WOW, what a year! I started my job at one of the single most amazing companies I could possibly have worked for, VCE. I get to work on all the leading technology and get to expand on my current knowledge of VMware and finally break into SAN and EMC storage, I am more than grateful to be at VCE and love my job, all quirks included.

I also accomplished achieving my CCNP, long time coming, and now I am pecking away at the CCIE which, I hope, to have completed in 2015. My wife and I moved on from our business and decided to focus more on our careers and our marriage, meaning we’re much happier. Spent some great times in Key West and met some wonderful friends for whom I am excited to see more often when we finally move back to Florida!

Now, the review from my perspective, rather brief and will only have two items. First, lets discuss security and the “security professionals” you’re likely to encounter in this field. I once worked for someone who believes she is, and the easily convinced and gullible will agree, a God to security and networking. I have also noticed many, and I do mean many, more pop up just like her at an alarming rate now that network and systems security is on the front page of newspapers, those that haven’t disappeared already, and on your local TV news. No doubt, security is important but I am pissed off at these phonies who’re out there either charging large sums of money to “consult” and others who’re baffling with bullshit rather than dazzling with brilliance to get a job and pretend they’re security experts. I am sorry, but a CISSP is NOT the gold standard for security, I have always considered the CISSP an overhyped “certification” that many like to claim is difficult to get. However, I don’t believe so. In fact, the “experience” requirements you have to meet are rather stupid and can be easily fabricated, or the truth twisted, to get the “write off” you need to be cleared to sit for this piece of paper. Look at the overall exam, it is laced with “good ole’ boy network” sauce and topped with an extra helping of “retardedly easy to maintain” because you never have to actually sit for the test again, just obtain “CEUs” which are laughable requirements. Simply put, I am not happy with the way the security industry is looking, too many phonies out here that need to be weeded out. I agree that a Cisco security certification is Cisco related; however, like I’ve always said about Cisco exams, they do an excellent job of teaching the standards, although not as complete and detailed as I would like to see, but they do a damn excellent job of making sure you understand the protocols and processes along with how to implement, maintain, and troubleshoot their equipment. Perhaps a new joint effort is needed for security certifications, maybe one that will abolish the CISSP and be replaced with a “neutral” certification that all major security vendors can have a “say” in, so everyone is sharing the overall challenges they face and help in building solid security professionals? This isn’t likely to happen and, in my opinion, you need to be a SOLID network engineer prior to doing security because it doesn’t make sense for you to try and secure something you don’t know anything about, something I’ve witnessed from the majority of CISSP I have encountered in my lifetime. It is time for a change, lets start to weed out the phonies and hire real security professionals and you’re likely to discover these true professionals are few and far between; thus, leaving a massive gap to fill.

SDN, man what a buzzword! Quick story: I interviewed at a bank one time, miserable interview process, that ended with the VP sitting in there telling me her story and such. It gets interesting when the topic of SDN is brought up and her comment was exactly this “I would not pay thousands of dollars for SDN just to configure a port.“. I promptly asked, although it was really more of a statement “I don’t think you have a firm understanding of what SDN really is, do you? Because that statement is miserably incorrect and baseless“. Was I aware I insulted her and ruined my chance at the job? Of course! Heck, I didn’t want the job 2 hours into the interview, I was just amused as to how much worse it would get because it makes for a great story to tell. So, we’re starting to see what SDN is and I am happy it is taking real shape. In essence we’re going to be relying on “policies” to allow our traffic to flow across networks and with it comes the possibility of “commoditizing the network” instead of it being solely a differentiated service. Now, do I really believe we’re going to commoditize the network? I am on the fence because I am not sold entirely on brands like Cumulus; however, Juniper recently has the option to deploy their JunOS software on commodity hardware and still get single point of support. Seems great? Sure, but what about replacement hardware? Where will that come from? Just how well tested is each piece of commodity hardware’s ASICs against JunOS? How will it handle dealing with multiple commodity hardware suppliers running JunOS? I think this is a noble idea but the more you dig into it the more it seems like it can either be a game changer or just a science experiment that’ll never see the light of production and mission critical networks. Who knows, I am selling doubt for right now. I am just saying, keep an eye out for Cisco ACI and VMware NSX, these seem to be the solid offerings that, in my opinion, will shape the SDN landscape and will be the leaders. Now, if Arista makes it out of their lawsuit alive, they could be a great competitor in the SDN market; however, if they really did steal code than they should face punishment for this. Right now I am keeping an open mind and looking at all possibilities but I have my money on the ACI and NSX horses until I see someone hit the stables with some solid offerings and you should too.

