challenge I’m going to assume we want to change leaf01 to have an access port to it’s server, but with what vlan? Let’s check on leaf02:
Aright, vlan 10 it is. One last thing I need to check out before logging off of leaf02 is a hint on what the command to use, for this I’ll grep the configuration:
Let’s jump back on leaf01 and fix this issue once and for all:
cumulus@leaf01:mgmt:~$ net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net commit
--- /etc/network/interfaces 2021-05-04 20:46:36.925028228 +0000
+++ /run/nclu/ifupdown2/interfaces.tmp 2021-05-05 00:42:00.327566444 +0000
@@ -7,20 +7,21 @@
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
vrf mgmt
auto swp1
iface swp1
+ bridge-access 10
auto bridge
iface bridge
bridge-ports swp1 swp49
bridge-vids 10
bridge-vlan-aware yes
auto mgmt
iface mgmt
address 127.0.0.1/8
net add/del commands since the last "net commit"
================================================
User Timestamp Command
------- -------------------------- ---------------------------------------
cumulus 2021-05-05 00:27:03.636686 net add interface swp1 bridge access 10
cumulus@leaf01:mgmt:~$ net show lldp
LocalPort Speed Mode RemoteHost RemotePort
--------- ----- --------- --------------- -----------------
eth0 1G Mgmt oob-mgmt-switch swp10
swp1 1G Access/L2 server01 44:38:39:00:00:32
swp49 1G Trunk/L2 leaf02 swp49
cumulus@leaf01:mgmt:~$
Last thing to do is to log into server01 and see if I can now ping server[02|03]:
cumulus@server01:~$ ping 10.1.10.102 -c 3
PING 10.1.10.102 (10.1.10.102) 56(84) bytes of data.
64 bytes from 10.1.10.102: icmp_seq=1 ttl=64 time=20.8 ms
64 bytes from 10.1.10.102: icmp_seq=2 ttl=64 time=4.09 ms
64 bytes from 10.1.10.102: icmp_seq=3 ttl=64 time=3.48 ms
--- 10.1.10.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.489/9.475/20.844/8.042 ms
cumulus@server01:~$ ping 10.1.10.103 -c 3
PING 10.1.10.103 (10.1.10.103) 56(84) bytes of data.
64 bytes from 10.1.10.103: icmp_seq=1 ttl=64 time=5.85 ms
64 bytes from 10.1.10.103: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 10.1.10.103: icmp_seq=3 ttl=64 time=2.76 ms
--- 10.1.10.103 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.768/6.825/11.853/3.772 ms
We’ve verified we have solved the issue, but I also want to let you know that the run script also comes with a verification option that will make sure you solved problem statement. To do this, we log back into the oob-server:
cumulus@oob-mgmt-server:~/cumulus-challenge-labs$ ./run -c 1 -a validate
Validating solution for Challenge 1 ...
PLAY [server] ******************************************************************
TASK [include_tasks] ***********************************************************
Wednesday 05 May 2021 00:57:25 +0000 (0:00:00.059) 0:00:00.059 *********
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
included: /home/cumulus/cumulus-challenge-labs/automation/roles/common/tasks/validate.yml for server03, server02, server01
TASK [Validate connectivity to server01] ***************************************
Wednesday 05 May 2021 00:57:25 +0000 (0:00:00.355) 0:00:00.415 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server01] ********************************************
Wednesday 05 May 2021 00:57:27 +0000 (0:00:02.523) 0:00:02.939 *********
ok: [server01] =>
msg: 10.1.10.101 is alive
ok: [server02] =>
msg: 10.1.10.101 is alive
ok: [server03] =>
msg: 10.1.10.101 is alive
TASK [Validate connectivity to server02] ***************************************
Wednesday 05 May 2021 00:57:28 +0000 (0:00:00.112) 0:00:03.051 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server02] ********************************************
Wednesday 05 May 2021 00:57:30 +0000 (0:00:02.422) 0:00:05.474 *********
ok: [server01] =>
msg: 10.1.10.102 is alive
ok: [server02] =>
msg: 10.1.10.102 is alive
ok: [server03] =>
msg: 10.1.10.102 is alive
TASK [Validate connectivity to server03] ***************************************
Wednesday 05 May 2021 00:57:30 +0000 (0:00:00.087) 0:00:05.561 *********
ok: [server01]
ok: [server03]
ok: [server02]
TASK [Display results for server03] ********************************************
Wednesday 05 May 2021 00:57:32 +0000 (0:00:02.087) 0:00:07.649 *********
ok: [server01] =>
msg: 10.1.10.103 is alive
ok: [server02] =>
msg: 10.1.10.103 is alive
ok: [server03] =>
msg: 10.1.10.103 is alive
PLAY RECAP *********************************************************************
server01 : ok=9 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server02 : ok=9 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server03 : ok=9 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Wednesday 05 May 2021 00:57:32 +0000 (0:00:00.083) 0:00:07.732 *********
===============================================================================
Validate connectivity to server01 --------------------------------------- 2.52s
Validate connectivity to server02 --------------------------------------- 2.42s
Validate connectivity to server03 --------------------------------------- 2.09s
include_tasks ----------------------------------------------------------- 0.35s
Display results for server01 -------------------------------------------- 0.11s
Display results for server02 -------------------------------------------- 0.09s
Display results for server03 -------------------------------------------- 0.08s
cumulus@oob-mgmt-server:~/cumulus-challenge-labs$
So this wasn’t the most complicated ticket, and the further challenges get a bit more involved to solve. My hope is that you can see how relatable the output is from the nclu if you are coming from learning or working on Cisco, Juniper or Arista. Also, if you love Linux how cool is it to have all this functionality in a native Linux platform?!
Conclusion
Seeing how easy (and FREE and easily accessible) it was to setup a lab and a challenge from within the lab I hope that you can see the potential of Cumulus VX as a learning platform. Furthermore, this challenge script found on the oob-server within this free cumulus in the cloud offering could be a framework for future TSHOOT challenges.
If you want to run this lab locally, that’s also no issue as they have their process documented on their Gitlab repository. Once more, you’d think with all the devices you’d need some special hardware but as I mentioned in an earlier post, a single instance of Cumulus Linux needs less than 1GB of ram.
Lastly, if you need help getting along, the docs for cumulus are great and my friend Aninda Chatterjee has put together a great series of blog posts covering getting started with Cumulus Linux.
In this episode we are joined by Tim Bertino once again! Tim, A.J., and Andy celebrate a ton of wins from our Winning channel, Tim introduces an exciting new blog series on the AONE blog that focuses on the CCNA, and we take a brief trip down memory lane recapping that last 30 or so episodes. Whether you’ve been with us from the beginning or just joining there’s a little something in this episode for everyone!
In the first ever post of the AONE CCNA Series, we are going to start from the top. If you are following along on the CCNA exam topics, we will be covering Network Fundamentals > Explain the role and function of network components > Routers. Routers represent a critical component of network infrastructure in that they connect networks together, both physically and logically. What do we mean by logically? Well, the main purpose of a router is to receive data, find out where it needs to go, and send it out the interface (or port) in the right direction. Routers operate at Layer 3 of the OSI model, which means that they “route” or forward packets (data) based on the packets’ destination IP addresses. IP addresses can also be referred to “logical addresses”, and they signify the logical location of a device in a network. The IP address of a device can and may need to change depending on its movement in a network. MAC (or physical) addresses are a contrast to IP addresses in that they describe more of a physical location of a device in a network (at Layer 2). In fact, each device is said to have a “burned in address” or BIA, which is a device’s MAC address at Layer 2. This is a “permanent” address that the device keeps and uses no matter where it lives or moves within a network. But that’s enough about Layer 2 and MAC addressing for now, we’re here to talk about routers. Now that we know that a router’s purpose is to get data from one place in a network to another, let’s get into what routers might look like and how they perform this ever-important function of delivering our precious packets from point A to point B.
Example logical representation of routers in a network.
What do routers look like? They can come in a variety of brands, shapes, sizes, and sometimes the routers themselves are not even physical at all. Yes, we can deploy routers as virtual machines just like traditional virtual servers. And while we are focusing on enterprise networking because this is a CCNA series, routers are leveraged in residential networks as well. If you are connecting personal/home devices to the internet you are leveraging a router to provide connectivity to the internet for all of the devices on your home network. Think of the router as bridging a gap between your local network and the internet.
Finally, let’s go over how routers provide the functionality of transporting data across networks. As stated earlier, routers make their packet forwarding decisions based on the destination IP address in the packet header. That’s all well and good, but how do routers learn about networks and how to reach them so that they can forward packets in the right direction and along the correct path the proper destinations? Routers learn how to reach destination IP networks from three sources.
Connected networks/routes
When an interface is configured with an IP address and enters an “up” state, the network associated with that interface is automatically entered into the routing table. The router now knows what networks are directly connected to itself and which interfaces to use, to forward packets out toward those networks.
Static routes
Network administrators can manually program the router with static routes for specific destination networks.
Dynamic routing protocols
Routing protocols can be enabled and configured on routers to communicate with each other and share routing information.
Once a router has enabled a way or ways or learning routes, it has to know which proper paths to choose when it receives packets. The best path(s) for each destination network is placed into the routing table, which is a database on the router that, at a high level, lists each destination network, the next hop IP, and egress interface to reach each destination network. Here high level sequence of operations that a router goes through when selecting the best path to reach a destination network for a packet it has received.
Longest prefix match
This can be thought of as the rule of specificity and is the first method used for path selection. The route in the table with the most leading bits in the “on” position in the subnet mask will be chosen. An example of this logic is:
A router receives a packet to forward with a destination IP of 192.168.1.200.
The router has two routes in its routing table that match this destination:
192.168.1.0/24
192.168.1.128/25
In this case, the route that matches the 192.168.1.128/25 network will be chosen because it is more specific, in that it has one more bit in the “on” position than the route with the /24 bit mask.
Administrative Distance (AD)
Routing protocols (OSPF, EIGRP, etc.) leverage metrics when determining the route to select when there are multiple routes learned to the same destination. However, the metrics used are only understandable to the given routing protocol. So, what does a router do when it learns the same route from different routing source types (for instance, a route learned both by a static route and EIGRP). A concept called Administrative Distance is leveraged to determine which route will enter the routing table.
Administrative Distance is a “trustworthiness” value (from 0 to 255) assigned to different routing sources so that when a router learns about the same route from different sources, it can decide which route to install into the routing table and use. The lower AD value is preferred.
Routing protocol metrics
When a router receives multiple routes to the same destination from the same source (for instance, OSPF), it leverages the routing protocol’s metric values to determine which route(s) should be selected for the different destination networks. Examples of routing protocol metrics that are used by different routing protocols are hop count, cost, bandwidth, and delay.
But Why?
Why do we build computer networks and need routers?
Summary
There is definitely a lot that can be covered here about routers, but we want to keep these posts in consumable chunks. We have also highlighted some topics that we can go into more depth later on down the road. I think a big takeaway to remember here is that routers are a core component of network infrastructure and are responsible for moving packets through different Layer 3, (or “routed”) networks.
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Emmanuel Pimentel (@MannyBytes88) was born and raised in New Jersey, but currently resides in Orlando, Florida, moving there in 2006. Manny is a Network Technician, working as a contractor in the transportation and tolling industry. He has a hybrid role, in which he assists in the management of both the network and server environments. While juggling college, Manny was looking for a way to break into the IT field. He decided to apply for a sales position in the computer department at a local Best Buy, but during the interview, the hiring managers quickly picked up his interest in tech, and found that he would be a better fit in a support role with Geek Squad. That just goes to show that displaying your interests and drive can open doors that you weren’t even looking to open! While with Geek Squad, Manny held positions as an Advanced Repair Agent and Covert Fulfillment Agent (remote Geek Squad agent). His time there gained him enough confidence and experience to book and pass both exams to become CompTIA A+ certified on the same day! Manny also credits developing his soft skills to his time at Geek Squad. After Geek Squad, Manny started with his current company as a Workstation Support Technician, prior to receiving a promotion to Network Technician.
For Manny, the draw to network engineering stems from senses of challenge and curiosity. He actually changed from majoring in general Computer Information Technology to majoring in Computer Network Engineering with a Cisco specialization because he wanted more of a challenge! While initially being intimidated, Manny accepted the challenge and has been “plugged into” (shameless, bad Tim pun) network infrastructure ever since. The draw to IT in general started in childhood with the Nintendo gaming system. From there it grew when he got his first PC and found out that he could dual boot to different operating systems. Manny’s ultimate goal is to become a Network Engineer. That being said, the role means much more to him than just the title. He is striving for all of the knowledge, responsibility and experience that comes with it. This goal motivates Manny each day to keep striving.
What advice do you have for aspiring IT professionals? Never stop being hungry for learning and for your growth. Always dedicate some time to your own personal development whether it’s a half hour before or after work or a few hours or maybe even a day off. Your peers and management will take notice and it will help propel your career as IT evolves for what it seems like warp speed these days. Make sure you learn and grow your soft skills. As Aaron once said on the podcast, “Soft Skills Pay The Bills”. Believe it or not, you have no idea how important soft skills are. You can be very technical and the cream of the crop, but it creates an barrier when you’re unapproachable to work with by your peers, management, and your end-users/clients/customers.
What is something you enjoy to do outside of work? Gaming. RPGs are my favorite genre with great games like Final Fantasy but also love action games like Metal Gear Solid, Yakuza, Uncharted, etc, seriously I can go on and on. I’m a sucker for retro games so if I’m not playing a current-gen title, I’m playing an older title like Parasite Eve, Xenogears, Chrono Trigger, GoldenEye, etc. The other two would be fitness and my two rides: 2007 Suzuki GSXR 600 and 2018 Subaru WRX STi Limited. If I’m not cruising around, I’m in my garage gym.
What is the next big thing that you are working toward? The biggest thing and main focus is obtaining my Cisco CCNP Enterprise certification with either the ENARSI or ENSLD aka “En-Salad” exam as my chosen concentration. The bigger picture is gaining more knowledge in the Route and Switch and Network Security space to become are more knowledgeable and well-rounded Network Engineer. That being said, I have a list of “side quests” that will aid in that along with accumulating experience such as: Juniper Networks JNCIA-Junos, Palo Alto Networks PCNSE, Cisco CCNP SISE, and Aruba Networks ClearPass Associate. I might even tackle the CCNP Service Provider track as that’s another level in the Route & Switch realm. These certs are loaded with knowledge that I feel would help develop me into a powerful, well-knowledgeable Network Engineer plus gaining experience as I grow of course.
How do you manage your work/life balance?
This is honestly a tricky one as I’m sure it is for many, if not all of us. For starters, I’m very strict on separating work from my personal life. Unless I’m on-call for the week or the back-up person, I don’t think or deal with anything relating to my job. Biggest way I accomplish this is I have two phone lines and phones for my personal use and for work. I love what I do, love my job, and the people there but I treat it as self-care that I’m mentally checked out so I can relax. Outside of that, I try to have a schedule or a routine. I always dedicate 1-2hrs of study/lab time before bed or first thing in the morning. I plan my workout days to both the time and muscle group I’m exercising. I even get in a quick jump-rope session during my work lunches when I’m working from home. I try to plan my meals Monday-Thursday. I figure it as one less unnecessary thing on my mind. Kind of like a “set it and forget it” kind of deal. Friday-Sunday, I like to mix it up and cook something random from Breakfast all the way to Dinner. Finally, I try to get in some non-study related time to unwind. Whether I’m relaxing and watching a show, reading a book, or getting in some game time. I usually leave this for the weekend as I’m in a grind mode Monday through Friday.
What is your favorite part about working in IT? You’re always exposed to new tech. Whether you work in the Private Sector which can be bleeding edge depending on the environment or in a more reserved environment like the Public Sector and Healthcare. You’re always exposed to something new. New piece of equipment and software tends to always mean new learning opportunities whether your company provides training, or you take it upon yourself to learn on your own time and be the SME on the new tech. I don’t like the idea of coasting permanently and never changing with the times. IT gives me that constant drive to learn as environments grow, new technologies emerge, and new skills are required and desired. Finally, because there’s so much to learn, it ignites a fire in me when I see my peers or my friends genuinely curious and wanting to learn what I’m doing or showing interest in specializing. What better way to validate your knowledge than by teaching what you’ve learned while also empowering your peers, am I right?
