Free Training from Brocade

For those that wanting a deeper understanding or those having a desire to certify their current knowledge of the Brocade Ethernet Fabric, free online training is available.  The course material even contains a promo code that allows participants to take the BCEFP (Brocade Certified Ethernet Fabric Professional) exam. This program and the associate materials are intended for current network professionals with field experience.

More Information

Those interested might want to take advantage of this sooner rather than later. It is not clear when or if the entire program will be ending. However there is a monthly drawing for a $500 Amazon gift card. Eligibility requirements include completing the program and becoming certified. The monthly drawing will end on May 30th.

Disclaimer: Brocade is a Networking Field Day sponsor. Travel and other associated expenses related to attending vendor sessions have been covered by the sponsoring vendors through GestaltIT. In some cases vendors may choose to provide delegates with marketing materials (cups, pens, tshirts, etc). Any deviation the site-wide disclaimer will be clearly noted at the end of the applicable article(s).

Posted in Blogroll, Certification, General, Network, Technology | Leave a comment

Heartbleed Will Cause Issues With Obscure OpenSSL Use Cases

In real world deployments, the Heartbleed Bug is a bit different than a lot of other vulnerabilities we have seen. This issue exists in recent versions of OpenSSL and allows an attacker to harvest raw information from the memory of affected devices. Obviously, an affected device contains a front-door bug that needs immediate attention. Since there is also the possibility of undetected information disclosure, there must be some consideration for the associated impact of a data breach. In security conscious environments, there are several steps that must be performed in succession to fully address an affected environment.

Addressing the Heartbleed Bug

  1. Obtain and install a version of OpenSSL that isn’t affected by the vulnerability
  2. Confirm that the host is no longer vulnerable
  3. Consider the possible impact of prior disclosure of memory contents
    1. Private Keys/Certificate (rekey and reissue as required)
    2. User Credentials (expire and require new password at next logon)
    3. Embedded and/or Configured Credentials (www->SQL)
    4. Any other data that could’ve been in RAM
  4. Proper Monitoring, Forensics and Notification as required

My general thoughts on this are that the first two steps will be quickly performed on high risk web servers that use standard TCP ports. This is partially due to the coverage the issue is getting. However, my guess is that some organizations will fall short on steps 3 and 4. My additional concern is that Heartbleed may be overlooked in more obscure places. Some may be surprised at where it can be found.

Where Heartbleed is Found?

  • OpenSSL running on TCP/443 for typical WWW servers
  • Management Interfaces that run SSL
  • SSL Terminating Load Balancers
  • Web Application Firewalls
  • OpenSSL used with other protocols (possibly SMTP, POP, SIP implementations)
  • SSL VPN Appliances
  • Anywhere OpenSSL is Used

My belief is that most installations that are already patched were likely not exploited. This is purely speculation so data leakage should be considered a possibility and addressed accordingly. I have more concerns around OpenSSL instances that aren’t remediated in a timely manner. Less obvious installations may not be found and patched for a period of time. In those cases, an eventual exploitation is more likely. There are plenty of obscure use cases for OpenSSL that may not be discovered by administrators.

There are broader use cases that may go undiscovered as well. Image the potential impact of a VMWare ESXi installation that is affected by this vulnerability. In a network that is unmaintained, this could go undetected for quite a while. Depending on the environment, this could be a significant risk that leads to subsequent disclosures. Additionally, consider the ramifications of something like this in a Cloud Service Environment. We’re probably going to be seeing repercussion from heartbleed for a while.

Where is the most obscure or concerning place you’ve found heartbleed? Comment Below–

Disclaimer: The opinions shared above are those of Paul Stewart. PacketU nor Paul Stewart accepts any liability due to action or inaction resulting from the content of this article or site. 

Posted in Security, Technology | Tagged , | 1 Comment

7 Quick Tips for Cisco Live Attendees

CiscoLiveIt’s only a few weeks until Cisco Live US! Since will be my fourth experience with Cisco Live, I am considered a NetVet. Each year there are many first-time attendees. With that in mind, I wanted to share a handful of tips that might help these Cisco Live first timers enjoy their visit to San Francisco.

