I love learning about network hardware, but I’ve always found it difficult to get detailed information on ASICS. We had a great presentation from Dave Zacks on the Cisco 3850 programmable ASIC at the Cisco Live Europe Tech Field Day event.
East/west segmentation is required in the data center to protect backend networks from each other. Segmentation is often implemented using ACLs between VLANS on your core switch. The ACLS are maintained by network or security engineers but define the flows permitted between hosts or host classes.
Hi All, I left Amazon in late 2015 to become an independent contractor. I took a contract working for a small managed service provider, which was closer to my home and offered a more family friendly schedule. It wasn’t an easy decision to make. I knew that I was going to miss some really cool colleagues, some fascinating nerdy discussions and a very tough, but massively effective thought-system. The network I’m currently working on is tiny when compared to Amazon’s but…
I always name my IOS static routes as a best practise. However I hit a syntax issue last week when I tried to combine the named static with a tag, then redistributing that tagged static route into OSPF. If you have issues redistributing a ‘named and tagged static’ then this may be the post for you. The simplified config snippet below is configured on SW1 (cisco 3750X). This config will match all static routes tagged with ‘200’ and redistribute them into…
Scenario: You are an engineer who runs a managed network on behalf of a customer. Your manager has asked you to create a change control process. Your customer and your manager will measure you only by the uptime or outages they experience, and don’t care what your process looks like. I’ve discussed why we need change control in a previous post. Knowing this, what sort of process would you create? I this post I provide a high-level template and some tips.
Network Change Nothing sparks engineering debate quite as much as ‘network change control’. It’s one of those topics we love to hate. We feel buried by useless bureaucracy. We ask, ‘Why can’t our managers just trust us, instead of weighing us down with meaningless process and red tape’? This may be a controversial perspective but I think we’ve gotten exactly what we deserve. We endure heavyweight change control procedures because when we make network changes we break stuff. We break stuff…
I was doing some testing on a 3750X and saw that the http and http services were enabled. I knew that you could apply an ACL to restrict HTTP access, but had assumed that the HTTP security was an optional extra on top of the VTY ACL. I tested this … and found out I was wrong. Although http(s) uses the same inband access path as SSH, web admin is not restricted in any way by VTY ACLS. This will be quite obvious to…
I said to a colleague recently, “you can’t get 100% link utilisation on an Ethernet link”. When I tried to explain myself I wished I could link to a simple blog post with a nice graph. So here’s a quick blog post with a nice graph. I have talked a little about link speed in a previous post, but I wanted expand on this and add a quick graph to back up the argument.
I’m facing a mini scaling challenge with Cisco SPAN (Switched Port ANalyzer) session and thought it would be good to share it with you fine folk. SPAN Challenge A 3750X switch is currently SPAN-ing a 10Gbps interface to a 1Gbps egress port. A server is directly attached and is using dump cap to capture a subset (5%) of the overall traffic for analysis. The 10G link under-utilised, but is running close to the 1Gbps traffic limit in the Rx direction. Tx traffic is very…
Sometimes the phrase ‘working the ticket queue’ is code for ‘doing meaningless work’. If you find yourself playing whack-a-mole with your ticket queue, then this is the post for you. You should strive to do meaningful work and this post discusses some ways to get more value out of the trouble ticketing process.