Bert’s Brief
I’m definitely not making light of anyone else when I say this, but Manny is someone from the IAATJ community that I absolutely cannot wait to meet in person someday. He has that perfect balance of positivity, drive, determination, and compassion. When someone has a win or achievement posted within Discord or Twitter, Manny is always one of the first people with a “congratulations” comment. He is not only working hard to help himself to succeed, but he wants to see others succeed as well. I love the mentality he has around the win-win situation of teaching others to help them and yourself, it’s spot on in my opinion. Due to his curiosity and will for a challenge, Manny has had this nice, steady growth in his career thus far, and I fully expect that to continue.
This week we speak with Beau, an audio engineer making a pivot to network engineering. Covid destroyed the live entertainment industry, so Beau made a decision to pursue a career in IT. Armed with his A+, Net+, home lab and CCNA study materials Beau plans to take and pass his CCNA by the end of the year and leverage his newly earned skills to get his first job in IT.
With so many networking books out there, someone coming into networking could find themselves asking: are any of them any good??!
This blog post, in opposition of the title, are not the 5 best. Who am I to say they are the best?! I’ve been studying pretty good for the last two years now. Just the other night I realized when someone asked if a book was good or not that I’ve read quite a few pages over that time frame. Having read quite a bit I’m going to spend a bit of time highlighting what I feel are the best of the best, the must reads. These are all books that I’ve really enjoyed and content I’ve connected with since I started my journey.
Book #1
Junos Enterprise Switching and Junos Enterprise Routing
My absolute favorite book(s) on networking covers Junos. Both books are older than 10 years or so but filled with everything you’d need to understand the fundamentals of switching and routing. The books are Junos Enterprise Switching and Junos Enterprise Routing. The number one reason why these are great books is that they allowed their personality and humor to spill out. Every other paragraph has some bit of hidden humor morsels.
These books are even highly recommended from Juniper’s best Yasmin Lara and Art of Network Engineering’s own Carl. So even though these books are a bit older, their wit really shines and makes getting through all the nitty-gritty all that much more enjoyable. If you are just getting started in networking you can’t go wrong knocking these two books out first.
Even if you don’t really know BGP yet or basic Data Center concepts, do not fret. These books are still for you. Why? Because Mr. Dutt does such a great job at breaking down each technology to a simple digestible nugget before building a beautiful tapestry that ties everything together.
This book was just a joy. It might have had a lot to do with my studying at the time. I was in multiple ENCOR study groups and I’d committed to trying to lead the SD-Access section and this book laid out everything so that I could have a somewhat successful presentation. This book broke down how everything was automated to what was going on underneath the hood of the automation. Harnessing the internet, I watched Roddie Hasan’s Cisco Live presentations (which is an amazing free resource) and followed him on the twitter (you should do the same, super cool dude). If you were only to read one chapter, read chapter 6.
Furthermore, I had won a book giveaway by another author of the SD-Access book Jason Gooley and he sent me a few Cisco Press books so I just have a lot of good vibes from this book and the connections I’ve made from it.
Book #4
The ASCII Construct
The ASCII Construct is not a book, though it should be. The author of this blog writes in such a way that that it inspired me to try and write something. He explains things in pain staking detail not normally outlined or covered. So the tidbits you get on these posts are not found in many other places on the internet. Furthermore, the author, Aninda Chatterjee, is one of the nicest people I’ve had the pleasure of interacting with. He has given his time over and over again on questions about anything. A teacher of the highest quality.
@HugOfThunder the site you recommended by @aninchat is awesome!!! He deep dives on how LISP and SD-Access works. I read his Part I & II and I easily understood it.
— { Eric: NetworkPistolero } (@NetworkPistol) August 2, 2020
Book #5
Network Programmability with YANG: The Structure of Network Automation with YANG, NETCONF, RESTCONF, and gNMI, First Edition
The last book I’d like to highlight is Network Programmability with YANG by Joe Clarke, Jan Lindblad and Benoit Claise. Everyone’s talking about network automation and I think this is the book that really breaks down a lot of the underpinnings in ways other books simply don’t match. This book is just well put together. Great, simple explanations with subsequent code examples with each chapter ending with a cool question answer with a different ‘expert’ related to what’s covered. This was a another book that stood out as an example to me as something I’d like to aspire to if I ever ended up writing some long form stuff.
Honorable Mentions
After reading this you may be wondering to yourself, I’m studying for xxx Cisco exam or what not, and not one OCG was mentioned. Truth be told, I’ve read quite a few OCGs and simply put, I just don’t like them. I don’t like being distracted by ‘do I know this already’ and ‘key terms’ and other certification type related sections. I prefer books that just discuss the technology. If I did have to choose my favorite author of these sorts of book I’d go with Kevin Wallace. My guy spent less than a year at Walt Disney according to his LinkedIn but I feel like I’ve heard 20+ stories about it going through his training, which I enjoyed.
Since I mentioned one blog, and we are talking about learning content, I want to highlight some video content creators out there.
Video Creator #1
Calvin Remsburg
One such creator is Calvin Remsburg. He’s been streaming on Twitch (which I can’t find a link to at this time) and Youtube a bit over the past couple of years. His posts are long and if you get in on the live stream, interactive. He shares his point of view on all sorts of networking and automation concepts as he walks through a technology. Always felt he should have many more subs than he does.
Video Creator #2
Matt Oswalt
This was a short series and only covered one topic, git. Matt Oswalt ran a little series called Labs & Latte where he begins each episode with some cool piano notes and some latte art. If you follow my twitter feed you know I’m into coffee. In any case, the content here is just great. I hope Matt picks this back up in this sort of format. I understand you can find Matt on other channels with a white doctors coat on explaining network automation but I really like this format and presentation.
Video Creator #3
Network Collective
I got into watching their Wednesday night live streams when I was in Arkansas for work a few months ago. They do a cool trivia segment segment and plenty of demos with industry pros. Their production quality of this live stream is very good. At some point, once I climb all the way out of debt, I hope to become a paid subscriber. They have so much content out that once you get a bit hooked you’ll have a mini mountain of content to binge through. Since I’ve been back home on the west coast it’s been really hard to get home and tuned in to the live stream so I’m going to have to make this more of a priority 🙂
Final Bonus
Ivan Pepelnjak
Subscribe to this gentleman’s content. You could be watching an old network field day and hear this voice that’s just firing off question after question. Turning every complex technology into a simple analogy of another technology. I was introduced to Ivan in a Youtube video interview with David Bombal. I’ve since watched all the content I could get my hands on at ipspace.net and listened to all the episodes of his podcast Software Gone Wild. I heard recently he may be taking a step back a bit from content creation but will still be blogging. Whatever the case, make sure to check out his content.
Final Final Bonus
I have a long commute. So I listen to a lot of content as well. Here is a short list of my favorite networking related podcasts: The Hedge, The Art of Network Engineering, Full Stack Journey, Network Collective, Darknet Diaries, Software Gone Wild and History of Networking.
All for now, let me know what books or anything else I’ve missed and need to check out!
This week we talk to Kevin Camacho, otherwise known as Automacho. Kevin came from the NOC and now works on Andy’s team as a Network Engineer with a focus on Automation. Kevin shares his journey and provides some advice to others on working in a NOC.
Last week I wrote a quick little tutorial so that one could get started using tshark. In this post I want to look at different ways of viewing the same data using a tool called zeek. Zeek is often referred to as a packet examination ‘framework’ as it allows you to see what is happening, the whos, wheres and whats within the traffic. Zeek is often deployed along side other tools like snort, suricata and/or moloch.
Since we will be examining pcaps, not live traffic we will again be going with the ‘-r’ option as we did with previous posts covering tcpdump and tshark.
You can see, after we read in our pcap with zeek a bunch of *.log files were created. You can guess what kind of information is in each log based on it’s name. To view logs nativly, zeek has a tool called ‘zeek-cut’ that allows you to format and view what you’d like. If you use just zeek-cut you will get the default columns:
$ head dns.log | zeek-cut
1613159462.737544 Ci2kw63INthRjNjuae 157.230.15.223 57199 67.207.67.3 53 udp 6601 - 223.15.230.157.in-addr.arpa 1C_INTERNET 12 PTR 3 NXDOMAIN F F T F 0 - - F
What are these columns you ask?! Good question. We can see what are all our options are as far as data within this log by simply looking at the very beginning of the file:
$ head dns.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2021-04-16-17-46-03
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
Fields we can extract/view from this log are listed after the #fields above.
An aside: A bit about source/destination vs originator/responder. In zeek the one who initiates a request, whether by a syn or what have you, is the originator and the one responding, ie, a syn-ack is the responder. They do not use the lexicon of source and destination. Which, I think, is kind of cool as one of the things you do with tcpdump a lot is filter by syns or syn-acks and here that work is already done for you.
Back to parsing this log file. Using zeek-cut, let’s pull out the id.orig_h, resp_p and the query. I only pipe it to head for brevity.
This information is exactly the same information we pulled out of the file last week with tshark. Zeek is an awesome tool because the logs, once extracted from live capture or a pcap can be held onto for a long time because in relation to the hard-drive space needed for a pcap, Zeek logs take up very little space. You can refer to these artifacts later and retain for much longer/easier than trying to retain pcaps.
Another pro for zeek is that parsing through a log file is computationally super fast when compared to tshark or even tcpdump trying to look through an entire pcap every time you do a filter. So getting information out of your data, once read through zeek is FAST!
So to briefly recap, to get started with zeek-cut looking at your logs, head a log you are interested in, see the possible columns and then use zeek-cut to parse out what you are interested in. Another thing I demonstrated last week in my tshark post was pulling out all the usernames used to login with mysql. Can we quickly do the thing with zeek?
We see we have a mysql.log and the next step is to head it and see the columns.
$ head mysql.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open 2021-04-16-17-46-03
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
The three columns that stand out as possibilities that could help us reach our goal of getting all the username’s/passwords to log in would be cmd, arg, success, rows and response. One of the cmd is ‘login’ so if we grep for login and show associated arg we are able to see all the usernames:
To briefly look back, here was us last week doing the same thing with tshark:
$ tshark -r ctf.pcap -Y 'mysql' -T fields -e mysql.user | sort | uniq -c
963
2 8TmveSod
12 admin
4 admin@example.com
1 flag
4 jamfsoftware
12 mysql
140 root
4 superdba
12 test
12 user
4 username
2 wdxhpxxK
One more really cool thing to mention about Zeek before we shift over into looking at the same data in JSON format using jq is that of the uid. Let’s say for whatever reason, you are super interested in someone logging in with the username flag. In zeek, every single log has a UID, which is a unique identifier of traffic consisting of the same 5-tuple or source IP address/port number, destination IP address/port number and the protocol in use. So if we include the UID in the login associated with flag we could then grep all of our logs for that UID to see all the associated traffic.
We have easily located associated traffic with the mysql traffic with the login name of ‘flag’ very quickly.
Another very quick aside. A tool that’s like uid, but even more useful is called community-id. This is the same sort of idea as uid except you can take this ‘community-id’ and pivot to entirely different tools. Say we found something with traffic in zeek that was super interesting but wanted to look at the pcap. If we were using community-id we could copy it from our zeek log like we did with uid but this time search for this community-id within a tool like moloch (view flows and download pcap) and get greater context/viability.
Alright. So many quick asides today. Back to the lesson at hand. Zeek data can also be output in JSON format as opposed to simple text logs as outlined above. This is how zeek is configured at my work and is done so it can be easily ingested into our SIEM. Today we are just going to read in the same pcap and play around a bit with a tool called jq to parse our logs. Here is how we switch to a JSON format:
If we head our dns.log, like we did above to search for quries our data will look much different. So much so that zeek-cut no longer works with this format 🙂
$ head dns.log
{"ts":1613159462.737544,"uid":"CyZQzA1XgYbK1dLIah","id.orig_h":"157.230.15.223","id.orig_p":57199,"id.resp_h":"67.207.67.3","id.resp_p":53,"proto":"udp","trans_id":6601,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}
{"ts":1613159462.737492,"uid":"C1n5WP2f5tNp0iBXa2","id.orig_h":"157.230.15.223","id.orig_p":56994,"id.resp_h":"67.207.67.2","id.resp_p":53,"proto":"udp","trans_id":505,"query":"223.15.230.157.in-addr.arpa","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","rcode":3,"rcode_name":"NXDOMAIN","AA":false,"TC":false,"RD":true,"RA":false,"Z":0,"rejected":false}
We now have a whole bunch of key:value pairs. Which means our log files will be slightly bigger than the plain txt ones but otherwise all the pros mentioned above still hold true here. Instead of piping to zeek-cut we are going to use jq to parse our data. To look at the first log, we will use the -s ‘.[0]’ option (which simply picks out the first thing in the index, ie the first log):
I always find myself heading a log or looking at the first log before I really dive in. This is because I never remember what the key value is or the specific name of the interesting thing I’m looking for. This gives me a chance to look at an entire log and make out what each thing is referencing and I can make a better guess on what search term to use or how it should be formatted. Doing this first saves you a bit of time later in my opinion.
Every key, if you can remember back to the beginning of this post will correspond to a column header when we were using zeek-cut. With zeek-cut we used id.orig_h, id.resp_p and query. To do this we will use the -j (join option) with jq which will put the following things we select on the same line. We have to put ‘id.orig_h’ and ‘id.resp_p’ in brackets because their key value begins with a ‘.’ already and in order for jq to read them the syntax with the square brackets is needed. Since query doesn’t begin with a ‘.’ no brackets needed. “\n” simply means new line. Below we have a csv formatted version of what we did with zeek-cut above.
Above I used grep to do the same sort of search that we did with zeek-cut. But, we don’t have to use grep as jq has some very cool functions built in that allow us to do comparison searching within the tool itself. This is where I think jq really shines. You can use ‘<‘ ‘>’ or ‘==’ to filter your search how ever you need. Here we just want to get all the ‘cmd’ that equal login.
With zeek-cut we zeroed in on the flag login and searched all our logs for the uid to find all relevant traffic with the associated tuple. We can do the same thing with jq no problem.
I might have not shown the most ‘useful’ parsing within jq but I hope by showing you a few examples of how you can select based on the values of certain fields you can see how easy it is to zero in on what you are looking for. You can, for example, only display only logs that have a ip.orig_p less than 1000 in your conn.log with ease. Or, display on logs with a packet bigger than a certain size. The possibilities are endless and being able to use comparison operators in your search, I think, is just awesome.
Also, you can format your output based on whatever values in any order and to csv very easily if that’s a useful avenue for you. There is even more stuff you can do with jq, such as sorting. But I think we’ve went long enough 🙂
That’s all for today as I think I’ve rambled on long enough, with far to many asides. But i digress. Next time I’m thinking of trying to write my first zeek script. Till next time!
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Meet Tim!
Tim McConnaughy had lived in Hampton Roads, Virginia most of his life. A few years ago he left to take a position with a global company headquartered in Idaho. Tim now resides in Raleigh, North Carolina. His current role is as an Enterprise Networking Technical Solution Architect at Cisco. Specifically, Tim works in the Customer Proof of Concept labs (CPOC), and develops demonstration material for field engineers on Cisco dCloud. A while back, I had the opportunity to discuss this role with Tim, and it was very interesting to me. The responsibility is to essentially build and prove out solutions to customers that are being proposed by the pre-sales engineering team. Tim has the opportunity to learn and perfect new technologies, and work with customers directly to see how those technologies may, or may not fit in their environment. To me, that sounds like a rewarding experience. Before Cisco, Tim had gained experience in a NOC and as a network engineer in different industries. He got his professional start in IT working tech support at a local dial-up ISP, where he also built Linux web hosts for their co-lo service. IT has always been a passion of Tim’s, stemming from when he first played the Atari 2600 and Intellivision as a kid. As his career progresses, Tim is striving to become an architect who can focus on big picture network strategy, while remaining technical enough to assist in deployment. In relation to this, Tim is quoted in stating “I realize that this is not unlike wishing for more wishes, but it is at least a goal to strive toward.”
What advice do you have for aspiring IT professionals? Learn how to learn. Barbara Oakley has a great free course on Coursera by the same name. There is a firehose of data waiting for you. Start with a strong foundation in learning how to absorb it all in a way that makes it stick. In IT we can’t ‘learn it for the test’ because unlike some fringe classes in high school or college, we might actually be called to utilize what we learned. Besides learning how to learn, learn how to look things up. Learn how to ask Google the right questions. Learn how to ask your peers the right questions. Above all, learn how to research something you don’t already know and how it will fit in with what you do know.