Quick Tips For Cisco Live 2014

1. Wear comfortable shoes–

Convention centers with the ability to handle more than 20,000 visitors tend to be huge and spread out. Those attending Cisco Live often report walking 20 to 30 miles. That’s quite a bit of walking. Quality shoes will increase the comfort (or decrease the pain) when moving between sessions and exploring the World of Solutions.

2. Bring a jacket–

This recommendation is specific to this year’s venue. Last year Cisco Live US was in Orlando and everyone needed a personal air conditioner. San Francisco is much different. Even though it is California, it is Northern California. Additionally, the cool pacific ocean tends to influence the temperatures. In some places, it seems more common than not to need a jacket. I plan to pack one and be prepared for outdoor events like the Customer Appreciation Event.

3. Leave sessions that don’t fit–

The technical sessions at Cisco Live are awesome. In many cases the presenter will be a senior developer, author of a related book or a representative with one or more standards bodies. But let’s face it, sometimes a given session doesn’t jive with everyone. If you aren’t connecting and feel compelled to leave the session, do so discreetly. If the session isn’t delivering value, there are other plenty of other opportunities to learn. Alternatively, a short break might help your mind prepare itself for the next session.

4. Take advantage of social events–

Twitter is the social network of choice at Cisco Live. Look out for official hashtags and twitter lists to follow. Cisco Live is a great place to meet those that you’ve been interacting with throughout the year. Look for the “Social Media Hub” and start chatting with people who only been cyber friends in the past. While I’m a serious introvert and would admit that this doesn’t sound like much fun, a lot of other geeks are just like me and it usually works out to be an interesting time. Also take advantage of the Customer Appreciation Event. If you are a CCIE or can find one to tag along with, the CCIE party can also be fun.

5. Visit the World of Solutions vendors–

The World of Solutions is an enormous showcase of vendors that relate to Cisco products. These are typically training partners, network management vendors, environment solutions, and other Cisco partners. In this area, Cisco also has several booths that represent their different business units and areas of interest. Attendees can get a lot of free stuff, but be forewarned that it will result in quite a bit of email. I would recommend at least visiting the booths of vendors for the types of solutions your organization or customers are currently considering. Cisco Live is great place to get the contact information for their top engineers.

6. Have a plan–

Sessions should be scheduled as far in advance as possible. Beyond that, you sort of need to build an itinerary for each day. Cisco Live is tiring and attendees are more likely to become exhausted than to run out of stuff to do. Make a mental note of the high priority items and make sure to accomplish those.

7. Meet the engineer–

I must make a personal confession on this one. I typically haven’t took advantage of this. However, I have heard from others that this is a great experience. Basically, attendees can schedule a “Meet the engineer” session with a Cisco Subject Matter Expert and go over their own thoughts, designs and challenges. Someone responding like, “Well when I was writing the code for that feature”, will likely gain instant creditability as they provide critical input on your design.

Conclusion

Cisco Live is a blast. It is also physically and mentally exhausting. If you have questions, additional tips, or links to share, please do so by commenting below.

Posted in Certification, Events, General, Technology | Tagged | Leave a comment

Podcast Spotlight — The Class-C Block

Bright orange RSS icon

This podcast spotlight goes to The Class-C Block. I am little embarrassed to admit it, but I just stumbled on to this podcast a couple of months ago. Although this show is infrequent in comparison to other similar podcasts, it is very well done and informative. Listeners who enjoy deep, technical discussions around networking, design and programmability will certainly enjoy this podcast.

Recent episodes have focused on topics like VMWare NSX, Cisco Nexus 9000, Open Daylight and a lot of SDN.

Links

Disclaimer: I have no affiliation with The Class-C Block show or any organization linked to,  represented in or derived from content found in this article.

 

Posted in Blogroll, Network, Technology | Tagged , , | Leave a comment

The Advantage Tail-f Has Developing NCS

There wasn’t a single Networking Field Day 7 session that didn’t at least touch on software defined networking or SDN. Tail-f was the first vendor who presented and told us about a network management product that could play a significant role in a Software Defined Network.

The product of focus was NCS  or Network Control System. It is an orchestration system for the network. Think of NCS as a CLI that can control the network as a whole. Moreover, it can present the entire network with a Cisco or Juniper style interface regardless of what underlying hardware vendor is utilized. This product also offers a web interface and supports various northbound and southbound API’s.

