I gave a 13-minute talk to the Irish Network Operators Group (INOG) recently. In this 13-minute video I argue that you can become more effective, and happier, by standing back and reflecting on how you work, leveraging existing truths, fallacies and principles.
I’m facing a mini scaling challenge with Cisco SPAN (Switched Port ANalyzer) session and thought it would be good to share it with you fine folk.
A 3750X switch is currently SPAN-ing a 10Gbps interface to a 1Gbps egress port. A server is directly attached and is using dump cap to capture a subset (5%) of the overall traffic for analysis.
The 10G link under-utilised, but is running close to the 1Gbps traffic limit in the Rx direction. Tx traffic is very low by comparison, but the SPAN session is capturing both directions.
The aggregated flow from both directions is overrunning the SPAN destination 1Gbps port. The challenge is to ensure we can continue to capture without discarding any interesting data. Let’s explore the options together.
This post discusses power supply ‘holdup’, and how it can impact network or server hardware uptime. The holdup time or ‘output holdup time’ is the length of time that a given power supply can maintain output power to the switch or server after it’s input power supply has been cut. The dependent host will shut down if the power supply isn’t restored to the PSU before the hold-up time expires. I like to think of holdup time as a power buffer.
Engineers are often unstuck by poor planning and get hit with large financial penalties as a result. Projects can become mired in delays and complications due to unforeseen costs and expenses. There are some unavoidable bumps in the road, but most could be foreseen and eliminated in advance. I want to share a few tips based on some experiences I’ve had over the years. Continue reading →
Security audits are a fantastic way to improve the security of your network. A good auditor can highlight critical flaws in your design and configuration before they are launched into the big bad world. However I think there is a massive issue with security audits; they are designed to fail.
Imagine you’ve just designed and deployed a data center. It was hell but you are smiling. Your design is homogenous, simple and elegant. A greenfield datacenter full of shiny, identical network devices. Because the design was so consistent and repeatable you scripted the generation of the device configurations without too much hassle. This is a network with an easily ‘provisioned’ network configuration.
But day-one provisioning is only one part of the puzzle. The real prize is a centrally ‘controlled’ network configuration, where all config changes happen centrally and a configuration policy is enforced for the lifetime of the network. Whilst this seems like the holy grail, you need to understand that you will have to trade some flexibility to reach this easy-to-operate nirvana.