When learning something new, what methods work best for you? I like to start learning something new by determining how it relates to what I do know well already. It becomes a bit of a bridge. I think we have all stared at something that might as well be written in some ancient elvish script and thought, “I will never understand it”. You don’t need to scale that wall directly. Find the handholds by relating it to what you know. When I teach, I try to relate to real-world examples, established technologies, etc., as a scaffold for building the understanding of how it is different and goes beyond those things.
What is your favorite part about working in IT? I think my favorite part of working as a network engineer is when all my hard work pays off. When you spend a lot of time and effort learning something, doing something, and it pays off there is not another feeling like it.
How do you manage your work/life balance? If you figure this one out, please let me know. In all seriousness, there is no secret, no trick, and in some ways that makes it even harder. It is simple willpower and ability to swallow the anxieties of work to pursue the benefits of life, to be able to push back because there will always be a project, a task, some new thing to study. Kids are only kids once, and for far shorter a time than we realize. Usually, we are only realizing it when it’s in the rear-view mirror and too late to change anything. Not just kids, though. Whatever it is that we love and for whatever reasons we live, we have a finite amount of time to prioritize it.
What is something you enjoy to do outside of work? Besides the obvious answer, spending time with my family, of course, I play videogames, though not as much these days. I have a samurai movie collection I have been meaning to watch again. I enjoy (but never have much time to play) board games and role-playing games of various depth and color. I bike when the weather is good. I used to read voraciously but I admit I have let that slide as the years have passed. I am a shameless ramen fanatic, the good stuff, not the grocery store ones. I also spend a good amount of time helping others with their journey. I review resumes, give suggestions about technical interviews, answer questions, explain networking. I am a firm proponent of the idea that you have only mastered something when you can teach it to someone else. So it’s not entirely selfless.
Bert’s Brief
I cannot say enough good things about Tim McC. He has such a down-to-earth attitude and is practically always willing to help. He can be found actively in the It’s All About the Journey Discord community, providing advice and insight. Take it from me, you can learn a lot from the experiences that Tim has documented over the years. I had no idea of the extensive interview experience he had until his AONE episode. There is a fair amount of good content from Tim, so I’ll create a list of my recommendations below. Finally, since I’m starting to become brave like Aaron, on behalf of the IAATJ community, I’d like to thank Tim for his continuous contributions to helping others.
Recommended reading/listening
“10 Pieces of Advice for Network Engineers” blog post
I wrote a quick intro to tcpdump some months ago as I was learning about the tool and I thought it was just the best. You only love what you know right?! Well last week I embarked on a quest to find some flags on Cisco’s CTF 2021 using tshark. I mean, I originally tried to use tcpdump but since their file was saved as a pcapng it was not compatible without a little more work. Mr. Tony E has a how-to on trace wrangler coming up on a network collective live-stream that can solve non-compatibility pcapng issues, and I digress.
The first thing people like to do when they encounter a new pcap is to get the lay of the land so to speak. If they were in Wireshark, most likely they’d venture into the Statistics tab and check out ‘Capture File Properties’ and ‘Protocol Hierarchy.’ Can we get this sort of information from the command line? You bet your bottom dollar we can! The first tool we can use is called capinfos:
$ capinfos ctf.pcap
File name: ctf.pcap
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 203 k
File size: 97 MB
Data size: 88 MB
Capture duration: 330489.302412 second
First packet time: 2021-02-12 19:44:00.093265
Last packet time: 2021-02-16 15:32:09.395677
Data byte rate: 266 bytes/s
Data bit rate: 2,135 bits/s
Average packet size: 432.96 bytes
Average packet rate: 0 packets/s
SHA256: 127353c65071e00c66dd08011e9d45bc75fe8030d3134db061781e7bf97b21b0
RIPEMD160: d3b4062292749b33aef0d6abf74bf42ee90e900d
SHA1: 9850abbf26d14f2636e1e65d6c64841047317f17
Strict time order: False
Capture oper-sys: 64-bit Windows 10 (2004), build 19041
Capture application: Mergecap (Wireshark) 3.4.0 (v3.4.0-0-g9733f173ea5e)
Capture comment: TraceWrangler v0.6.8 build 949 performed the following editing steps: - Replacing Linux Cooked header with Ethernet header
Number of interfaces in file: 2
Interface #0 info:
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Number of stat entries = 0
Number of packets = 203528
Interface #1 info:
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Number of stat entries = 0
Number of packets = 247
We can glean how long the trace took place, how many packets we have, among other things. Believe it or not we can also get some protocol statistics using tshark, getting the same info you would in Wireshark!
Now that we got the lay of the land, seeing what our pcap is made up of, let’s get into what we came to do! Using tshark to parse some packets 🙂
Enter tshark! Tshark is the command line tool for Wireshark. It’s core switches are very close to what you would use with tcpdump. To read in a file you would use ‘-r <filename>’ or to sniff you’d use ‘-i <int name>’
I’m going to read in the value with the -c option which stands for count, so since I’m using ‘-c 1’ I’ll just get the first packet. If you were capturing traffic with the -i option and use the -c you’ll limit how many packets you’ll capture, just like tcpdump.
Do you remember how Wireshark has three separate panes by default? The first pane is the packet list, the second is the packet details, and the third is the packet bytes. In tshark, just reading in the file would get you the packet list. If you use the -V option you’ll get everything in the packet details pane and the -x option will give you the packet bytes section.
In the following example i’ll also use the ‘-Vx’ as well as the ‘-c 1’ option which will just display the first packet in all it’s glory (frame 1).
$ tshark -r ctf.pcap -Vxc 1
Frame 1: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface unknown, id 0
Interface id: 0 (unknown)
Interface name: unknown
Packet flags: 0x00000000
.... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
.... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
.... .... .... .... .... ...0 000. .... = FCS length: 0
.... .... .... .... 0000 000. .... .... = Reserved: 0
.... ...0 .... .... .... .... .... .... = CRC error: Not set
.... ..0. .... .... .... .... .... .... = Packet too long error: Not set
.... .0.. .... .... .... .... .... .... = Packet too short error: Not set
.... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
.0.. .... .... .... .... .... .... .... = Preamble error: Not set
0... .... .... .... .... .... .... .... = Symbol error: Not set
Encapsulation type: Ethernet (1)
Arrival Time: Feb 12, 2021 19:44:00.093265000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1613159040.093265000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 56 bytes (448 bits)
Capture Length: 56 bytes (448 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:vssmonitoring]
Ethernet II, Src: fe:00:00:00:01:01, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00
Address: 00:00:00:00:00:00
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: fe:00:00:00:01:01
Address: fe:00:00:00:01:01
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 194.147.140.98, Dst: 157.230.15.223
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 40
Identification: 0x8079 (32889)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 244
Protocol: TCP (6)
Header checksum: 0x499b [correct]
[Header checksum status: Good]
[Calculated Checksum: 0x499b]
Source: 194.147.140.98
Destination: 157.230.15.223
Transmission Control Protocol, Src Port: 52138, Dst Port: 33895, Seq: 0, Len: 0
Source Port: 52138
Destination Port: 33895
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Sequence number (raw): 3764456385
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 0
Acknowledgment number (raw): 0
0101 .... = Header Length: 20 bytes (5)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 33895]
[Connection establish request (SYN): server port 33895]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 1024
[Calculated window size: 1024]
Checksum: 0x72f2 [correct]
[Checksum Status: Good]
[Calculated Checksum: 0x72f2]
Urgent pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
VSS Monitoring Ethernet trailer, Source Port: 0
Src Port: 0
0000 00 00 00 00 00 00 fe 00 00 00 01 01 08 00 45 00 ..............E.
0010 00 28 80 79 00 00 f4 06 49 9b c2 93 8c 62 9d e6 .(.y....I....b..
0020 0f df cb aa 84 67 e0 61 0b c1 00 00 00 00 50 02 .....g.a......P.
0030 04 00 72 f2 00 00 00 00 ..r.....
That’s pretty neat right? You can see all the way into the first packet and get a bunch of information. Well, turning back to using Wireshark, remember how you would filter packets based on DNS or ICMP or what have you in the ‘display filter’? Well you can do that, with the same exact syntax, by using the -Y ‘<search_term>’ option. It’s best practice to put your search term inside of quotes, so if you have more than one word or periods, strange bash things won’t take place. Let’s take a look:
$ tshark -r ctf.pcap -Y 'dns' | head
312 422.644017 127.0.0.1 → 127.0.0.53 DNS 42891 53 Standard query 0xb27a PTR 223.15.230.157.in-addr.arpa OPT
313 422.644227 157.230.15.223 → 67.207.67.2 DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa OPT
314 422.644279 157.230.15.223 → 67.207.67.3 DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa OPT
315 422.653585 67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
316 422.653761 157.230.15.223 → 67.207.67.3 DNS 57199 53 Standard query 0x19c9 PTR 223.15.230.157.in-addr.arpa
317 422.656415 67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com OPT
318 422.656588 157.230.15.223 → 67.207.67.2 DNS 56994 53 Standard query 0x01f9 PTR 223.15.230.157.in-addr.arpa
319 422.659817 67.207.67.3 → 157.230.15.223 DNS 53 57199 Standard query response 0x19c9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
320 422.662693 67.207.67.2 → 157.230.15.223 DNS 53 56994 Standard query response 0x01f9 No such name PTR 223.15.230.157.in-addr.arpa SOA ns1.digitalocean.com
321 422.663035 127.0.0.53 → 127.0.0.1 DNS 53 42891 Standard query response 0xb27a PTR 223.15.230.157.in-addr.arpa PTR ubuntu-s-1vcpu-2gb-nyc1-01 PTR ubuntu-s-1vcpu-2gb-nyc1-01.local OPT
We can use our -xV options to look in the first packet displayed. If you look at the first packet you can see it’s ‘frame 312’ and we will use the -c option to look just at this packet:
$ tshark -r ctf.pcap -Y 'dns' -xVc 312
Frame 312: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface unknown, id 0
Interface id: 0 (unknown)
Interface name: unknown
Packet flags: 0x00000000
.... .... .... .... .... .... .... ..00 = Direction: Unknown (0x0)
.... .... .... .... .... .... ...0 00.. = Reception type: Not specified (0)
.... .... .... .... .... ...0 000. .... = FCS length: 0
.... .... .... .... 0000 000. .... .... = Reserved: 0
.... ...0 .... .... .... .... .... .... = CRC error: Not set
.... ..0. .... .... .... .... .... .... = Packet too long error: Not set
.... .0.. .... .... .... .... .... .... = Packet too short error: Not set
.... 0... .... .... .... .... .... .... = Wrong interframe gap error: Not set
...0 .... .... .... .... .... .... .... = Unaligned frame error: Not set
..0. .... .... .... .... .... .... .... = Start frame delimiter error: Not set
.0.. .... .... .... .... .... .... .... = Preamble error: Not set
0... .... .... .... .... .... .... .... = Symbol error: Not set
Encapsulation type: Ethernet (1)
Arrival Time: Feb 12, 2021 19:51:02.737282000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1613159462.737282000 seconds
[Time delta from previous captured frame: 9.688921000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 422.644017000 seconds]
Frame Number: 312
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00
Address: 00:00:00:00:00:00
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00
Address: 00:00:00:00:00:00
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.53
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x16bf (5823)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x25a4 [correct]
[Header checksum status: Good]
[Calculated Checksum: 0x25a4]
Source: 127.0.0.1
Destination: 127.0.0.53
User Datagram Protocol, Src Port: 42891, Dst Port: 53
Source Port: 42891
Destination Port: 53
Length: 64
Checksum: 0xfe87 incorrect, should be 0x1e09 (maybe caused by "UDP checksum offload"?)
[Expert Info (Error/Checksum): Bad checksum [should be 0x1e09]]
[Bad checksum [should be 0x1e09]]
[Severity level: Error]
[Group: Checksum]
[Calculated Checksum: 0x1e09]
[Checksum Status: Bad]
[Stream index: 2]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Domain Name System (query)
Transaction ID: 0xb27a
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
223.15.230.157.in-addr.arpa: type PTR, class IN
Name: 223.15.230.157.in-addr.arpa
[Name Length: 27]
[Label Count: 6]
Type: PTR (domain name PoinTeR) (12)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 1200
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E.
0010 00 54 16 bf 40 00 40 11 25 a4 7f 00 00 01 7f 00 .T..@.@.%.......
0020 00 35 a7 8b 00 35 00 40 fe 87 b2 7a 01 00 00 01 .5...5.@...z....
0030 00 00 00 00 00 01 03 32 32 33 02 31 35 03 32 33 .......223.15.23
0040 30 03 31 35 37 07 69 6e 2d 61 64 64 72 04 61 72 0.157.in-addr.ar
0050 70 61 00 00 0c 00 01 00 00 29 04 b0 00 00 00 00 pa.......)......
0060 00 00
A common thing one may want to take a look at regarding DNS is what domain names are people trying to resolve. A cool thing about tshark is that you can specify what columns you want it to display. This is where I think tshark, and it’s usability really separates itself from tcpdump. You can do the same sort of things in tcpdump, but it will take a lot more work and will be messier using cut multiple times and what not. Using the ‘-T fields’ followed by the ‘-e <field_name> you can get something very specific and usable really fast. I’m going to pipe this to head simply for brevity, I don’t want to have so many lines to distract from simply what the command is doing:
Look how fast that was. If we have an idea of what we are looking for we can do so very efficiently inside of tshark. We can search for very specific things and drill down very fast. We can use other Linux text applications like sort, uniq and grep with ease. Let’s continue.
From here we can see someone is trying to resolve ‘www.internetbadguys.com’ which doesn’t look good. What are all the IPs trying to resolve this name? We can use our handy Linux tool grep to help us here:
What is another thing that’s really useful with tshark, is you can grep things. How is your grep game? I’d say I’m a beginner in all the things but I’ll let you know about three options with grep I use most. The first option is ‘-i’ which simply ignores case when searching for matches.
The next options with grep I use the most are the -A and -B which will display the lines above and below your match. This can give you more context to your match, which is very useful when looking at logs and packets.
We can see that the packet following our match is ‘Frame 25202’ so if we know our match was in Frame 25201. We can also increase our -A or -B to get more context.
Given everything that we have learned so far, It would take us less than 20 seconds if someone asked you for all the mysql usernames and passwords found in a pcap. Or, if a certain user had attempted to login, etc. Sure you may have to open up Wireshark or google to get the correct syntax of the columns; but that’s easy.
I hope, if you’ve never used tshark, or hell, tcpdump for that matter, that you can see the utility of being able to parse packets at the command line. People are very into scripting with python these days, you could do some bash scripting here for things if you end up doing the same sorts of inquiries over and over again. And of course, if you want to open up Wireshark to take a look, you can do it from the command line as well 🙂
$ wireshark ctf.pcap &
That’s all for today. I’m going to focus on Zeek for the next post. Let’s see if I can get some zeek scripts off the ground. That should be bunches of fun! Till next time.
We are back this episode with Part 2 of our conversation with Bart Castle! Bart, Andy, and Aaron talk about the benefits of the cloud to software devs, Bart’s roots in networking, and a whole lot more in this week’s episode!
Here at AONE, we believe in continuous learning and development. We also want to do what we can help those trying to break into the network engineering field. While by no means the only factor, certifications can help you gain applicable knowledge for a specific career path. They can also be used to prove to employers that you have the ability and desire to learn and grow. For those trying to get into a network infrastructure profession or are early on in their careers, the Cisco Certified Network Associate (CCNA) program can be a great way to go. It is by means the only path, as their are other certification providers, but it is the one that we are going to highlight in this series.
This upcoming series is meant for those that are interested in, or are working toward achieving the CCNA certification. The approach for this series is that we will take a look a multiple topics in the CCNA “blueprint” and try to provide potentially supplemental knowledge and perspective to be used along with your other study materials. Before we dive into content in the next post, here are some example materials that you can look into if you are preparing for the CCNA certification. This is not an exhaustive list, just a few options that you can look into as you are trying to get started.
As always, you can check out the IAATJ Discord Community to communicate with others that are also going after the CCNA certification, and those who are willing to help you.
We look forward to you joining us throughout this series!
In this week’s episode we talk to musician, artist, and Cloud Guru – Bart Castle! Bart weaves an engaging and brilliant tapestry of music, yurts, wanderlust and cloud stories. Buckle up and get ready to learn some cool stuff on this one!
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Meet Chris!