Anyone that has attempted to build such a solution understands that there are several challenges. There are different protocols and syntax used for configuration. When looking at something like a Cisco CLI, it is quickly obvious that the command syntax is only loosely structured. The syntax also changes over time and often without warning. This is where Tail-f has a unique advantage.

The Tail-f Advantage

So what exactly is Tail-f’s advantage? The Tail-f advantage in this realm is their inside knowledge of popular management interfaces. Their inside track is a result of their other product which is known as ConfD. This product is customized and sold to many major vendors to be used as the management interface for their network devices. During the introduction, Carl Moberg made the following statement when speaking of ConfD–

If or when you log into ‘kind of’ next generation or current generation hardware from some of the very large vendors, you will wind up in Tail-f software.

This statement can be heard about 2:22 into the introductory presentation below.

Introduction to Tail-f and NCS from Stephen Foskett on Vimeo.

Conclusion

My point is that interfacing with a loosely structured and changing management interface presents challenges. Having inside knowledge of current and future caveats for a particular interface is a great place to be for a company that develops a product like NCS. While I find it interesting, I haven’t had an opportunity to evaluate NCS. However if I can get my hands on an evaluation copy, I may post some additional thoughts on what seems to be a fairly useful product.

Networking Field Day 7 Links

Disclaimer: Travel and other associated expenses related to attending vendor sessions have been covered by the sponsoring vendors through GestaltIT. In some cases vendors may choose to provide delegates with marketing materials (cups, pens, tshirts, etc). Any deviation the site-wide disclaimer will be clearly noted at the end of the applicable article(s).

Posted in Blogroll, Events, Technology | Tagged , , | 1 Comment

My Python Student

Paizley Programming

So I know what everyone is thinking–Paul is teaching programming, yeah right…

Well I am sort of being a facilitator. The truth is I have a very special student, my 11 year old daughter. The broader story is that she has expressed interest in the stuff that I do for a while. Believing that a programming language might be more interesting to a pre-teen than configuring a router, I thought Python would be a perfect choice. I am the first person to admit that I’m an absolute n00b when it comes to this language. Fortunately it is fairly intuitive. Beyond that, there are some pretty good resources available.

So basically I showed her three things–the Learn Python the Hard Way site, how to use TextWrangler on a Mac, and how to use the terminal to execute the scripts. I then worked through the first couple of examples with her. To my delight, she kept going. I even got a call on my way to work yesterday requesting help troubleshooting an issue. I didn’t give the answer, but nudged her in the right direction. When I returned home, she was watching some related content on The Khan Academy.

The question for me is will she continue. I fully believe she has the ability to continue learning independently of me. It would be awesome to see her skills supersede my own (and with Python, that probably wouldn’t take that much). She says its cool and seems to enjoy it. If nothing else, it is exposing her to new ways of thinking and introducing her to possibilities.

Anyone else out there working with their children on similar projects?

Posted in Career, Technology | Tagged , , | 3 Comments

Blog Spotlight — Colin McNamara — OpenStack Nerd, CCIE, DevOps Junkie

Monthly Blog Spotlight

I have been a long time reader of articles written by Colin McNamara. Authoring a blog that bears his name, Colin is working to evangelize the thought processes around DevOps into IT organizations. One of his latest articles called the value of the CCIE into question and probably created concern for anyone who felt like this certification was a golden ticket into all things tech.

This website is just an extension of Colin’s presence in social media. He spends a lot of time on twitter and his goals are clear. He wants to help people understand that the world of networking is changing in exciting new ways and that the changes should be embraced.

In a recent conversation on twitter, Colin made the following statement in regards to the work that was being done around SDN, DevOps and OpenStack.

@packetu @SomeClown We are trying to change the world, and address this transition as a community

Then quickly followed up with this comment

@BobL @packetu @SomeClown 1. change thinking 2. apply concepts. 3. grow beard

 

Links

Disclaimer–I continually get requests for a list of the blogs, podcasts and people I follow to “keep up” in this industry. As a result, I decided to start publishing some of the blogs I regularly read. Links to other content from PacketU or affiliated social channels should not be thought of as a universal endorsement or indication of independence or neutrality for a given external site. Readers should assess ALL applicable content before proceeding with actions that could adversely affect their environment.