We know that for switches to cooperate inside each region the following must be configured the same:

  • Name – Case Sensitive
  • Revision – Any number, but should be the same
  • Instance mappings and their respective VLANs

Now, what about the VLANs themselves? What about switches and security? I looked all over for this answer and it was vague at best and each vendors documentation said something a little different from each others. However, this is just my preliminary testing, I added multiple instances to my spanning-tree setup on my Cisco Catalyst 3750. My scenario was as follows along with the outputs:

  1. Two instances
  2. Instance 1 had all the real VLANs that were actual VLANs on the switch
  3. Instance 2 had 2 VLANs mapped
    • The first test of MIST2 was with both VLANs not being defined on the switch
    • The second test of MIST2 was with one VLAN defined and the other not
    • The third test of MIST2 was with both the VLANs defined

Because MST instances themselves do not communicate the actual VLANs or VLAN mappings, and IST/CIST does not actually communicate the actual VLAN-to-Instance mapping either. Instead, we rely on IST0 to transmit the BPDUs that contain our information like: name, revision, checksum/Config digest/hash and the actual configuration digest/checkum/hash is the value to which each switch will calculate to determine if they’re operating in the exact same region or in different regions. The digest/hash/checksum is calculated based on parameters present in the MST configuration table. Want to know more about the hashing? Here is a link: 802.1s explained.

The information is long and boring, but do a search for “digest” and you’ll find yourself deep into figuring out how this all works. The test results are soon to come, I am working on both Catalyst and Nexus outputs to benefit not just enterprise and branch, but for those in the data center who’re having to work in vPC hybrid environments with STP attached devices. More to come…

So, most of you probably got here because you’re probably on your CCIE track and you’re hearing a ton about the 32-bit words in the IPv4 headers and looking for an answer to the topic. It is without question that most may never know exactly what they’re talking about when they say “word” and this can lead to some confusion. First, the definition of a word from Wikipedia is:

“A word is basically a fixed-sized group of digits (binary or decimal) that are handled as a unit by the instruction set or the hardware of the processor. The number of digits in a word (the word size, word width, or word length) is an important characteristic of any specific processor design or computer architecture.”

Essentially, this means each 32 bits, 32 different positions where the values can be 0 or 1 in binary, is a “WORD”. Thus, when they’re referencing the IPv4 header length in a packet capture, you’ll see the size of the header. That header size is calculated by looking at the raw header, generally the next position after the Type, and you’ll find a hexadecimal value, lets say D, which is 13. Thus, you have 13 different 32-bit words.

Now, 13*32=416. Take the 416/8=52 bytes in the IPv4 header. Why 8? There are 8 bits in each byte. So, the next time you hear someone mention there are X number of 32-bit words in an IPv4 header, you now have some idea of what they’re talking about.

We’ve all heard it, entrepreneurship is the “thing” that will save America. Sure, it does help; however, it is not the only thing and we can’t continuously encourage everyone to be leader because, if we were all chefs, who would be the cooks?

I walked away from being a partner in my wife’s business, not because it wasn’t successful, but I absolutely hated what I did there and absolutely hated the whining and complaining from her employees about everything and anything. I took a deep look into myself and came to the realization there are things I liked about owning a business, but I don’t like owning a business. Does that make sense yet?

As I am getting older I am changing (surprise anyone?), and I finally had the opportunity to see what it was I liked about it. You see, I love numbers, I love strategy, I love taking risks and, sometimes, riding the bleeding edge. Hence why I am a network engineer on the brink of obtaining my CCIE-R/S and my eventual CCIE-DC. I love tinkering with things and I love technology, which includes numbers and designing new layouts for networks to achieve different goals, it is entirely fun to me!

What about business though? Well, I know I don’t want to be in my 50’s taking exams to keep my certifications fresh; thus, I will steadily pick at my accounting degree and become a CPA as my “retirement job”. It still challenges my brain, allows me to stay on top of an ever changing field, we all know how often tax rules change, but is much easier on my mind as I get older and it will be something “new” and it allows me to perform the duties I found interesting in owning a business, or at least being a partner in a business without putting up with the headache of dealing with entitled people who will only demand more and give less. In the end, I am not saying everyone is like this; however, I am scared for our future as a nation because I’ve seen more entitled behavior from prospective employees in the last 3-4 years than I’ve seen in a lifetime. Whatever happened to “paying your dues” and earning your stripes? I don’t know and don’t want to deal with it any longer; thus, I woke up and realized I am really not fit to own a business, I am fit to help run one and do key jobs inside of them to help them become better and more competitive, in the IT sector for now and as a CPA when I am drinking a Corona on an Island somewhere.