Chris Randall, also known as @Bites_to_Bits, is an up and coming individual to the IT profession, originally from Michigan. At the age of 25, Chris moved to Southern Georgia to pursue career opportunities. However, at the time, the aspirations were not around network engineering or even information technology as a whole. Chris has spent the last 13 years in the culinary industry at different levels. He is currently a Food Service Director for a Fortune 500 client, where he oversees four onsite cafes. At their peak, they served over 2,000 guests per day! Before his current role, he also spent a short time at the former #1 restaurant in the world, Eleven Madison Park, in New York City. Previous to cooking for a living, when he was younger, Chris spent summers helping on his Aunt and Uncle’s potato farm. Growing up, Chris never felt that an IT career was a viable option, because they never had a reliable internet connection in the country and the family computer was outdated. However, a few years ago, he came into contact with Python for a college course and found it interesting. This led to some research into computer networking, which was very eye opening. Although not currently in an IT role, Chris spent the last six months studying for the CCNA exam, which he recently passed! As of now, the focus has been on the Cisco Devnet Associate certification and working through a Python #100DaysOfCode challenge. Chris is also working on a blog, playing around with some vlog ideas, and staying active on different social media platforms to help grow his network. Professionally, the next step is to break into the world of network engineering. The long term goal is to get into the DevOps or security disciplines.
What is something you enjoy to do outside of work? As of late, my wife and I have begun hiking. We have some pretty decent local trails and are heading to Flagstaff, Arizona in April to hike some pretty unique areas. It is nice to be able to unplug for a few hours and spend quality time in some serene landscapes.
What is the next big thing that you are working toward? DevNet Associate and becoming fluent in Python. I want to be an asset as companies continue to implement Network Automation tools.
How did you figure out that information technology was the best career path for you? Cooking was always a means to an end for me, and after getting an Accounting Degree I knew that I needed something more challenging, something that wasn’t going to be redundant for the next 40 years of my life. IT continues to challenge me as I learn everyday, and from everything I see the industry never stops growing, which is exactly what I have been looking for.
When learning something new, what methods work best for you? I have found success in blending different methods together. I tend to watch videos on a new topic to get a baseline reference, and then I move to any sort of print material or online documentation. This helps me have a reference point when reading over the new topic. I will then use ANKI to develop flashcards of what I believe are key topics and then review them frequently. Lab-ing was a big help in my CCNA studies to solidify topics and really tie together how protocols functioned.
What motivates you on a daily basis? I am blessed to have a wonderful wife who deserves so much. She has persevered through even the toughest of times with me, without question, and for that I owe her the world. We are very fortunate to be in the situation we are where she is growing in her field and I have the ability to pivot to a new one. My current industry is very volatile, and I am fortunate to still have such a great job with so many restaurants closing these days. So I am taking advantage of the situation to ensure I do not have to endure such volatility in the future.
Bert’s Brief
I absolutely love to hear these “types” of stories. I am referring to the situations where people pivot their careers. The reason is because doing so takes has a take a large amount of courage, drive, endurance, and really knowing “who you are” as a person. Chris definitely has all of these traits. I cannot even begin to fathom trying to change career paths at this point in my life. The ability and drive to see that you want a change in life and actually going through the process to accomplish that goal is incredible. Chris is definitely someone who has proven that he is willing to put in the time and effort to become an IT professional. Seeing him document his progress over the last six months has been really cool. I cannot wait to see Chris break into network engineering!
In this episode A.J., Andy, and Dan discuss the differences in being a siloed engineer vs a jack of all trades. There are certainly pros and cons to each of these approaches. The team leverages and shares their experience with each of these approaches.
I should let you know right off the top, this is not a ‘how-to’ from an expert. Instead, this is a how I was able to do something cool for the first time, article. The reason for this post is that I had to use multiple different how-to sites and was still left to troubleshoot multiple things. I’m writing this so a person in the same position as myself can hopefully get up and running in less time. So, with that in mind, if you are an expert in the tools used later on in this post I welcome some feedback on what I could have done better or what simply didn’t matter as I made my way through creating my first website since the GeoCities days (a Chicago Bulls tribute fan page).
About six months ago I was talking with a friend on twitter and we were discussing creating a website, a blog and video tutorial site together at some point. Life, projects, kids, COVID and home ownership got in the way and we never really got around to tackling it. Then, about 3 weeks ago I saw a post on my timeline discussing docs as code. I read into it, and watched a conference video that really got me excited. Watch this presentation! Now that you are as excited as me, let’s dive in!
The first thing I did was look to see if any of my mutuals that I talk to a little bit use GitHub to host their website and check in, see what they used or thought about their site. Tony E aka shoipintbri has such a site, hosted on GitHub. I reached out and he said if he had to do it all over again he’d use: GitLabs, Hugo and RestructuredText.
After you create an account, it’s time to check our git version and or install it. I was working on Ubuntu 18.04 and the following commands will correspond as such.
Step 2: Install/Upgrade Git, for me I just had to upgrade
The next step is installing Hugo. Most of the documentation just says install the latest version of Hugo, which I did. But, once you get to looking at Hugo themes most of the new ones will want you to have the ‘extended version’ installed. The first time I stepped through this and my theme wasn’t working, it was because I didn’t have the ‘extended version’ installed. So, to save you a possible step, let’s just install the latest Hugo extended version straight away (I’m writing this to save the next person starting from scratch a little time). You won’t get the latest version using your package manager so we’ll pull it down with wget.
Step 3: Install the latest Hugo extended version (make sure you are downloading the version associated with your architecture/operating system)
wget https://github.com/gohugoio/hugo/releases/download/v0.81.0/hugo_extended_0.81.0_Linux-64bit.deb
sudo dpkg -i hugo_extended_0.81.0_Linux-64bit.deb
Hugo version # verify your version/install
rm hugo_extended_0.81.0_Linux-64bit.deb
At this point you have everything you need except for your Hugo theme, but we will get there. At this point move into a working directory you’ll want to use for your project. This is not necessarily needed but I like it.
Step 4: Make a working directory for your project and move into it
mkdir ~/Desktop/hugofthunder
cd ~/Desktop/hugofthunder
At this point, I set up git on my local machine to talk to the master of my newly created GitLabs account using SSH authentication.
Step 5: Create a public/private key pair
cd ~/.ssh/
ssh-keygen -t rsa -b 2048
cat id_rsa.pub
ssh -T git@gitlab.com/<your_username>
cd ~/<your_project_working_directory>
When you are logged into GitLabs you can paste the .pub you echoed above under your profile -> preferences -> ssh keys. The next thing to do before we start setting up Hugo is to set some global git configurations that correspond to your GitLab account.
If we are in the root of our working directory, it should literally be empty if you do an ls command, we can now do a git init command.
Step 7: git init
git init
If you’ve made it this far, it’s time to do our first Hugo command. Congratulations, you are almost to website creation time! The first command you run will name your project and create a new directory with that projects name.
Step 8: Time to fire up Hugo! Name it whatever you want, you don’t have to go with hello-world 🙂 After you run your Hugo new site command move into the newly created directory.
hugo new site hello-world
cd hello-world
If you ll or ls in your newly created directory you’ll see you have some basic files that associated with the barest of bare bones needed for your upcoming site.
This is a very exciting point in the project and this post. Here is where you will decide on what Hugo theme you want to run on your site. This is a configuration that will give a certain look/layout/feel to your website. Each theme has varying degrees of associated documentation but installing them all is pretty much the same. You either git clone or git submodule the theme as follows, and for demonstration purposes, I went with the codex theme.
Alright, at this point you will have a pretty basic page with placeholder text. This is still pretty cool right? How do you get this up on your GitLabs for everyone to see?! You are about to find out!
The first thing we will need to do is decide on a project name as it will appear on GitLabs. For my website I chose the name ‘jobapp’ and used the following command to create it.
Step 10: Your first git push
# this will be down from the <working directory>/<your project> directory (the root of your project)
git add .
git remote add origin git@gitlab.com:<gitlabs_group_name/project_name>
git commit -m "init commit for project"
git push -u origin master
In about 30 – 90 seconds you should be able to refresh your GitLabs account and see your newly created project created along with the files and directories that were in the root of your project locally. The next thing to do is to talk about the files associated with getting this website up and running. There are two main files, the first I will discuss is called ‘config.toml’ and should be seen in the root of your project if you do an ls. If you go back to your themes documentation, which in my case was the Codex theme they will usually have a .toml config file to copy and paste into your .toml
In the .toml the only other thing you HAVE to change is the ‘baseURL’ to match what will be your URL on GitLabs. This will be the ‘root’ level so to speak of your website and all the sub directories will fall off this base. If this isn’t set correctly your website will not render correctly on GitLabs. I’ll show you in a few steps where to find this address.
The second configuration file is what GitLabs uses to create your site. You create this file on the root of your project locally as well, same place the .toml is located and name it ‘.gitlab-ci.yml’ I used vim for this task but you can use any other txt editing application without any judgment (from me anyway).
Step 12: Create a .gitlab-ci.yml file
vim .gitlab-ci.yml
Let me show you what’s in my gitlab-ci.yml file and explain the most important part.
image: registry.gitlab.com/pages/hugo/hugo_extended:latest
variables:
GIT_SUBMODULE_STRATEGY: recursive
test:
script:
- hugo
except:
- master
pages:
script:
- hugo
artifacts:
paths:
- public
only:
- master
For just about every theme I tested out, as mentioned earlier, uses a Hugo extended version. Most of the how-to documentation for setting up your first site doesn’t have you install the extended version locally or call an extended version in your .yml file on GitLabs. Instead, they simply have you call the latest version of Hugo. This didn’t work for me, so to save you an hour of troubleshooting you can either navigate to the exact version of Hugo you want to spin up on GitLabs or simply cut and paste ‘image: registry.gitlab.com/pages/hugo/hugo_extended:latest’ and make sure you are using the extended version.
What GitLabs does, to my understanding, is run a script that spins up a Hugo image and runs a script to create and render your website whenever there is a change. Alternatively, you can run Hugo locally to create your .html files and upload those to GitLab but I won’t be covering that here.
At this point, we can do another git commit to add our edited .toml and newly created .yml to our GitLabs project. This .yml is what GitLabs will use to create your page so after this commit we will be able to verify what our URL is and verify we have the correct address in your .toml config file under baseURL.
Now it is time to go to your GitLab project. On the left side you can scroll down to Settings -> Pages. It is in this location you can verify your baseURL. You can also go to this url to see how your site is currently looking. If you need to change your baseURL in your .toml file you simply make your changes and then push them to GitLabs.
From this point you should have a working site on GitLabs. You’ll need to read your themes documentation on how to create additional posts and how to further edit and personalize your site. Each theme may do things a little different so it is of no use to continue down that train as the documentation for the theme is what you should follow.
I ended up creating https://githugs.gitlab.io/jobapp/ in which I have a simple homepage and then two blog posts. This took me about 8 hours but if I was to follow what I just wrote I could probably accomplish the same thing in 30-45 minutes.
If you made it this far, thanks for reading and I hope you got something out of it. The following is a quick aside as to why I created a site in the first place 🙂
As you can see from the website I created I was trying to get Pete Lumbis’ (who works at Cumulus/NVIDA networking) attention in hopes to start a conversation for a job ask he posted publicly. I’ve been a fan of Cumulus Linux since I first started learning about networking. Most of all, I like that they have their VMs and vagrant boxes publicly available. You don’t have to have a previous relationship with a sales rep to get access or worry about a 30 day license or something. Secondly, their VM can run on less on GB of RAM. This is huge, you can have a little lab going with 6 devices easily with a regular old laptop. No expensive hardware needed. Lastly, both layer 2 and layer 3 work great. With Junos you have to have two VMs up with an internal bridge to do what Cumulus Linux does right out of the box. Cisco VMs are hard to come by and want all of the resources. Thus, Cumulus Linux is great for those that want to spin something up fast and have all the features you are looking for to learn networking fundamentals. If you are up for learning Cumulus check out my friend Aninda Chatterjee‘s new PluralSight course: Cumulus – The Big Picture.
In this episode we talk to Jeff Clark, a Sales Engineer at Fortinet. Jeff discusses how he went from a mortgage broker, to Network Engineer, to SE, as well as what the SE role is all about.
No matter what the specific role, as an IT professional, you are going to be tasked to solve problems. Whether you are in a direct support role, part of an escalation team, or on the architecture/engineering team, you are potentially seen as someone who “fixes all the things”. Sometimes though, I think it can be easy for us to fall into a trap of quickly jumping to conclusions and getting “into the weeds” in potentially an incorrect direction. I’ll admit, I am definitely guilty of this from time to time. This can be for many reasons, from we feel pressured to find a resolution quickly, to assuming that problem is more technical than it is just because it seems somewhat similar to something that happened in the past. In this post, we’ll go through a high-level troubleshooting method that I like to use when problems arise.
In our studies to become IT/Network professionals, one thing that is good to learn or at least know of, is the OSI (Open Systems Interconnection) Model. The OSI Model is a framework that can be used to standardize and understand the different components of a network or computing system. Here is a list of the layers of the OSI model and how they are displayed.
7 – Application
6 – Presentation
5 – Session
4 – Transport
3 – Network
2 – Data Link
1 – Physical
Now, don’t worry. I’m not going to go in depth on each layer, nor am I an expert in each. I mainly just wanted to show the full model list to help explain my thought process when troubleshooting. I will not say that I use this as a definitive method and have to exhaust each layer before even thinking about the next. I merely like to think of the OSI Model as a high level guide to help get mind right went sifting through problems. Thinking through at least parts of this model give me a starting point and keep me in check from getting deep “into the weeds” before it is necessary to do so. An example of this is, for a connectivity issue, should I really be looking in routing tables for a potential problem before I’ve even validated power and physical connectivity of the problem device(s)? At least keeping the OSI Model in mind can keep me on a more narrow path to trying to find that problem resolution quickly. Here are some examples (not an exhaustive list) that can be used in troubleshooting when thinking about some of these layers (typically in this layer order). Like eluded to in the previous example, I find it helpful to take a bottom-up approach when looking at the OSI Model.
Physical
Is all of necessary equipment powered and booted properly?
Are all of the proper physical connections made and functioning without apparent errors?
For wireless, is the device (or devices) able to associate and authenticate to the proper SSID?
Data Link
Are MAC addresses being learned on switchports?
Is Spanning Tree Protocol configured and functioning the way we expect?
Network (this a “fun” one)
IP Addressing
Are devices that are configured for DHCP receiving IP addresses?
Are devices that are set statically configured properly? By properly, I mean with:
A unique IP address.
A correct subnet mask.
A correct default gateway address.
Correct DNS servers.
A good reason to be set with a static address.
I bring this up with just a slight bit of snark here. Statically configuring devices with IP information adds a level of complexity and extra room for error (and I am specifically referencing static configuration, not DHCP reservations by MAC address). There are however, reasons to leverage statically configured IP addresses, so I will not say that they are no use cases.
Routing
Does the router have a correct ARP entry for the device(s).
Are routes being learned or statically defined correctly?
Ping and traceroute are your friends.
Security
Layer 3 (Network Layer) and above is where I really start to consider security factors in troubleshooting such as access control lists (ACLs) and/or true firewall rules.
Transport
Security/ACL/Firewalling.
Session
Not a layer I specifically consider in at least initial, high level troubleshooting.
Presentation
Not a layer I specifically consider in at least initial, high level troubleshooting.
Application
Is the application functioning or being used/accessed as expected?
Security/ACL/Firewalling.
To close this out, I am by no means saying to print out the OSI Model, keep it next to you always, and follow it as an exact step by step troubleshooting method. I am more suggesting to leverage this model to give yourself somewhere to start, and some guidelines, when troubleshooting. We all want to resolve issues quickly and efficiently to keep our customers/clients/co-workers happy, and so we can get on to the next fun and exciting adventure!
“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!
Meet Christine!
