Cisco Live 365

Cisco Live 365 is an unbelievable resource that’s totally free!  For those who haven’t come across it before – it’s a library of all the presentations from the Cisco Live conferences from the last four years (starting London 2012).  For most of the sessions, the presentation material is available for download in PDF form and for many the actual session has been recorded and hosted as well.
The Library of resources aren’t just there for those who couldn’t make the Cisco Live conferences in person, but provides excellent resources for reference and training materials. I just can’t recommend using enough for those of both Sales and Technical backgrounds.
For those who’re technically focused.. just search ‘Deep Dive’ and you’ll find a mass of material that’s not on’s documentation/support pages, most of it’s written by Technical Marketing Engineers or those just live-and-breathe specific technology stacks.

The Problem with NSX and ACI

Let’s face it, if there’s even the slightest whiff of someone in a business somewhere mentioning or even thinking about ‘SDN’, Cisco and VMware will be knocking on that door… with a sledge hammer!
The problem is, neither vendor’s product is perfect and as yet, they don’t talk to each other.
NSX doesn’t manage infrastructure. Period.  It has not a care in the world to what is going on with the underlay.  And you might say “Well that’s how it’s designed – to be underlay agnostic”.  My problem with this is; if you’re doing a greenfield DC or refresh, you still have to consider the physical infrastructure. How are you going to manage that infrastructure, monitor it and maintain it. NSX won’t make it go away.  What NSX is good at is the logical stuff – it’s easy to understand the concepts of an edge firewall, distributed firewall, dLR and logical networks. And it’s easy to create the tenant spaces within those constructs.
ACI is infrastructure, it is not virtualisation. The super-cool thing about ACI is just how easy it is to deploy, configure and manage large-scale network infrastructure.  It’s unbelievable how easy it is! Where it fails, not abysmally just badly, is delivery of the infrastructure constructs into the hypervisor space.  Cisco need to create an hypervisor-component capable of everything a physical leaf does – sending traffic up to a physical leaf for processing and then returning it back to the hypervisor is just clumsy. Even worse, assigning VLANs (which we’re trying to get away from the limits of) into port-groups on the VDS and using that for [micro-]EPG separation is clunky.
Are these two competitors? Cisco and VMware believe so, but in reality they are solving different problems, expensively.
What is the answer.. working together.  Which is tricky – NSX has come along way in terms of the VXLAN/Logical Switching/dLR development and of course ACI is doing the same at the physical layer in the leaf(s) (leaves?). I like NSX’s ability to provide a limited set of basic network functions (Edge, SSL/VPN/SLB) in an easy-to-consume way, what I don’t like is it’s total ignorance to physical infrastructure and physical workloads.

NSX Ninja

In the later-half of 2015 I was lucky enough to be invited to the NSX Ninja partner course at VMware in Staines.  This is a course specifically to drive the knowledge-base of partner consultants and architect-types to enable them to seek out and position NSX oppertunities.  With two weeks of training on the agenda and the assumption you’ve already spent some time on either a training course (ICM or Fast Track) and earned the VCP-NV; this course focuses first on low-level troubleshooting components and packet flows, then on the design side with the intention of preparing students for the VCIX-NV.

Read the rest of this entry »

Cloud and the Reseller

Attending an event today at Cisco I was blindsided by the lack of forsight with some ‘fellow’ VAR representatives.

When asked the question ‘Do you feel that cloud is a direct competitor or threat to your business’, one plainly answered; ‘Yes- if the customer is buying cloud then they’re not buying hardware’.
I think most of us are in agreement that the days of being a pure box-seller (even if it’s a solution of boxes) are long gone. VARs should be looking to exploit cloud services and create offerings around them- incorporate them into solution designs; sell services such as DRaaS in the cloud, or Global Availability/localisation, or flexible compute for development. Sure, you might not get as big of a slice of the Capex budget, but you’ll get on-going Opex monies instead. If you’re smart, you’ll sell some form of managed service or cloud-support too.

vLab Beast

Virtualisation of common workloads is the norm, and virtualised networks will soon be too.  Back in 2009 I took my CCIE R&S and at the time, I had the full resources of being a Cisco employee supporting me.  Now however, I find myself more of a lone-wolf and in order to keep up with the new trends of virtualised infrastructure and software-defined/developed-everything I’ve decided to invest in a small virtual lab box.

Now – being that I live in a flat with no dedicated study/office space and a partner who (quite rightly) enjoys having an aesthetically-pleasing home, I’ve come up with a box which I can hide in a cupboard and it’s relatively low-powered and almost silent..