Providing you’re either: 1. Using a hostname of the device or 2. You’re positive it will receive the same IP, if you’re using an IP address to connect to your machine using RDP that obtains its IP parameters using DHCP:

ipconfig /release && ipconfig /renew

As simple as that. In fact, you can use the same operation “&&” on a Linux box with a BASH shell using whatever interface configuration commands you’re using, if you don’t have a script which already does it for you.

First, lets establish some facts:

  1. These are not real, medically licensed, Therapists, like OTs, SLPS, or PTs
  2. This is NOT someone who holds a medical license and cannot provide ANY medical advice
  3. The qualifications are that you have a B.A. or B.S. in “certain fields” and you fill out of basic form to be approved as a “Play Therapist”
  4. This is not a medically recognized service when the service is delivered by a “Play Therapist” when billed to private insurance. For procedure code H0036, which is the typical code used for CBRS, to be considered a provided service it must be administered by a psychologist, not a “Play Therapist”.
  5. A “Developmental Play Therapist” CANNOT recommend any medical service. This means they cannot recommend: OT, SLP, or PT AT ALL! A “Developmental Play Therapist” cannot legally consult with a family about ANY medical service

These “therapists” are just “side workers” who basically contract with the CDSA to provide these “Developmental Play Therapy services” which, as it appears, is just a “stop-gap” before real medical services are applied; thus, these “therapists” cost the tax payer money because their services are utilized before a medical professional has the opportunity to properly diagnose. Once again, the ONLY requirement is the person hold at least a B.A. or B.S. in a “certain field” and fill out a form, no other significant qualifications are required and “continuing education” is minimal at best for someone who is NOT a medical professional.

Think of it this way, would you take your child to someone who isn’t medically licensed to practice medicine regarding a physical illness for months, only to find the problem isn’t solved, before visiting a real physician to receive a real diagnosis? Developmental Play Therapists are simply not therapists and any and all “advice” one may provide you is not real medical advice and should not be taken as such. These “Play Therapists” do not hold a valid medical license and are not licensed medical professionals.

Very recently I was tasked with deploying a new EMR for my wife’s office, a simple task because they have very simple but extremely specific needs. Like most people I leaned on my clearinghouse for advice about EMR solutions which cooperate out-of-the-box. As I had expected I was sent to a local VAR in Winston-Salem, NC to handle my needs. Now, I only wish this story had a happy ending but it doesn’t. In fact, it opened my eyes to the mistakes I made in my IT career in my very early 20’s which other customers, and my employers at the time, had to suffer through. Like most things in life, you can generally chalk it up to “young and knows it all” and most just brush you off. However, as I will outline below, this behavior, if left unchecked as you grow older (because growing up is still just an option), will linger in a person like a drunken Friday night viral infection.

As a pediatric OT and SLP operation performing home based and clinic based therapy the needs for my wife’s company were growing and the “starter” EMR solution was no longer a valid solution. If you could get someone on the phone, it was $75 each call, regardless if it was something they could fix or not, and the new “release” of software wasn’t even usable, if it were “beta” I would have been surprised. Nonetheless, we took the advice of our clearinghouse and pushed forward with a local VAR implementing a solution he recommended. From day one he never listened, it was apparent; however, we were told by many he knew what he was doing and it would be all ok, regardless of the fact we already had a firm grasp on our coding and billing, we just needed newer and more stable software. Little did we realize, we should have considered the source of the people who recommended them, people who started a business without a clue in the world and spend copious amounts of money paying others so they don’t have to learn, absolutely not our style!

Four months passed by, thousands of dollars spent, days of time pass, and we’re finally in the final stages of training. Lo and behold, nothing is setup correctly, despite the fact we brain dumped everything, a cheat sheet shall we, about the practice, providers, and carriers, all the golden information you would need to get this up and running. However, from the start of training it was apparent nothing was setup correctly, everything was out of place and it seemed as if he decided what he knew, was best, despite the fact we already do this daily, without failure. Billing was setup incorrectly, notes and how notes are completed were not just more complex and confusing than our old system, but lacked even some of the most basic things our junk EMR could do, despite the fact he promised it could do it and then some!