Christine Pappas, also known as @networkgeekgirl, is a network engineer in Maryland, USA. Christine has spent much of her life in Maryland, leaving for just four years to pursue higher education at Ferrum College in southwest Virginia. Prometric, LLC is the company Christine works for currently and has for twenty one years now. Prometric is a leading provider of technology-enabled testing and assessment solutions worldwide. Christine started at Prometric as an administrative assistant to the IT department with minimal tech knowledge. As she saw the operations of the department, she asked to learn more, and they were more than happy to oblige. First, Christine worked additional hours on the weekends, providing Level 1 support in the data center by monitoring processes and engaging the on-call staff to respond to issues that arose. She then expanded her responsibilities by becoming the technical writer for the processes that she had been monitoring by creating clear instructions for all necessary tasks. Continuing her technical growth, Christine spent time as an FTP administrator, and also joined the security team for a period of time, running reports, and checking for security issues on the network. Then, came the biggest career step. Someone was moving out of the network department, which had been an area of interest for Christine. Christine’s manager and director offered her a transition to that team to learn network engineering. This was about thirteen years ago, and Christine jumped at the opportunity, and has been learning ever since. Initially, she handled the “grunt work” and learned about Juniper and Netopia routers. After a few years of learning and growth, she got the opportunity to work daily on the Cisco routers and switches. Christine now works on both the campus and data center Cisco environments, providing design and implementation expertise for the global enterprise. She has also become the SME for the wireless and VPN disciplines. A love for playing in the CLI is what drew Christine to an IT profession. Understanding that the infrastructure that she designs and implements is a lifeline to the business is very rewarding for her. Christine’s goals and next steps are what I would deem well thought out and methodical. The short term goals are to become a senior network engineer, and to obtain a CCNP certification. Christine is taking it one step at a time so that her goals are achievable. She enjoys leveraging the knowledge that she has gained throughout her career and using it to teach up and coming junior engineers.
What do you want to be when you “grow up”? Senior Network Engineer, with CCNP, CCDP and eventually (possibly) CCIE.
What advice do you have for aspiring IT professionals? Study every day, even if it is for only 10 min, make sure you learn one new thing. The best way to learn is to do and do often, so labbing or working on real equipment is key to solidifying that in your brain. Figure out how you retain knowledge best and use that method. Listen in on troubleshooting calls to learn real world issues and how they are resolved. As you grow, help others with your new knowledge, don’t keep it all inside your own mind.
What is something you enjoy to do outside of work? Spending time with my family is my number one priority. My husband and I love to travel (pre-COVID). Reading and singing (many moons ago I did get a degree in Music) are my passions.
How do you manage your work/life balance? Managing that balance has been more difficult this past year in COVID times. I have learned to work from home full time, while helping my 3 girls do virtual school, and try to keep us all sane from being locked down in the house. I have had to learn to be patient with myself and determine how much work I could get done in a day realistically. Two of my girls have medical issues, so at times I am forced to balance work with doctor appts (my bosses and coworkers are amazing with this). I take time out in the evenings and weekends to watch true crimes or DIY shows with my husband, sit, and talk with him and the kids, plan future travel, and just be around each other. I talk or FaceTime with family and friends. When I need my own space, I will read or scroll social media. Time is a premium around here – I have 3 very different children who all rely on me in various ways. I am also now a passenger as my oldest learns to drive, so that tends to take your mind off everything else!
What motivates you on a daily basis? My kids – seeing them grow and learn and wanting to give them a positive role model. They love me as mom, but also see me studying for exams, and ‘hacking the world’ as they call it when I am connected in CLI. They see a woman in a predominately and historically man’s role, and I hope that they see their own possibilities are endless if they work hard for what they want.
Bert’s Brief
Strength, determination, and compassion are three (among many) traits that Christine Pappas wields on a daily basis. She has seen every challenge in front of her as an opportunity to practice and grow her skill sets. While she been with the same company for the last 20+ years, she has taken different roles to broaden knowledge in different areas. I really think there is a lot to be said for that. Even more so, Christine has been able to advance her career while still making her family and friends priorities, and finding balance, which is very impressive. Christine also finds time to be an active member in the It’s All About the Journey community, providing perspective, guidance, and encouragement. I can’t wait to hear her named called on the AONE podcast when she passes the Cisco ENCOR exam later this year!
In this episode Dan and Andy discuss the technical interview with special guest, Tim McConnaughy. Tim is a Technical Solutions Architect at Cisco who has a lot of experience on both sides of the technical interview table. The guys talk about their personal experiences with technical interviews, how to prepare for one and how to stand out at your next technical interview.
You’ve made it to the 4th and final post in the OSPF Route Optimization series, I’m proud of you! I honestly wasn’t sure if I’d make it this far, myself. Anyway, in this post we will build upon the work we accomplished in post 3, in which we converted our flat, single area OSPF topology into multi-area OSPF with each site having a boundary between area 0 and the local area (1, 2, 3, or 4 per site). By just implementing multiple areas, we do not yet see a large benefit. Our routing table sizes are still larger than they need to be. In this post, we will leverage route summarization in our area border routers to start seeing that benefit of smaller routing tables. Multi-area OSPF is what makes route summarization possible. Just like the last post, to avoid too much clutter, we will focus in on site1-dist and site1-access1. Keep in mind, that the rest of the topology is getting configured also, just behind the scenes. First, let’s get a refresher on our topology.
With OSPF, route summarization is implemented in the area border routers. In our case here, this will be done in the “dist” switch at each site. For the purposes of this demonstration, we will summarize the route advertisements of the entire /16 of each local site network. In the output below, we will take a look at the configuration on site1-dist, then some “show” output from site1-dist and site1-access once the summarization configuration has taken place throughout the entire topology.
site1-dist
site1-dist#configure terminal
site1-dist(config-router)#area 1 range 10.1.0.0 255.255.0.0
site1-dist(config-router)#end
site1-dist#show ip route ospf
10.0.0.0/8 is variably subnetted, 29 subnets, 4 masks
O 10.1.0.0/16 is a summary, 00:04:38, Null0
O 10.1.11.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
O 10.1.12.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
O 10.1.13.0/24 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
O 10.1.21.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
O 10.1.22.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
O 10.1.23.0/24 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
O 10.1.31.0/24 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
O 10.1.32.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
O 10.1.33.0/30 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
O 10.1.255.1/32 [110/11] via 10.1.200.2, 00:04:38, GigabitEthernet0/2
O 10.1.255.2/32 [110/11] via 10.1.200.6, 00:04:38, GigabitEthernet0/3
O 10.1.255.3/32 [110/11] via 10.1.200.10, 00:04:38, GigabitEthernet1/0
O IA 10.2.0.0/16 [110/21] via 10.100.0.1, 00:03:32, GigabitEthernet0/1
O IA 10.3.0.0/16 [110/21] via 10.100.0.1, 00:02:50, GigabitEthernet0/1
O IA 10.4.0.0/16 [110/21] via 10.100.0.1, 00:01:25, GigabitEthernet0/1
O 10.100.0.4/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
O 10.100.0.8/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
O 10.100.0.12/30 [110/20] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
O 10.100.255.255/32
[110/11] via 10.100.0.1, 00:04:38, GigabitEthernet0/1
As you can see, the configuration itself is simple and done within the router ospf instance. Due to the IP addressing plan we used, combined with multi-area OSPF and route summarization across the topology, we were able to reduce the OSPF routes in this Layer 3 switch from 64 down to 20 (including the /16 null route)!
site1-access1
site1-access1#show ip route ospf
10.0.0.0/8 is variably subnetted, 28 subnets, 4 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:12:46, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O IA 10.2.0.0/16 [110/31] via 10.1.200.1, 00:06:01, GigabitEthernet0/1
O IA 10.3.0.0/16 [110/31] via 10.1.200.1, 00:05:15, GigabitEthernet0/1
O IA 10.4.0.0/16 [110/31] via 10.1.200.1, 00:03:45, GigabitEthernet0/1
O IA 10.100.0.0/30 [110/20] via 10.1.200.1, 00:12:56, GigabitEthernet0/1
O IA 10.100.0.4/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
O IA 10.100.0.8/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
O IA 10.100.0.12/30 [110/30] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
O IA 10.100.255.255/32
[110/21] via 10.1.200.1, 00:12:42, GigabitEthernet0/1
Here, you can see that the downstream routers from the area border router also benefit from the route summarization as the OSPF routes in the site1-access1 routing table have been reduced to 19. I want to highlight that the routes from areas 2, 3, and 4 are now seen as single /16 routes to routers in area 1. This is a great start to shrinking the routing tables in our topology, but we can go further. Is there really a reason for the access layer switches to have routes to the other sites? I encourage you to take a look at the different stub area types next. Thanks for joining me on this journey, and until next time, happy routing!
In this episode the guys talk about the life of a cord cutter. The advantages and disadvantages of cord cutting over traditional TV, the backend wheelings and dealings that make pay-as-you-go options impossible in traditional distribution models and streaming’s impact on the global network.
So I’ve made it through just about all of the SANS SEC503 material. That’s no small accomplishment in it of itself and I already feel like I’ve leveled up a bit. I now know some of the secrets about the TCP handshake, checksums and window size 🙂 If you’ve followed me through my first three posts you know I’ve touched a bit on tcpdump, scapy and snort while going through the material.
The next big hurdle, which will be coming up in just over 60 days is my first GIAC exam. For those that don’t know, this is the certifying body that is directly relevant to the SANS courses. As I understand it, it’s a 4-hour exam in a PearsonVue type center that is open book/paper. Since it’s ‘open book’ and I have some 5 books of slides and another two books of labs, there has to be a method to organize this into something efficient and useful to a test taker. I’ve searched the web and watched some YouTube videos about how to prepare for a GIAC exam and I keep coming across the word ‘index.’ While the end of my book 5 does have an index, I looked through the terms and tried to imagine how useful it would be, and my conclusion is not much.
Sheesh. So, anyone take a GIAC exam ever do an index for exam?
To be fully transparent, I started writing this blog post as something to put out there in public to hold myself to completing this indexing task and I’m currently about 18% through I’d estimate. The plan is to reread each book and then pull out the relevant information I think would be useful if I need to reference something quick related to the topic. I’ve decided I’m going to break up my key terms by protocol and/or tool, sometimes making an entry for both referencing the same page number.
Once I get through rereading all the books and completing my index, I’m going to type it up and sort. From there I’ll deliberate the most useful format for the index and set aside some time for a practice exam. Depending on how the practice test goes will give me an idea of what I need to tinker with to be my most successful test taker self. Luckily, I have two practice exams so I get to try out my improved plan before going in on the actual exam.
I’ll do a post later when I’m further along in the process, but like I mentioned above I’m just writing a quick note and putting this out there to help hold myself accountable. If you see me out there tweeting too much Heat basketball send me a dm and let me know what the real goal is 🙂 Till next time!
In this episode, we talk with Peter Brown, co-author of Make it Stick! Peter is one of the team of three authors that wrote Make it Stick: The Science of Successful Learning. Peter explains the original idea for the book, the team discusses many of the tactics for successful learning outlined within the book, and Peter elaborates on the team’s findings.
Peter is a New York Times best selling author. In addition to co-authoring Make It Stick Peter has written several other books. You can find more on Peter and his books, on his website: https://www.petercbrown.com/index.php
To get your copy of Make it Stick: The Science of Successful Learning, grab it here: https://amzn.to/3qKGkl5
In this post of the OSPF Route Optimization series, we take a look at multi-area OSPF. As stated before, while single-area OSPF provides us with global IP reachability, it tends to not scale well from an efficiency standpoint as the network grows. In our sample topology, we will treat the “inside” zone of each site as its own area while leaving the distribution to core layer in area 0. With our IP address design, doing this will allow us to perform IP summarization and shrink the size of our routing tables. Here is an updated view of our topology and in the output shown in the rest of this post, we will work with area 1 (site 1).
As a reminder, here is what the routing table (OSPF routes) looks like on access switch #1 at site #1 with single area OSPF.
site1-access1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1
O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1
O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1
O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1
O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1
O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1
O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
O 10.100.255.255/32
[110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
We will now start our configuration of multi-area OSPF. For brevity, in this post we will focus on site #1, specifically the distribution switch and one access switch. The configuration is similar for the rest of the network. Disclaimer: similar changes in a production environment should be planned, coordinated, and performed in a maintenance window that allows for downtime.
site1-dist
site1-dist#show ip int brief | exclude unassigned
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/1 10.100.0.2 YES TFTP up up
GigabitEthernet0/2 10.1.200.1 YES TFTP up up
GigabitEthernet0/3 10.1.200.5 YES TFTP up up
GigabitEthernet1/0 10.1.200.9 YES TFTP up up
Loopback0 10.1.255.255 YES TFTP up up
site1-dist#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.255
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
GigabitEthernet1/0
GigabitEthernet0/3
GigabitEthernet0/2
GigabitEthernet0/1
Routing Information Sources:
Gateway Distance Last Update
10.2.255.255 110 22:12:43
10.3.255.255 110 22:12:16
10.4.255.255 110 22:12:16
10.100.255.255 110 22:12:53
10.4.255.1 110 22:12:16
10.4.255.3 110 22:12:05
10.4.255.2 110 22:12:16
10.3.255.2 110 22:12:16
10.2.255.3 110 22:12:43
10.3.255.3 110 22:12:16
10.2.255.2 110 22:12:43
10.1.255.1 110 22:12:53
10.2.255.1 110 22:12:43
10.1.255.2 110 22:12:53
10.3.255.1 110 22:12:16
10.1.255.3 110 22:12:53
Distance: (default is 110)
site1-dist#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
site1-dist(config)#int range gi0/2-3, gi1/0, lo0
site1-dist(config-if-range)#ip ospf 1 area 1
site1-dist(config-if-range)#
*Nov 22 17:17:54.010: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.1 on GigabitEthernet0/2 from FULL to DOWN, Neighbor Down: Interface down or detached
*Nov 22 17:17:54.018: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.2 on GigabitEthernet0/3 from FULL to DOWN, Neighbor Down: Interface down or detached
*Nov 22 17:17:54.026: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.3 on GigabitEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
site1-dist(config-if-range)#
*Nov 22 17:17:59.544: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID from backbone area from 10.1.200.10, GigabitEthernet1/0
In the above output for site1-dist, we can see that the interface connecting to the core (gi0/1) is left in the backbone area (area 0). All other interfaces that can be seen as “local” to the site (including the router’s loopback 0 interface, which is used as the OSPF router ID) are moved into area 1. For site 2, we are using area 2, site 3 is area 3 and site 4 is area 4. You can see that as soon as the interfaces connecting to the access layer switches are moved into, area 1, we lose OSPF neighborship with them on site1-dist because there is now an area ID mismatch in the hello messages between site1-dist and the access layer switches that are still in area 0. This is why in a production environment, that this would need to be done in a communicated maintenance window. We will now configure the necessary interfaces on site1-access1. The same would be configured on the other access layer switches at site 1 as well as the rest of the access layer switches at the other sites in the topology, just with their respective area IDs.
site1-access1
site1-access1#show ip int brief | exclude unassigned
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/1 10.1.200.2 YES TFTP up up
Loopback0 10.1.255.1 YES TFTP up up
Loopback11 10.1.11.1 YES TFTP up up
Loopback12 10.1.12.1 YES TFTP up up
Loopback13 10.1.13.1 YES TFTP up up
site1-access1#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
Loopback11
Loopback12
Loopback13
GigabitEthernet0/1
Routing Information Sources:
Gateway Distance Last Update
10.2.255.255 110 23:43:05
10.3.255.255 110 23:42:37
10.1.255.255 110 23:43:16
10.4.255.255 110 23:42:27
10.100.255.255 110 23:43:16
10.4.255.1 110 23:42:27
10.4.255.3 110 23:42:17
10.4.255.2 110 23:42:17
10.3.255.2 110 23:42:37
10.2.255.3 110 23:43:05
10.3.255.3 110 23:42:27
10.2.255.2 110 23:42:55
10.2.255.1 110 23:43:05
10.1.255.2 110 23:43:16
10.3.255.1 110 23:42:27
10.1.255.3 110 23:43:16
Distance: (default is 110)
site1-access1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
site1-access1(config)#int range gi0/1, lo0, lo11-13
site1-access1(config-if-range)#ip ospf 1 area 1
site1-access1(config-if-range)#
*Nov 22 18:50:38.694: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.255.255 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
site1-access1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.255.255 0 FULL/ - 00:00:36 10.1.200.1 GigabitEthernet0/1
In this simulation, the client subnets are represented as loopback interfaces. In “real life” they would most likely be switch virtual interfaces (SVIs). As stated in the last post, for the lab, I set the client subnet represented loopback interfaces with the “ip ospf network point-to-point” command. This way, OSPF would advertise the entire /24 subnets rather than just the /32 loopback addresses. We can see that all interfaces on site1-access1 are moved into area 1. As soon as interface gi0/1 (connecting to site1-dist) is added into area 1, the OSPF neighborship comes back online. For all router to router connections in this lab we are leveraging “ip ospf network point-to-point”. That is why we do not see any DRs or BDRs in the “show ip ospf neighbor” outputs.
