Meraki – How networking should be done

Well – I had my first proper introduction to Meraki last month by doing their 1-day CMNA course and I have to say, I was very impressed.

Here’s a company that have taken edge networking (wireless and access switching) and security networking and made it easy.  Taken the complexity of the CLI out, made the UI intuitive enough and made the whole “crap, how do I do this” experience a thing of the past.  Sure, the kit and dashboard doesn’t have the bells, knobs and whistles as Cisco gear but sometimes there’s just no need for that.

Being able to attached a bit of the kit to the network and have it almost self-configure and become instantly visible in the dashboard is a far cry from having to find a console cable and manually configure management not only on the switch itself – IP address, syslog server, SNMP server/strings, local credentials, RADIUS or TACACS – but also on each of those monitoring systems as well.  Think of the time saved here when it’s all done, automatically, as if by magic..

Now, don’t let me deceive you here, there are actually some pretty neat and fairly complex things you can do around MDM profiles, client-specific profiles (with client-specific firewall and QoS) and site-to-site or client-based VPNs, but they are all made much easier.  Not to mention that EVERY device in the Meraki offering has Layer 7 capabilities (which is totally crazy!!) and makes good use of it.

Anyway – don’t take my word for it – try it out for yourself.

Oh, and before anyone asks just how expensive it is.. don’t forget, the license includes all the support you’ll need, hardware replacement, and you don’t have to license any additional or third party monitoring tools, so go factor that into your TCO before you dismiss it.

 


Catchup Blog from 23,333

Well, doesn’t time fly when you’re in a new job! I’ve finally settled down into my new role and been badged at “Technical Architect” – I’m not yet totally convinced that I’m there yet but it’s something I aspire to be.

I’ve done a lot of on-site consulting and design work in recent months and with a break in the work stack I finally have time to spending ‘solutioneering’ and more importantly going on training and catching up on today’s network technologies. Not that I was being left behind, I’ve still been watching twitter and reading blogs, but I haven’t been able to see theory in practice.

Recent weeks have been a flurry of vendor activities, and I hope to put a few thoughts to paper shortly for each:
– CMNA 1-day Training – learning the fundamentals of Meraki
– Cisco UCS / ACI Integration – a pilot course, but prompted a lot of discussion between engineers
– VMware NSX for Internetworking Experts Fast Track – pretty much says it in the title.

In the mean-time, I need to work out a solution for getting notes from Evernote into WordPress!


UCS Performance Manager

Based on and in partnership with ZenOSS – Cisco are releasing a new product called UCS Performance Manager.  There’s a tech talk on Cisco’s website which, if you can get past the waffling at the beginning and get onto the screen demo, looks pretty good.  Sure, it’s a cobbled ZenOSS, but the idea is good – it brings together a complete visual of the utilisation of UCS, something I haven’t see anywhere else.  It can include not only UCS infrastructure (Fabs, interface utilisation, blade usage etc) but also probe external switching infrastructure as well as the virtualisation layer (currently vSphere or Hyper-V).


Cisco Network Lab Emulators

I’ve been looking for a good training lab solution that doesn’t involved having a small office humming with old ISRs and Catalyst switches.. Having worked at Cisco, I was aware of the various internal options (IOU, Titanium) as well as the more widely available ones (GNS3). But now, Cisco have finally realised that not everyone can afford to build labs full of kit and are releasing a few products to support individuals and companies who want to test configurations and network designs.  This isn’t new news (we’d heard rumours for over a year of a product called VIRL, Virtual Internet Routing Lab) – but I’m not sure everyone’s found all the pieces yet.

Cisco Modelling Labs – is intended to be a corporate solution to support designing and planning of routed networks and their configurations.  It’s a fully supported product that needs some serious hardware to run on, but allows you to build a routed network in a simulated environment, configure all the components up and see how they behave.  Currently they’re supporting IOSv (a virtualised version of IOS), IOS-XRv and the CSR 1000v – which pretty much covers your main routing OSes.

onePK – is a development kit designed around Cisco’s onePK.  The ‘all-in-one’ VM is configured to provide three routers running IOSv, all interconnected and ready for playing with onePK Python and Java interfaces.  You can however, reconfigure it to provide additional IOSv instances, as demonstrated here.