Posted in Blogroll, Technology | Tagged | Leave a comment

Using the Brocade vRouter VPN Capabilities

One of the challenges that must be overcome as servers are migrated to a cloud service provider is the ability to continue to reach all servers and securely communicate with them for various administrative and data transfer needs. NAT can provide a limited way to access hosts in this arrangement and may be sufficient for customer access. However, there is often the possibility of other communications requirements between on-premise hosts and the servers that are now located in the cloud. This article examines the use of the Brocade vRouter in a VPN configuration to address this challenge.

The Challenge

The customer, whom we will call ACME, has decided to migrate the server workload to a cloud service provider. This type of environment is typically known as IaaS (Infrastructure as a Service). ACME will need access to the private IP addresses of its cloud servers from on-premise workstations. The communication also needs to be universally encrypted for secure transport.

The Proposal

The proposed solution is to implement a VPN to the Brocade Vyatta vRouter from an existing on premise appliance (Cisco ASA in this example).

 

Vyatta to ASA

The configuration relevant to VPN for both the Brocade Vyatta vRouter and the ASA can be found below.

Brocade vRouter Configuration Continue reading

Posted in Events, Network, Security, Technology | Tagged , , , , , | 1 Comment

Salman Khan to Deliver Closing Keynote at Cisco Live

Sal Khan ImageI heard it on good authority today that Salman Khan will be delivering the closing keynote at Cisco Live. Sal Khan started a non-profit educational organization known as The Khan Academy that utilizes the web as a teaching and delivery tool. The primary goal of the organization is to provide a free, high-quality education to “anyone, anywhere” in the world.

Mr. Khan also authored a book called The One World Schoolhouse: Education Reimagined that outlines his goal for a universally accessible world-class education. This keynote follows other recent closing day performances featuring the personalities of Sir Richard Branson (2013) and Adam and Jamie from Mythbusters (2012).

When the announcement is posted on a Cisco’s web site, I’ll link to it here. Stay tuned for other Cisco Live related announcements.

Links

Posted in Cisco Live, Events, Technology | Tagged | Leave a comment

Just What Is LiveAction?

One of the vendors who presented for Networking Field Day 7 was a company formerly known as ActionPacked. This company was recently rebranded to LiveAction and the name is reflected in their product. LiveAction aims to be a QoS implementation and networking quality tool that fits into a Cisco environment. While there are some videos that were produced and recorded at NFD7, I think the shorter video below may actually bring network administrators and engineers up to speed on many of the relevant details of their offering.

Networking Field Day 7 Links

Posted in Blogroll, Events, Technology | Tagged , , , | 1 Comment

7 Things I Learned at Networking Field Day 7

As many PacketU readers know, I spent this week in San Jose, CA as a Networking Field Day 7 delegate. For those who are unfamiliar with Networking Field Day, it is a well-run GestaltIT event that is funded by vendor sponsorship. In turn, this sponsorship provides technology vendors with an opportunity to discuss their products and ideas with a body of delegates, which is comprised of technology leaders, bloggers and practitioners.

While attending presentations, I formed a mind-boggling amount of thoughts about the vendors, their products, and the direction of the industry in general. Over the next few weeks I plan to share some of those thoughts. Today, as I sit in my hotel room, I think about some very high level, general and personal things that I’ve learned this week. These thoughts have little to do with any particular vendor. However, I wanted to take the time to capture and share them with others.

What I Learned

1–There will be a lot of change in the next few years Continue reading

Posted in Career, Events, Technology | Tagged , , , | 1 Comment

Networking Field Day 7 — Tweet Your Q’s

Network Field Day 7 Starts tomorrow! Delegates will be attending sessions by Avaya, Brocade, Dell, Extreme Networks, Juniper Networks, LiveAction, Plexxi, Pluribus Networks, and Tail-f. Most delegates come with tough and thought provoking questions for the vendors. For those attending via Livestream, questions can be relayed to the event by tweeting them with the hashtag #NFD7.

The NFD 7 Crew!

Networking Field Day 7

This week’s presenter schedule is as follows– Continue reading

Posted in Events, Technology | Tagged , , , | 1 Comment