We are now going to fast forward. All routers (Layer 3 switches) in the topology have been configured properly for multi-area OSPF as shown in the diagram at the beginning of this post. Let’s now take a look at some show commands from site1-dist and site1-access1 now the entire topology has been configured.
site1-dist
site1-dist#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.255
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
GigabitEthernet0/1
Routing on Interfaces Configured Explicitly (Area 1):
Loopback0
GigabitEthernet1/0
GigabitEthernet0/3
GigabitEthernet0/2
Routing Information Sources:
Gateway Distance Last Update
10.2.255.255 110 00:04:09
10.3.255.255 110 00:03:28
10.4.255.255 110 00:02:53
10.100.255.255 110 00:17:48
10.1.255.1 110 00:17:38
10.1.255.2 110 00:17:48
10.1.255.3 110 00:17:38
Distance: (default is 110)
site1-dist#show ip route ospf
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.11.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
O 10.1.12.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
O 10.1.13.0/24 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
O 10.1.21.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
O 10.1.22.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
O 10.1.23.0/24 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
O 10.1.31.0/24 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
O 10.1.32.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
O 10.1.33.0/30 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
O 10.1.255.1/32 [110/11] via 10.1.200.2, 00:18:11, GigabitEthernet0/2
O 10.1.255.2/32 [110/11] via 10.1.200.6, 00:18:21, GigabitEthernet0/3
O 10.1.255.3/32 [110/11] via 10.1.200.10, 00:18:11, GigabitEthernet1/0
O IA 10.2.11.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.12.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.13.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.21.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.22.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.23.0/24 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.31.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
O IA 10.2.32.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
O IA 10.2.33.0/24 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
O IA 10.2.200.0/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.200.4/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.200.8/30 [110/30] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.255.1/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.255.2/32 [110/31] via 10.100.0.1, 00:18:01, GigabitEthernet0/1
O IA 10.2.255.3/32 [110/31] via 10.100.0.1, 00:17:58, GigabitEthernet0/1
O IA 10.2.255.255/32 [110/21] via 10.100.0.1, 00:04:43, GigabitEthernet0/1
O IA 10.3.11.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.12.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.13.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.21.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.22.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.23.0/24 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.31.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.32.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.33.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.200.0/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.200.4/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.200.8/30 [110/30] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.255.1/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.255.2/32 [110/31] via 10.100.0.1, 00:17:40, GigabitEthernet0/1
O IA 10.3.255.3/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.3.255.255/32 [110/21] via 10.100.0.1, 00:04:01, GigabitEthernet0/1
O IA 10.4.11.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.12.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.13.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.21.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.22.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.23.0/24 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.31.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.32.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.33.0/24 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.200.0/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.200.4/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.200.8/30 [110/30] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.255.1/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.255.2/32 [110/31] via 10.100.0.1, 00:17:30, GigabitEthernet0/1
O IA 10.4.255.3/32 [110/31] via 10.100.0.1, 00:17:29, GigabitEthernet0/1
O IA 10.4.255.255/32 [110/21] via 10.100.0.1, 00:03:27, GigabitEthernet0/1
O 10.100.0.4/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
O 10.100.0.8/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
O 10.100.0.12/30 [110/20] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
O 10.100.255.255/32
[110/11] via 10.100.0.1, 00:18:21, GigabitEthernet0/1
site1-access1
site1-access1#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.255.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 1):
Loopback0
Loopback11
Loopback12
Loopback13
GigabitEthernet0/1
Routing Information Sources:
Gateway Distance Last Update
10.1.255.255 110 00:06:19
10.1.255.2 110 00:22:56
10.1.255.3 110 00:22:56
Distance: (default is 110)
site1-access1#show ip route ospf
10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks
O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:09:02, GigabitEthernet0/1
O IA 10.2.11.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.12.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.13.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.21.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.22.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.23.0/24 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.31.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
O IA 10.2.32.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
O IA 10.2.33.0/24 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
O IA 10.2.200.0/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.200.4/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.200.8/30 [110/40] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.255.1/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.255.2/32 [110/41] via 10.1.200.1, 00:23:41, GigabitEthernet0/1
O IA 10.2.255.3/32 [110/41] via 10.1.200.1, 00:23:34, GigabitEthernet0/1
O IA 10.2.255.255/32 [110/31] via 10.1.200.1, 00:08:44, GigabitEthernet0/1
O IA 10.3.11.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.12.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.13.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.21.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.22.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.23.0/24 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.31.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.32.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.33.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.200.0/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.200.4/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.200.8/30 [110/40] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.255.1/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.255.2/32 [110/41] via 10.1.200.1, 00:23:03, GigabitEthernet0/1
O IA 10.3.255.3/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.3.255.255/32 [110/31] via 10.1.200.1, 00:07:59, GigabitEthernet0/1
O IA 10.4.11.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.12.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.13.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.21.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.22.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.23.0/24 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.31.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.32.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.33.0/24 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.200.0/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.200.4/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.200.8/30 [110/40] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.255.1/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.255.2/32 [110/41] via 10.1.200.1, 00:22:47, GigabitEthernet0/1
O IA 10.4.255.3/32 [110/41] via 10.1.200.1, 00:22:45, GigabitEthernet0/1
O IA 10.4.255.255/32 [110/31] via 10.1.200.1, 00:07:21, GigabitEthernet0/1
O IA 10.100.0.0/30 [110/20] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O IA 10.100.0.4/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O IA 10.100.0.8/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O IA 10.100.0.12/30 [110/30] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
O IA 10.100.255.255/32
[110/21] via 10.1.200.1, 00:23:58, GigabitEthernet0/1
In conclusion of this post, let’s go over some key takeaways from the perspectives of site1-dist and site1-access1 now that multi-area OSPF has been configured throughout the topology.
site1-dist
In the output of “show ip protocols”, the list of routing information sources has decreased to the following. The reason for this is because site1-dist now has interfaces in area 1 as well as area 0. Routing information will only be seen as sourced from routers within area 1 and area 0.
10.2.255.255 (site2-dist)
10.3.255.255 (site3-dist)
10.4.255.255 (site4-dist)
10.100.255.255 (core)
10.1.255.1 (site1-access1)
10.1.255.2 (site1-access2)
10.1.255.3 (site1-access3)
In the routing table, any route outside of 10.1.x.x (area 1) and 10.100.x.x (area 0) is seen as an inter-area (IA) route.
site1-access
In the output of “show ip protocols”, the list of routing sources has decreased to the following. The reason for this is because site1-access1 now only has interfaces in area 1. Routing information will only be seen as sourced from routers within area 1.
10.1.255.255 (site1-dist)
10.1.255.2 (site1-access2)
10.1.255.3 (site1-access3)
In the routing table, any route outside of 10.1.x.x (area 1) is seen as an inter-area (IA) route.
Alright, we have multi-area OSPF set up across the topology, but our routing tables still look pretty heavy and cluttered. Well, the base multi-area OSPF configuration just set the stage for the next tool in our OSPF toolbox, which is route summarization. Join me in the next post, and we will leverage route summarization in our area border routers (the dist switch at each site) and shrink the size of our routing tables.
In this episode, we talk to Tim Bertino! Tim is part of the AONE family working on our blog. He is the author and creator of the Faces of the Journey series, and he helps to find, and create, binge worth content for our website. When Tim isn’t working on the blog he is working in the healthcare industry. He shares his journey into IT and then he flips the script and starts asking us the questions!
In this second post of the OSPF Route Optimization series, we take a look at our sample topology network configured with a single OSPF area. We will see that while we have global IP reachability throughout the network, the routing tables are not very efficient, and this design may not scale well. Here is another look at our topology, this time showing that the routers in the entire network are all members of the backbone area, OSPF area 0 (zero).
In the following “show” output, we will take a look at the OSPF related configuration for site1-dist and one of the site1-access switches. Remember that in this topology, we are working with a routed access design, so the virtual routers for the client subnets live on the access-layer switches. Rather than using SVIs at the access layer, for this demonstration, we are leveraging loopback interfaces to simulate client routers (each access-layer switch has three client subnets). By default, the loopback OSPF network type will only advertise a /32 host route, so for this demonstration, the OSPF network type on the loopback interfaces has been changed to “point-to-point”. By doing this, although they are loopback interfaces, the full /24 subnets will be advertised.
site1-dist
site1-dist#show ip route connected Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 57 subnets, 3 masks C 10.1.200.0/30 is directly connected, GigabitEthernet0/2 C 10.1.200.4/30 is directly connected, GigabitEthernet0/3 C 10.1.200.8/30 is directly connected, GigabitEthernet1/0 C 10.1.255.255/32 is directly connected, Loopback0 C 10.100.0.0/30 is directly connected, GigabitEthernet0/1
site1-dist#show ip protocols Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 10.1.255.255 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: Routing on Interfaces Configured Explicitly (Area 0): Loopback0 GigabitEthernet1/0 GigabitEthernet0/3 GigabitEthernet0/2 GigabitEthernet0/1
site1-access-1
site1-access1#show ip route connected Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks C 10.1.11.0/24 is directly connected, Loopback11 C 10.1.12.0/24 is directly connected, Loopback12 C 10.1.13.0/24 is directly connected, Loopback13 C 10.1.200.0/30 is directly connected, GigabitEthernet0/1 C 10.1.255.1/32 is directly connected, Loopback0
site1-access1#show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "application" Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Maximum path: 32 Routing for Networks: Routing Information Sources: Gateway Distance Last Update Distance: (default is 4) Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 10.1.255.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: Routing on Interfaces Configured Explicitly (Area 0): Loopback0 Loopback11 Loopback12 Loopback13 GigabitEthernet0/1
site1-access1#show ip route ospf Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 73 subnets, 3 masks O 10.1.21.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1 O 10.1.22.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1 O 10.1.23.0/24 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1 O 10.1.31.0/24 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.32.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.33.0/30 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.200.4/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.200.8/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.255.2/32 [110/21] via 10.1.200.1, 00:07:01, GigabitEthernet0/1 O 10.1.255.3/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.1.255.255/32 [110/11] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.2.11.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.12.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.13.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.21.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1 O 10.2.22.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1 O 10.2.23.0/24 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1 O 10.2.31.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.32.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.33.0/24 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.200.0/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.200.4/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.200.8/30 [110/40] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.255.1/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.255.2/32 [110/41] via 10.1.200.1, 00:06:27, GigabitEthernet0/1 O 10.2.255.3/32 [110/41] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.2.255.255/32 [110/31] via 10.1.200.1, 00:06:37, GigabitEthernet0/1 O 10.3.11.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.12.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.13.0/24 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.21.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.22.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.23.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.31.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.32.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.33.0/24 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.200.0/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.200.4/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.200.8/30 [110/40] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.255.1/32 [110/41] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.3.255.2/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.255.3/32 [110/41] via 10.1.200.1, 00:06:06, GigabitEthernet0/1 O 10.3.255.255/32 [110/31] via 10.1.200.1, 00:06:16, GigabitEthernet0/1 O 10.4.11.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.12.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.13.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.21.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.22.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.23.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.31.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.32.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.33.0/24 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.200.0/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1 O 10.4.200.4/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1 O 10.4.200.8/30 [110/40] via 10.1.200.1, 00:05:48, GigabitEthernet0/1 O 10.4.255.1/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.255.2/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.255.3/32 [110/41] via 10.1.200.1, 00:05:38, GigabitEthernet0/1 O 10.4.255.255/32 [110/31] via 10.1.200.1, 00:05:48, GigabitEthernet0/1 O 10.100.0.0/30 [110/20] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.100.0.4/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.100.0.8/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.100.0.12/30 [110/30] via 10.1.200.1, 00:07:11, GigabitEthernet0/1 O 10.100.255.255/32 [110/21] via 10.1.200.1, 00:07:11, GigabitEthernet0/1
You can see the large size of the access-switch routing table in the “show ip route ospf” output at the end. OSPF, like other routing protocols will provide you global reachability, but when left to default settings, it can quickly become cumbersome. In the next post, we will bring out the first tool in our OSPF optimization toolbox, which is leveraging multiple areas.
In this episode, the boys take a moment to talk about mental health. They stress how important it is to take time and make sure to take good care of your mental health. If you’re going through difficult times it’s okay. It’s okay to have feelings and emotions, don’t hold that stuff in. As always, seek medical help if you’re struggling.
Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
When it comes to global reachability within an organization, dynamic routing is a beautiful thing. There are multiple internal gateway protocols (IGPs) out there, but in this series of posts, we are going to focus on OSPF. Taking this focus a step further, we will go through IP/subnet design and routing table optimization.
As with any task in network infrastructure, you need to understand your requirements before you can develop and present a design. With dynamic routing implementation, once you understand your requirements, then comes the fun part of design. To me, it’s not just picking a protocol and off you go. You will want a routing domain that is simple, efficient, and scalable. The foundation for these pillars is IP address/subnet design.
Simplicity – Being able to quickly understand a network from a Layer 3 perspective is important when it comes to operations, troubleshooting, and future design. Having a well thought out IP scheme is essential.
Efficiency – Proper IP design allows for route summarization, which leads to smaller routing tables. This is good for both the routers and the network staff. The routers can perform lookups efficiently and the administrators/engineers can more easily understand the routing table. A happy engineer equals a happy network, right?
Scalability – This feeds off of efficiency. Summarization and smaller routing tables can scale well with the organization.
In this series of posts, we will go through an OSPF design example progressing from single area to multi-area OSPF to optimize routing tables throughout the OSPF domain. The topology itself is a simple hub and spoke design with a core at the “hub” connects to multiple outlying sites as the “spokes”. Each spoke has a distribution layer switch with three access layer switches connected to it. This is a routed access design with IP routing all the way to the edge (access layer). This means that we do not have VLANs trunked between the distribution and access layer. In “traditional” routed networks, a strong, well thought out IP address design is incredibly important for efficiency and scalability. I put “traditional” in quotes because software defined networks with overlay technologies are really changing the game when it comes to routing and IP address design. Throughout this series, we will be thinking in terms of a traditional network exclusively.
With IP address design in mind, I decided to set up each site with its own /16 IP network. Each access layer switch has three subnets of the respective /16s attached, that are participating in OSPF. The reason behind this is for summarization and routing table efficiency and scalability. This will be seen and explained throughout this series. In the next post, we will see this topology built out as a single OSPF area to see that improvements can be made to support efficiency and scale.
As a refresher for this series, here is a list of OSPF LSA types:
In this episode, Andy and Aaron discuss their experiences as cable guys and how they contributed to their current IT positions. You’ll hear about the varied skillsets they obtained as cable technicians and how being a cable guy can be a great introduction into the technical arena.
Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
aSPY//YASa
apyyyyCY//////////YCa |
sY//////YSpcs scpCY//Pp | Welcome to Scapy
ayp ayyyyyyySCP//Pp syY//C | Version 2.4.3
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | Craft me if you can.
scccccp///pSP///p p//Y | -- IPv6 layer
sY/////////y caa S//P |
cayCyayP//Ya pY/Ya
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs
using IPython 7.11.0
I came across a pretty cool tool during the first part of section 3 of my SANS503 course: Scapy. Using this tool you can do many things, for example, read in packets, edit packets and create entirely new packets just to name a few.
The easiest way to get started it to just type out ‘scapy’ from your Linux cmd prompt and it’ll drop you into a what looks like an interactive python interpreter.
>>>
From here, you can begin to craft your packet[s]. To do this, you’ll create your packet by specifying values layer by layer. For example, you’ll give arguments for your Ethernet layer, IP layer and application layer. I like to use the built in functions to see what’s possible within a specific layer and view the specific syntax i’ll need:
Not that we need to put values in this field as scapy is smart enough to use our own IP stack to fill in the layer two values, with that being said, if we are going to create a packet we still need Ethernet headers. For the sake of this post, lets put some values in there cause it’s fun! Here’s how we do that:
>>> e = Ether(src="11:22:33:44:55:66", dst="77:88:99:AA:BB:CC")
Since we used the ls(Ether) function we know the exact syntax to use when creating our ‘e’ variable, specifically ‘src’ and ‘dst’ in this case. We can simply type our new variable ‘e’ to see it’s contents:
>>> e
<Ether dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
Next up, let’s build our IP header, again, the easist way to get started and make sure you know the correct syntax is to use the call the ls(IP) function:
Now we know the syntax for each part of the IP packet when we create our new variable. Let’s just specify the ‘src’ and ‘dst’ and leave every other value the scapy default.