There is also a Beta programme for a /dev/inovate lab – however I can’t see what the cost implications of this are.  It looks ideal for those intending to do some hard-core software/API development against Cisco’s gear.


Back to Payroll

I left Cisco back in 2011 to go contracting, and I promised myself “to do a few years” and see how I got on. The experience has been eye-opening, to say the least. I’ve had some up’s and downs, both professionally and personally during this time and I think it’s hardened me up a little for the better.

I’ve seen how some businesses are well integrated, have great processes and work hard to keep business continuity. I’ve also seen total calamities. In the process I’ve been exposed to other Vendors’ kit (and some of it’s pretty darn good!) as well as the Cisco-Customer relationship that, at times, can be fretful in places.

In all, I’ve enjoyed the last few years of being outside the Cisco bubble.  I’ve made great use of my skills, learnt plenty new ones, and met some great engineers and designers.  But now it’s time to work on the next phase of my career progression – I’ve always wanted to become a “Solutions Architect”.  Yes, I’ll admit it’s a bit of a fluffy title, but it’s the one I’m after.  I’m going to be joining a VAR (Value added reseller) next week and developing a role where I can work on both the high level and the low-level of building end-to-end network solutions.


Instagram Quandry

I recently had a conversation with a new acquantance around instagram.. She didn’t like the idea of Instagram. With all the effort that photographers and artists put into Photoshop edits, she thought the idea that you could just apply a fancy affect to a random photo was in effect, cheating.

I can see her point – but I like to think of Instagram as the modern-day Poleroid.  In fact, I’ve made a photo album with the first and last pages being a scattering of Instergrams and it worked to good effect.


Don’t blame the firewall – JunOS tip

So it turns out that the Juniper SRX logs every traffic flow through it, which is pretty handy if are just about to utter the words “I blame the firewall” – so rather the prosecute without evidence, hold off judgement for a for short cli commands..

This little tit-bit is aimed around SRX’s with Logical System’s configured – but it probably works just as well without them.

Firstly, drop down into the Linux shell at the command line:

{primary:node0}
jim@my-juniper02> start shell

All the traffic logs for a logical system are located in /var/logical-systems/<name of lsys>/log

% cd /var/logical-systems/my-lsys/log/

The traffic flows are stored in plain text and the logs are rotated and compressed over the period of a few days.  That said, it’s easy to grep the entire collection for what you’re looking for, in this case we’ve got a little DNS problem:

% grep “/53” traffic | grep “DENY”
Aug 20 20:00:57 my-juniper02 RT_FLOW: %-RT_FLOW_SESSION_DENY_LS: Lsys my-lsys: session denied 192.168.63.6/50627->192.168.16.11/53 junos-dns-udp 17(0) rule-global-deny(global) zone-ad-clients zone-ad-servers UNKNOWN UNKNOWN N/A(N/A) reth1.63
Aug 20 20:01:02  my-juniper02 RT_FLOW: %-RT_FLOW_SESSION_DENY_LS: Lsys my-lsys: session denied 192.168.63.6/44644->192.168.16.10/53 junos-dns-udp 17(0) rule-global-deny(global) zone-ad-clients zone-ad-servers UNKNOWN UNKNOWN N/A(N/A) reth1.63

So there you have it. Before allowing someone utter that all-too-commonly used phrase again, try this simple bit of detective work.


CCIE refresh time

Well, it’s July 2012 already, which means in January or before I need to re-certify my CCIE. I’m hoping they’ll have released the CCIE-DC written by then (I missed the chance to try the beta) and I can use that as the next step.. until then, I’ll write a few refreshing blog entries.

Sometimes I still can’t believe I have this thing.. I know it’s not held in as high-a-regard as it used to be, but it’s still pretty great to know the time and effort that went into it and the achievement of passing..


A new ramble begins

Like a lot of things in life, we try and try to start afresh and go as we mean to go on, but it doesn’t always work. Well, here’s attempt number three at getting myself to blog or write… back shortly.