So, what did we get? Let’s call the guy, Jim, so make it simple. We got what Jim wanted us to have, because Jim knows best and we’re just stupid. In fact, Jim was caught in numerous lies about functionality and didn’t have the basic stuff he said was already setup done by the time training started! Did he openly admit he forgot to do these things? Nope, instead he insisted someone must have come behind him and erased all this stuff! Seriously, you’re throwing your employees under the bus saying someone just woke up one morning and deleted all this stuff just to be, what, funny? Finally, as we start to realize the software’s functionality was “oversold” and he overpromised and underdelivered, he went on the attack, big time. To sum it up, he pulled the “we have OT and SLP clinics that use this….”. Anyone who even got a D in a rhetoric class could spot the fallacy that statement triggered; however, he felt justified to use it over and over again. In fact, when I reached my end, I simply stated “Jim, it appears you disregarded everything I told you, but all the information I brain dumped on paper for you\, replacing it with your own brand of logic without first consulting with us if that is what we wanted”. After that statement I followed up with “…lets call the software vendor and see if they know how to do this, it could just be unique to you and we could all learn something from this”. Basically, doing his job for him; however, his only response was “…maybe this isn’t a good fit, well just part ways and I’ll send you a refund”. With that statement, I agreed and immediately removed his software and VPN connection and moved on with life.

The lesson here is simple, listen to your customer, above all else. If Jim had listened and, perhaps, brought in people who knew more than him, to talk about what I wanted to do it, perhaps we could have spared the headache and decided it wasn’t a great fit? However, it was obvious he believed he knew best and we were just another set of dumb business owners and licensed medical professionals he could force his will upon. If my wife would have done this alone, even she admits, Jim would have gotten his way because she knows nothing about IT and would have blindly followed his advice because who else could she have turned to?

Jim continuously failed to realize he wasn’t talking to a paper engineer or just another set of dumb business owners, he was talking to someone who understood technology, process flow, and business. Ultimately, Jim failed miserabley at two of the most key lessons in customer relations: 1. Listen to your customer and 2. Know your audience. If someone out there experienced this behavior from me, because I used to be like Jim (who is a guy in his 50’s), when I was a blossoming know-it-all engineer 18-24 year old, I am sorry and I finally got a taste of my own medicine, karma really does suck!

Listening to your customer

A little investigation into the new ChoicePA website and I start to find some interesting characteristics which really bother me, especially because this was not just built with taxpayer dollar but is also the system which permits and denys healthcare to needy families here in North Carolina. I will touch more on how ChoicePA is going to become one of the first “death panels”, for lack of a better term, for our children’s care here in North Carolina; however, I wanted to bring to light the new website is hosted on legacy software set to become end of support within 330 days of this writing (July 15th, 2015 is end of support for Server 2003 products and for IIS6.0). Read the rest of this entry »

Confused about getting QoS working on your Nexus 9300 platform (I worked with the 9396PX)? Well, if you’re coming from the Nexus 5500 platforms you’re in for a little tweaking to get this working as some things are different. I will quickly outline them and move onto some sample configuration:

  • MTU is set on an interface level
  • System defined queuing class-maps
  • egress queues (0 is default and 1-3 which are already pre-mapped using the above mentioned class-maps)
  •  Both access and trunk ports, by default, treat all traffic as if it had CoS 0, moving it into the default queue
  • QOS ingress service-policy must be applied to ports or port-channels to classify traffic

Here is some basic configuration for setting the QOS policy to classify:

class-map type qos match-all RUBY
match cos 4
class-map type qos match-all EMERALD
match cos 2
class-map type qos match-all DIAMOND
match cos 6

policy-map type qos QOS_POLICY
class RUBY
set qos-group 2
set qos-group 1
set qos-group 3

interface port-channel20
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port type edge trunk
mtu 9216
service-policy type qos input QOS_POLICY

Now, let’s view the system defined queuing class-maps so you can get an idea of this:

class-map type queuing match-any c-out-q3
Description: Classifier for Egress queue 3
match qos-group 3
class-map type queuing match-any c-out-q2
Description: Classifier for Egress queue 2
match qos-group 2
class-map type queuing match-any c-out-q1
Description: Classifier for Egress queue 1
match qos-group 1
class-map type queuing match-any c-out-q-default
Description: Classifier for Egress default queue
match qos-group 0

Finally, let’s assign some bandwidth allocation around those queues:

policy-map type queuing QUEUING_POLICY
class type queuing c-out-q1
bandwidth percent 10
class type queuing c-out-q2
bandwidth percent 15
class type queuing c-out-q3
bandwidth percent 25
class type queuing c-out-q-default
bandwidth percent 50

Now, we apply this QUEUING policy to the system-qos:

system qos
service-policy type queuing output QUEUING_POLICY

I’ll update this more and more as I encounter more QoS with the 9300 platform.

This is an oldie, but goodie:

I only wish there was a link to explain more things in detail as there are a lot of people who don’t understand SNMP to the max. None-the-less, a great starting point, regardless of manufacturer, the beauty of standard protocols!