>>> i = IP(src="10.0.0.1", dst="192.168.0.1")
>>> e
<Ether dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i
<IP src=10.0.0.1 dst=192.168.0.1 |>
>>>
Alright, now we can go up one layer and decide whether we want our packet to have a TCP or UDP header. Feeling inspired by a David Bombal tweet asking a question about traceroute, let’s go the UDP route. Checking out the Cisco documentation it looks like a traceroute is sent via UDP port 33434. If you’ve followed the post this far you should know the drill, let’s ls(UDP) to see what our options are and syntax to use when creating our variable for this header:
A couple of things to note at this point. First off, scapy will compute a correct checksum when we end up creating our packet if we don’t specify a value. Secondly, isn’t this fun?! Let’s create a UDP header with the variable ‘u’ and specify simply the destination port in accordance with traceroute documentation and leave everything else the scapy default:
>>> u = UDP(dport=33434)
>>> u
<UDP dport=33434 |>
Last but not least we need an ICMP header to complete our crafted traceroute packet. I’m just going to create the header with scapy defaults throughout.
>>> icmp = ICMP()
>>> icmp
<ICMP |>
I just remembered, if we are going to be ‘crafting’ a traceroute packet we will want to specify the TTL of 1 to start off, we don’t want to keep the default TTL. In order to do this we have to know which header specifies this value. It’s questions like these that I think crafting random packets really shines. We are getting to hammer down on layering, what’s in each header and soon we will be putting all those layers together. Before I get too happy let me go in and change the TTL in the IP header:
>>> i.ttl=1
>>> i
<IP ttl=1 src=10.0.0.1 dst=192.168.0.1 |>
Before we put it all together let’s take a look at everything we’ve done to this point in the order we will soon specify when we create our packet.
>>> e
<Ether dst=77:88:99:AA:BB:CC src=11:22:33:44:55:66 |>
>>> i
<IP ttl=1 src=10.0.0.1 dst=192.168.0.1 |>
>>> u
<UDP dport=33434 |>
>>> icmp
<ICMP |>
Remember that the order is important because we can tell scapy to smash these together however we want, but if we do that, devices won’t understand our packet. To put all our headers together we will use the variable ‘packet’ and ‘/’ between each variable.
One last thing, to close this post out, let’s export the viable ‘packet’ as a pcap file and then read in that file with tcpdump. If you need an intro on tcpdump I wrote a quick intro as my first attempt at a ‘technical’ type post a few weeks ago. We write our packet to a file using the wrpcap function:
We can see our source and destination MAC addresses have been inserted and it looks like my source IP got changed but the destination IP with the correct source port of 33434 like we specified are there and we can also see that the ttl is 1 like we specified. Hope you enjoyed this little walk through and are excited enough to dig into some reference docs and see all the things you can do with this application. Till next time!
In this episode Andy and A.J. discuss the jobs they had prior to getting into tech, and the decisions that ultimately led them to an IT Career path. You’ll hear the paths we almost took, why we ended up not taking them, and how Andy burned a car to the ground. Yeah you read that right.
Aaron has been busy but rest assured he will return soon, and Dan lost power just before we were scheduled to record. Life happens. Enjoy this episode from A.J. and Andy.
Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
The third section of my SANS503 course has a huge section, the second biggest of the entire course, dealing with some 110+ slides on snort. I’m not here to give you the history of snort, IDS/IPS placement within your enterprise or any of that, instead I just want to introduce you to the basic structure of a basic snort rule. The most important thing to takeaway from snort rules is that there is no concept of ‘or’ within a rule. It either matches and does the action or it doesn’t.
First things first, if you’re going to create your own custom rules you’ll specify the location of this file in your overall snort configuration file [snort.conf] which is by default ‘local.rules’. At this point you will have to decide upon which text editor you will use to create and edit your new rules. This can become a contentious conversation for some. For me:
vim local.rules
A rule consists of two main parts, a header and a body. The header is mandatory and the body is not. There are seven mandatory options in the snort rule header:
Action | Protocol | SourceIP | SourcePort | Direction | DestIP | DestPort
-------|----------|----------|------------|-----------|--------|----------
alert | ip | any | any | -> | same as| any
pass | tcp | IP | # | <> | Source | #
log | udp | IP/CIDR | | | IP |
drop | icmp | !IP | | | options|
sdrop | | $Variable| | | |
reject | | | | | |
The above chart doesn’t outline every option within each category but it should give you a pretty good overview of what’s possible within each spot. Most importantly, I’ll explicitly state that you can define vars in your snort.conf file and use those vars in your snort rule instead of hard coding them in the rule itself.
Here is an example of a header, including calling a variable:
alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS
Now let’s dig into the body a bit and go over some common options you may find in a rule body. The first thing we need to do is to start the body, and to do this we use a ‘(‘ after the header. Then notice how the keyword and argument are separated by ‘:’ , ended by a ‘;’ and the body is ultimately closed by ‘)’.
alert IP any any <> any any ( \
keyword:argument; \
keyword:argument_1,argument_2; )
Below is an example of some keywords and arguments in an actual rule:
alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
msg:"I LOVE SNORT"; \
sid:1000001; rev:1; \
content:"big_poop"; \
content:"SmellsBad", nocase; )
I’m pretty new at writing rules myself, but this is the format I like to use. After starting the body, I like to begin the body on a new line by using ‘\’ and having each keyword and it’s associated arguments having it’s own line. I find this much easier to see what’s going on if you have your rules written like this rather than all on one line. The ‘msg’ keyword will display in the log if this rule matches traffic so make sure you make it useful. Custom rules begin with a ‘sid’ of above 1 million and instead of making a new rule or ‘sid’ when you change something you can increment the ‘rev’ to keep track of the revision number. It’s also good practice to store your old rules, perhaps in a folder called rules.old so that you can rollback to a previous configuration of the rule if needed.
Content is probably the most common keyword to use within a snort rule. It will search for the content within the packets payload. The ‘nocase’ keyword simply tells snort that you don’t care about case and will match any case that matches your ‘content’ argument. You can further optimize the rule by telling snort where to look for the content by using the offset and depth keywords. Offset tells snort where to start looking, with offset 0 being the very beginning of the payload and depth tells snort how many bytes to look in.
alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
msg:"I LOVE SNORT"; \
sid:1000001; rev:1; \
content:"big_poop"; offset:4; depth:20; \
content:"SmellsBad", nocase; )
Beyond offset and depth, there are two relative pointers you can use. Distance will tell snort where to start looking for the content relative to where snort left off in your previous content argument. The within keyword is designed to be used with distance to instruct snort how many bytes to examine after it determines the starting point to search.
alert TCP $HOME_NET ANY -> ANY $HTTP_PORTS ( \
msg:"I LOVE SNORT"; \
sid:1000001; rev:1; \
content:"big_poop"; offset:4; depth:20; \
content:"SmellsBad", nocase; distance:20; within:10)
Now I know there are a bunch more ways to further optimize or specify your rule but this is only an intro to snort rules in general, not a masters thesis. With that said one fun thing to do when adding on to your rule or creating your rule for the first time is to run it against some traffic. If you have a pcap, look at the details of a packet and try to create a rule that will match that traffic.
You can run snort on a pcap by using the ‘-r <filename>’ option and then point to your snort conf file with the ‘-c <filename>’ option. Furthermore you can specify a filename for your log using the ‘-l <filename>’ option:
One last tip, when creating your rule it’s a good idea to create it line by line. After you add a line, specifying your rule further, test it against the traffic it’s designed to alert and make sure it’s still working they way you want before moving on. This makes troubleshooting your rule easier than if you go all out creating a multiple line rule and then realizing your rule isn’t catching traffic.
If you have further tips, feel free to leave a comment to let me know. I’m just starting myself and understand this is the best time to start building good habits 🙂 Till next time!
In this week’s episode, Andy and Aaron are absent, so it’s the Dan and A.J show! Dan and AJ talk about living in rural areas and the various challenges it can pose to the job market. They set the stage by talking about population sizes in their area and compare it to other areas, and then they discuss the related effects that can have on the job market. We also discuss the pros and cons of staying at one employer vs having multiple jobs.
Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
As many network professionals know, Type 0 (cleartext) passwords are a big no-no. With that said, Cisco introduced Type 7 and 5 passwords in the early 90s to protect stored passwords.
However, after more than 25 years, the Type 7 password type no longer serves its original purpose of keeping the password secret. That said, it is best practice to avoid it as much as possible.
Nowadays, the majority of network professionals know and use Type 5 passwords. While Type 5 is still sufficient with a strong password, did you know that it seems Cisco has deprecated it in favor of the new hashing algorithms?
Find out more about the new hashing algorithm here. In this article, I also demonstrated how to launch a dictionary attack on the hashing algorithm.
A.J., Dan, and Andy talk strategies for tracking progress on goals. As always, we get off the main topic but we cover a lot of great stuff in this episode, like how to properly use flashcards, using practice exams as a tool, and not waiting until just before your scheduled exam. We also celebrate breaking 30K downloads! All because of ya’ll!
Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
Bitcoin continues to be pioneering as the currency continues to hit all-time high every new season, particularly in 2020.. As at the time this article was written. It currently trades at $26,765. But one of Crypto’s interesting applications is not that individuals trade it to become richer. It’s about solving big challenges that make money for you. It’s about turning capitalist greed (the burden of making payment across countries) into unselfish open-source software.
Crypto doesn’t really have the best rep in the tech world, just about the same thing that happened when the internet started. But Crypto is just a slice of the cake. People often don’t talk about the technology in which Crypto is built upon, that is called “Blockchain.”
The term “Blockchain” always comes to my mind when I hear or read the word ” Cryptocurrency.” But the media frequently correlates “Cryptocurrency” with “illegal transactions.”
In this article, we will briefly examine how valuable the implementation of blockchain technology is being developed, as well as how this offers an enormous opportunity for individuals who study Network Engineering.
With Blockchain What Can You Achieve?
Beyond cryptocurrency, there are interesting things you can achieve with a blockchain:
A Data Which Does Not Change: A company like Twitter is a privately owned social media company. This means that the data can be changed at any time by anyone who has access to the company’s admin database. Unlike a company like Twitter and other Web 2.0 companies, a blockchain is owned by no one, meaning that no single owner can serve as a single source of information for other users.
Digital Scarcity: In a blockchain network, data may be owned by other users, but cannot be copied and distributed to other users. This gives value to an asset the user owns.
Payments: Since cryptocurrency has been integrated into the blockchain, sending valuable assets in the form of tokens such as Bitcoin, Ethereum, etc. has been made possible and smooth.
User Identification & Data Privacy: This one marvels me a lot because this is what Web 3.0 (Blockchain Web) is built upon. With user identification, a user is given a single blockchain address to sign into all web pages/web applications on the web. We will talk more about this on the next section. With data privacy, a user can control who has access to their information. For instance, if a user logs off a site, the site owners can no longer access their data directly. Unlike Web 2.0 in which the site owners have user credentials stored in their database.
Web 2.0 vs Web 3.0
With Web 2.0 a user has multiple means of identification on the internet. They can also have multiple identification to the same website. One user can have a G-mail, iCloud, or an outlook user identification.
Figure 1: A User with Multiple Identities
But with Web 3.0 which leverages blockchain, the case is different.
On Web 3.0, different blockchain have their network, their community participants and a software which acts as a wallet & form of identification for accessing this network. The most popular blockchain network at the moment is the Ethereum network and it is powered by a popular software called Metamask. This means that on an Ethereum network, they are several websites inside the network. And to log into each of these websites, users only need a single Ethereum blockchain address.
Figure 2: A User with A Single Identity Accessing Multiple Platforms
Figure 3: A User (Me) Accessing a Platform on Web 3.0 With a Blockchain Address
Payments on eCommerce websites are also made with the cryptocurrency of the blockchain network.
Figure 4: A User (Me) Trying to Purchase an Artwork from an E-commerce Website on Web 3.0 Using My Blockchain Address
Users can even build their network, with its own cryptocurrency. That is why you see new cryptocurrencies every day.
Okay, if you are non-IT reader who just wants to know what the future web you might be using soon will look like, you can stop here. One interesting value I feel blockchain is bringing in the telecommunication industry is a proof of location protocol.
FOAM Proof of Location Protocol
Okay, when I say FOAM, I don’t mean the comfy soft material used in making beds. FOAM is a startup who is providing value for people who think that they deserve to have control over who get access to their locations at all time.
For satellites to get the location of a device who has a GPS installed, the GPS sends a signal to the satellite 🛰️, then the satellite calculates the difference in time of arrival, and distance of this signal.
Figure 5: A Satellite Determining the Location of a Device
The FOAM protocol also applies this approach of using four objects (called Zone Anchors) with specialized IoT hardware so they can synchronize themselves over the radio signal they are receiving from the device which came into the area.
Figure 6: Zone Anchors Determining the Location of a Device
Figure 7: Specialized FOAM Zone Anchors Being Installed in Brooklyn, New York
In case you are wondering, why does the satellite or the Zone Anchors have to be four to locate an image?
As each data from one satellite places you in a bubble around the satellite, you need four satellites. You can narrow the possibilities to one single point by evaluating the intersections.
Figure 8: How a Satellite locate an Object
Drawbacks with Depending on GPS
It has a single point of failure, which are satellites. The New York stock exchanges use GPS to automate trades, ATM and card transactions require location data, all transportation machines use GPS, etc. So, having redundancy is extremely important.
It’s susceptible to signal jamming
A GPS received can be deceived with a wrong GPS signal
How Does FOAM Blockchain Provide Opportunity for Network Engineers
This location-based protocol implementation using blockchain proves that a time where all things will be connected securely with 5G is bright and approaching rapidly. And it provides countless opportunities for people who will study network engineering because these engineers will be the one configuring and maintaining these devices.
The first step to starting this journey, is by taking the Cisco Certified Network Associate (CCNA) exam. This is because this certification has a low barrier to entry, it provides a positive force in the society (IoT, Blockchain, etc.), and lastly it has a global impact.
Another reason is that this implementation proves that blockchain technology is promising, and blockchain uses distributed system technology which will sky rocket with 5G, meaning that a lot of automation will be achieved. Network engineers have begun taking on automation, by studying the Cisco Development Network Associate (DEVASC) you have the opportunity to be skilled enough to take on this new opportunity.
In this episode, the guys discuss goal setting and their goals for 2021. Join them and let us know what you’re committing to in 2021. Hit us up on Twitter @artofneteng or use the hashtag #aone.
Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
When learning, I often try to do as my teacher. For example, when I went through Kirk Byers free network automation course he used Vim exclusively which meant I got to get pretty comfortable with it myself. Now that I’m on to day 2 materials of my SANS SEC503 course I find myself getting deep into tcpdump. In day 1 a lot of things could either be done with Wireshark or tcpdump but in day 2 there is a bigger emphasis in getting the most out of tcpdump. The instructor seems to really fancy utilizing tcpdump filters over looking things over in Wireshark so I might as well buckle down and do as my instructor once more! Furthermore, as I’ve experienced in person and discussed in this class, attempting to open a very large pcap in Wireshark is most likely not to go well. Instead, we should be able to narrow our search and extract a smaller subset of data in tcpdump before we open it up in Wireshark. What better way to grasp the material than attempt to explain it! Strap in!
To get to where we need to I will need to introduce a few things before we get our hands dirty using filters in tcpdump. To start, let’s explore one of the most famous interview questions, at least at the junior positions in tech, the tcp 3-way handshake. Below is Figure 7 from RFC 793, Transmission Control Protocol.
TCP A TCP B
1. CLOSED LISTEN
2. SYN-SENT --> <SEQ=100><CTL=SYN> --> SYN-RECEIVED
3. ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK> <-- SYN-RECEIVED
4. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK> --> ESTABLISHED
5. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK><DATA> --> ESTABLISHED
Basic 3-Way Handshake for Connection Synchronization
We can see 2 flags being sent along with sequence and acknowledgement numbers to establish the connection, namely, SYN and ACK.
SYN – Session init request by client SYN/ACK – Server response to SYN, reflecting a listening port ACK – Acknowledge data, flag should be set on every packet afer the init SYN
Now let us look at the TCP Header to examine where these flags exist, also taken from RFC 793.
To understand what we are looking at in the header we must first understand how it is broken down. Each number across the top numbering 1 – 8 represents 1 bit. 4 bits = 1 nibble and 2 nibbles = 1 byte. For example, the first field titled ‘source port’ is 2 bytes/4 nibbles/16 bits long.
The next thing we need to understand before we dive into tcpdump is offset numbers. When looking at the tcp header diagram above, starting in the top left corner, every byte will be one offset starting with 0. Thus, if we look at ‘source port’ it’s contents take up both offset 0 and 1. Offset 0 would by the high order byte and offset 1 would be the low order byte for the ‘source port’ part of the TCP header.
Explaining high order vs low order could be a post of it’s own i suppose, but for our purposes here i’ll try to summarize it into two sentences. If a number is on the left it is usually of more importance in that it effects the overall number more than a number on the right. If you change a number in the tens place [left] you cause more overall change than if you change a number in the ones place [right].
To get back to the TCP handshake, we can see all the flags are located in offset 13. Again simply count each byte starting at 0 from the top left to find out your offset number.
Besides SYN and ACK we find the following additional flags:
PUSH – Send data URG – Signal for out-of-band data FIN – Graceful termination RST – Immediate termination ECE, CWR – Explicit congestion notification related
Alright, now that we have a bit of background taken care of let us get to our first problem to solve. Use tcpdump commands to find TCP establishment attempts from clients to servers. From this filter we will be able to derive things such as what server ports did the clients attempt to establish a connection with.
First part of the question, find TCP establishment attempts, this would require the SYN bit be set to be turned on. In the following i’ll show you what this will look like in offset 13. First in binary and then converting to hex which we will need for our tcpdump filter.
Thus, our first tcpdump command and filter will be a variation of:
tcpdump -r <file.pcap> -nt 'tcp[13] = 0x02'
The ’13’ is the offset within the tcp header we are matching and ‘= 0x02’ means that we are only matching to the SYN packet being set which I think is easy to visualize when looking at the binary conversion we did above. The tcpdump option of ‘-r’ is simply reading the file that follows meanwhile ‘-n’ suppresses hostname lookups and the -t option hides the timestamps in the output.
Sample output from a single matched packet:
IP 192.168.10.59.55796 > 192.168.10.7.25: Flags [S], seq 2766660809, win 29200, options [mss 1460,sackOK,TS val 86960251 ecr 0,nop,wscale 7], length 0
In this request, we can see that the client attempts to connect via port 25
Let’s say we to run through the entire pcap file, pull out the port numbers and only display the unique ones we could run the following:
The cut tool is a fast way to parse text in linux. The -f option specifies which fields you want to capture while the -d option specifies what separates the fields. I created the above command by cutting up the first 20 packets till I got what I was looking for and then ran my filter on the entire file. To limit the amount of packets in the file you can use either the -c [number] option on tcpdump or | head.
To solidify our understanding let’s try to see the servers response or in other words, the classic SYN ACK.
To visualize what we need to do in our tcpdump filter let’s break it down to what that would look like in offset 13:
Above, we’ve turned on the ACK and SYN bits in accordance with the tcp header diagram. Translating both nibbles into hex we end up with 0x12 and thus our filter would look like ‘tcp[13] = 0x12’
In tcpdump a SYN ACK will be displayed as ‘[S.]’ in the flags section. If you wanted to cut out the specific ports you can use the -c of tcpdump of the first 10 entries until you get your cut filter displaying what you want like we did in the first example but I won’t demonstrate that again here.
Did you know we can use a mask with our search filter in tcpdump?! Amazing right! This is what actually prompted me to write a blog about tcpdump filters in the first place. As you can see it took a bit of work to make it to this point but here is where things get fun.
Let’s say you wanted to create a filter that will display all packets that has either a FIN or RST flag set. In other words, we want to look at all the termination packets.
To do this, we want to have a mask that will ignore all of the bits except for what we care about, namely, RST and FIN. In the following I’m going to write out the same visualization I did when we came up with the mask above except I’m going to put an ‘x’ instead of a ‘1’ on our important bits.
‘!=’ simply means not equal to. In this specific case we are saying if either of the bits we care about are turned on or both of them are turned on, we want to see them. In the tcpdumps flag section a termination will show either [F.] or [R.]
For our final act let’s write a filter to match on TCP connecting on port 25 with both PUSH and ACK flags set and any other flags maybe set. You can tell hopefully just by reading this that we will need to use a mask since we see a ‘maybe’ in our problem statement.
Since we want both flags to be set, not either, we won’t use ‘!= 0’ instead we will make it ‘= 0x18’
tcpdump -r <filename.pcap> -tn 'tcp dst port 25 and tcp[13] & 0x18 = 0x18'
reading from file <filename.pcap>
IP 192.168.10.61.59756 > 192.168.10.7.25: Flags [P.], seq 15:108, ack 118, win 229, options [nop,nop,TS val 86920654 ecr 85610820], length 93: SMTP: MAIL FROM:<andre@bigpoop.net> SIZE=424
‘tcp dst port 25’ is a macro, meaning it can be run it as is instead of writing out which specifc bit in a offset needs to be on or off to work, someone wrote out a macro to make it easier. One other thing to notice in the filter above is that we used ‘and’ to connect the macro with our other search parameter and mask. So you can connect two search parameters with ‘and’ and you connect your search parameter with your mask with ‘&’
Let’s say you didn’t know the macro existed, you could look at the TCP header and see which offset the destination port is. Go ahead, go and count from the top left, each byte and see if you can get the correct offset numbers. Did you get it? Destination port numbers are set in offsets 2 and 3 and to get up to 25 like the original question asked above we only need the low order byte, offset 3.
So instead of writing ‘tcp[13]’ like in all of our previous examples remember that we are in offsets 2 and 3 here. The following is the logical equivilant to ‘tcp dst port 25 and tcp[13] & 0x18 = 0x18’ The purpose of this section is just to specify what is happening under the hood so to speak when you write out ‘tcp dst port 25’
'tcp[2] = 0x00 and tcp[3] = 0x19 and tcp[13] & 0x18 = 0x18'
Also, as is the case in many different aspects of IT, there is more than one way to accomplish the same task. In this case, instead of using ‘tcp[3] = 0x19 and tcp[2] = 0x00’ we can shorten this up as ‘tcp[2:2] = 0x0019’ which means we are starting at the 2nd offset and matching the next 2 offsets.
It’s been pretty fun learning about packet headers, hex and binary conversion, creating filters to include masks as a tcpdump filter option. The best part about learning about packet headers is that you can do so pretty easily. Tcpdump and Wireshark can be installed simply and support is everywhere. You can start capturing your home lab within a few minutes! Also, networking instructors like Nick Russo have made pcaps highlighting certain types of traffic publicly available. I’m planning on updating my progress as it relates to filters as I dive deeper into SEC503. I hope you’ll join me 🙂
In this week’s episode we talk to Mansoor. Mansoor works as Cisco TAC HTTS – (High Touch Technical Support) Technical Consulting Engineer dedicated to Google and AT&T. Mansoor started out working in NYC as a Cab driver and eventually found his way into IT.
Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
We are about to wrap up a year where the word “unprecedented” has been heard and read by each one of us dozens of times. You’ll hear it once more from me. Many of the plans we made last year were derailed. Families and jobs have been affected. The world has been in turmoil. Even though so much has happened, we have adjusted. We’ve found ways to continue moving forward and that is where we have found our strength, in the adjustment. As people working in IT, we know more than anyone that things can change at the last second. Even when projects seem to be going right on track, a last-minute call can take the team in a different direction. I just wanted to write about two ways IT has adjusted during this unprecedented year. There is value in being able to measure, adjust, and make the change.
BasementVue
Over the years I’ve taken certification tests and they have all been in a quiet controlled environment. I expect to show up, jam my personal belongings into a small locker, and do my best not to make eye contact as I walk to my isolated test center PC. If you’ve taken a certification test, that has most likely been your experience. However, if you have recently taken a test it has probably been in a makeshift test center you created at home. This year I took my Palo Alto Certified Network Security Engineer (PCNSE) exam at home. I could hear the water coming down the pipes above me as the kids took their shower. It was…different. I taped a paper on the basement door that said “Do Not Open – Taking Test!!!” As instructed by the test engine instructions I took pictures of my entire area, submitted them, and waited for the test to begin. I am not sure how many minutes went by, but it felt like the test would never start. I am not sure if that was just me, but I tried not to click on anything just in case. The entire time my mind kept racing “What do I do if my internet starts having issues?” “What if the kids think dad is playing hide-and-seek?” It did not happen though. No fiber cuts and my wife kept the children entertained upstairs. I passed the test. It was different than driving in to the nearby college test center, but it was comfortable. I’d do it again even as things continue to normalize. Or until the fiber cut happens. As you continue to study for your certs, know that taking a test at home is a perfect way to add a win. Depending on your situation, you might not be able to sit at home and take a test.
Short Commute
As the pandemic continued to impact the world, businesses sent their workforce home. Schools were forced to jump into the world of distance learning. Church services were now video-only. For many, it was like an unexpected bucket of cold water being dumped on them. Everyone was scrambling to figure out how to keep things going remotely. IT teams all over the world were at the center of that change. I found myself looking at redundancy and security. While we were not fully remote prior to the pandemic, the framework was already there and being used. Once our offices were told to stay remote, we began to make sure our services were redundant between data centers. A single failure could disconnect our users. We had to ensure the services people used on-prem were available to all. It led to many meetings, change requests, and work. In the end it made the business stronger. These are the opportunities where IT needs to take to come up with solutions that the business can latch on to. How can you help the business adjust? 2020 has opened the eyes of many business globally. Remote work was something that many businesses did not subscribe to or did not know how. Today we are finding out that we can run at the same pace if not faster remotely. As a network engineer, unless I need to physically touch something, I can do my work from anywhere in the world. Being remote has not only extended our network’s reach, it has also placed our focus on security. With people not centralized in offices behind firewalls and other protections, teams have had to figure out how to secure those users while they are at home. A user sitting at home might be a bit more comfortable and let their guard down. Security training, endpoint protection, multi-factor authentication and DNS security existed, but now they really needed to be paid attention to. Things might eventually go back to normal or they might not. No matter what your business decides to do, be prepared to adjust and provide those needed solutions.
Your guess is as good as mine for what next year will bring. 2020 has been one for the books. One that none of us will easily forget. However, no matter what happens next year always be prepared to adjust. Things can change in minutes and how you react matters. There is value in adjustment.
In part two Keith shares insights on how he studies! He recommends reinvesting 2-3% of your income back into yourself, used for video training, lab equipment, and other study materials to help you grow. He goes on to discuss how he stays motived and the rest of the group jumps in. Keith also makes the crew commit to a personal challenge!
Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng*Some restrictions apply, subject to change at anytime
NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
Standing at the bottom of the mountain looking up is where I find myself yet again.
I joined the Air National Guard full-time in the summer of 2018, 36 years old and beginning what is my 4th, 5th or 6th career or life stage so to speak. Getting back into IT wasn’t something I planned on, instead, I found myself at a pretty ‘OK’ job with benefits going into my mid 30s but not really gaining any transferable skills if I were to lose said job.
Starting as a 3d1x1, or in regular type talk, I was a generalist help-desk person. If you can’t get your email to load, send or save you called my office. If a certain website isn’t loading to your liking, you call my office. If you can’t access a certain file, you contact my office. Basically, if anything doesn’t work to what you’d expect my office would be the first to hear about it. This was my introduction back into IT, and to be quite honest, it was a nice way to be eased back in. I got to see and diagnose a wide variety of issues and learned who did what beyond my scope of responsibilities.
Before long, I started studying networking during my off time. It all started by attending a Cisco CCNA Security Cohort training. This training also came with an ICND1 and CCNA Security exam voucher. I was once CCNA certified way back in 2002 so a lot of old neurons began reconnecting and I was able to make gains rather quickly. In 2019, I cleared CCNA Security, Cloud and Routing & Switching. I moved to Junos and cleared JNCIA Junos, DevOps, Design and Cloud. I did a bunch of other training but nothing that lead to clearing any more certifications yet most importantly, my confidence was starting to grow.
A job opportunity opened up in my organizations infrastructure shop as a 3d1x2 in late 2019 and after a short interview process I was added to the team. Due to being short staffed I worked in both my previous position and my new position for months before being allowed to fully relocate. I got to do a whole bunch of new things, such as, racking and stacking equipment, running cables and on-box troubleshooting/configuration. This was a very fun and welcomed change of pace and yet another opportunity presented itself, a position on my organizations Mission Defense Team. I started on this team, albeit remotely for the most part, about 10 weeks ago.
It is here where I find myself in what feels like the bottom of the mountain again. The Mission Defense Team is a new type of position/shop being developed within the Air Force providing everything a ‘Security Operations Center’ would do. I’m to stand up this shop with five other individuals, of which, most have never been security analysts up to this point. So the task is a large one. We have our equipment but have a lot to learn to truly harness our equipments capabilities.
Where to Start?
There is soooooooo much more to learn to feel like i’m even at the ground level of where I need to be. I read one post that laid out a four year learning plan. Since starting, another thought that continually enters my head is: How does someone jump straight into security. I know security is a ‘hot job’ and what not so a lot of people are going after that money but I can’t for the life of me understand how some ‘starts’ with security. There is so much ground work to be done. In short, it seems like to be proficient, you have to be pretty good at all the things.
Since I’ve been somewhat tied to learning a lot of Cisco due to being on their e-learning platform, I went through their CyberOps Associate training. I found this training to be a great introduction to a Security Operations Center and thought the labs shined as they were the best part and key to learning the basic principles presented.
– I’ve made it through the first 2 chapters and I really love this book. A lot of the first two chapters was review but the way it was presented with just the slight bits of humer was delightful.
– I made it to chapter 6 of this book and it was at this point I switched to reading the book just previously discussed. The fact that I switched books doesn’t mean this book is ‘bad’ and I will come back to tackle this one! This book is a bit more advanced and you can really just take your time going through a good three paragraphs as you go on and read all the linked to references.
Where to Go?
This is quite possibly the most important question. I’m always tinkering with my ‘study plan’ and how I should go about sharpening my toolset. My work is going to put me through a SANS course, specifically SEC503 which should take up most of my time.
Besides that, I’ve started trying to follow and locate different ‘InfoSec’ people on the InterWebs. Most notably, I’ve started watching a few YouTube video’s on the Cyber Mentor’s page.
What I’d really like to know, and the purpose of this post, is to ask you, the reader, what do you think I NEED to study/do as a person just getting into this security domain? If you have any suggestions, feel free to hit me up on the twitter and let me know. I plan to keep posting along this journey and let you know what mile posts are in the rearview. Till next time!
We are super excited to announce that we’ve been named a finalist in the 2020 Cisco IT Blog Awards, for the category Best Podcast or Video Series!
So what happens now? We need your help to vote for your favorite video series or podcast! To vote go here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180 and vote for your favorites! If you love what we’re doing we would really appreciate your vote!
Winners will be announced in early 2021!
We are so honored for this nomination! In our inaugural year to recieve this kind of recognition is truly amazing! We’ve only been doing this for 6 months! In that 6 months we’ve interviewed some truly amazing people in our industry, we’ve achieved more 26,000 downloads of our podcast, and obtained a listenership of 1000+ clearly devoted subscribers of our podcast. Thank you so much for following, listening, and showing your love for us on social media. All the comments and emails keep us motivated to create new episodes and keep the content coming!
In other categories you’ll find some people you recognize. For the category of Best Cert Journey you’ll find our very own creator/co-host A.J. Murray’s blog, NoBlinkyBlinky! Along side him in that category is recent AONE guest, YouTuber, and CBT Nuggets Trainer – Knox Hutchinson!
In the category of Most Inspirational you’ll find AONE guest author, blogger, Faces of the Journey member David Alicea!
Also featured in the category of Best New Comer – IAATJ Discord staffer, DevNet celebrity, and everybody’s favorite Butcher turned Network Engineer – Chris Dedman-Rollet!
So, as you can see the competition is fierce, and there’s a lot of faces we recognize on this ballot. Please do your part and vote for your favorites today!
In this episode, we talk to The OG himself, Keith Barker! Keith, very openly, shares his journey into tech, and then into teaching. Keith also shares his experience obtaining not one, but two CCIEs – and this was all in just part one of this exciting two-part series!
Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng*Some restrictions apply, subject to change at anytime
NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!
The Art of Network Engineering 