  • Supermicro X10SDV-TLN4F 
  • onboard – Intel Xeon D-1540/1541 SoC (System on Chip) – 8c + HT
  • onboard – Dual 1GE, and Dual 10GE Base-T LAN
  • onboard – Dedicated IPMI interface
  • 64GB DDR4 RDIMM (16GB x 4)
  • 256GB M.2 PCI-e 3.0 x4 SSD (Samsung SM951)
  • Two 1TB Seagate Barracude (ST1000DM00) slow disks
  • 16GB USB stick (to boot from)
  • All wrapped up in a Cool Master Elite 120 Advanced

All the kit is on order and hopefully I’ll have some updates as to the build and performance as the weeks go by.

Full Stack Engineers

In an article titled “Places the CCIE can’t take me”, Ethan Banks recently wrote that network engineers need more and more to be aware of ‘the complete stack’; in my eyes this means the compute, the storage, the virtualisation, the applications and the management.

I’ve been lucky in that I was introduced to VMware in 2002 – you know, before ESX and vSphere, when you still had to compile Workstation from source.  So when Cisco dropped the UCS bomb in 2009, setting up vSphere wasn’t alien to me – I was one of a few network engineers who could understand the interaction between all the components.  It was a good time to be an engineer!

This wholistic knowledge I’ve carried forward today; I am a network engineer at heart and will always start there but I talk to other engineers and customers about all the other components too; what are you running on the network, how is it hosted, what hypervisor or bare-metal OS are you using, what type of storage is it and how is it accessed and a 100 other questions that lead me to some idea of what is trying to be achieved.

In the last few years I’ve also started to ask the questions around managing infrastructure; what do you monitor and how?  How do you control and backup configuration?  These questions have been spawned from exposure to financial customers, where availability, integrity and latency are high on the agenda.  Infrastructure engineers have been scripting configuration tools for years, but now application developers are trying to do it as well and they get called DevOps.

In the future, I think there’ll still be a need for the specialist engineers we have today; network engineers, storage engineers; compute guys etc – but they’re all going to need to understand a more about the wider picture than they do now.  The scariest thing for me, recently; talking to a DC network guy who doesn’t know the damnedest about vSwitches and in the same five minutes a Nutanix engineer who didn’t know if he needed a port-channel for his vSwitch uplinks or not.

Meraki – How networking should be done

Well – I had my first proper introduction to Meraki last month by doing their 1-day CMNA course and I have to say, I was very impressed.

Here’s a company that have taken edge networking (wireless and access switching) and security networking and made it easy.  Taken the complexity of the CLI out, made the UI intuitive enough and made the whole “crap, how do I do this” experience a thing of the past.  Sure, the kit and dashboard doesn’t have the bells, knobs and whistles as Cisco gear but sometimes there’s just no need for that.

Being able to attached a bit of the kit to the network and have it almost self-configure and become instantly visible in the dashboard is a far cry from having to find a console cable and manually configure management not only on the switch itself – IP address, syslog server, SNMP server/strings, local credentials, RADIUS or TACACS – but also on each of those monitoring systems as well.  Think of the time saved here when it’s all done, automatically, as if by magic..

Now, don’t let me deceive you here, there are actually some pretty neat and fairly complex things you can do around MDM profiles, client-specific profiles (with client-specific firewall and QoS) and site-to-site or client-based VPNs, but they are all made much easier.  Not to mention that EVERY device in the Meraki offering has Layer 7 capabilities (which is totally crazy!!) and makes good use of it.

Anyway – don’t take my word for it – try it out for yourself.

Oh, and before anyone asks just how expensive it is.. don’t forget, the license includes all the support you’ll need, hardware replacement, and you don’t have to license any additional or third party monitoring tools, so go factor that into your TCO before you dismiss it.


Catchup Blog from 23,333

Well, doesn’t time fly when you’re in a new job! I’ve finally settled down into my new role and been badged at “Technical Architect” – I’m not yet totally convinced that I’m there yet but it’s something I aspire to be.

I’ve done a lot of on-site consulting and design work in recent months and with a break in the work stack I finally have time to spending ‘solutioneering’ and more importantly going on training and catching up on today’s network technologies. Not that I was being left behind, I’ve still been watching twitter and reading blogs, but I haven’t been able to see theory in practice.

Recent weeks have been a flurry of vendor activities, and I hope to put a few thoughts to paper shortly for each:
– CMNA 1-day Training – learning the fundamentals of Meraki
– Cisco UCS / ACI Integration – a pilot course, but prompted a lot of discussion between engineers
– VMware NSX for Internetworking Experts Fast Track – pretty much says it in the title.

In the mean-time, I need to work out a solution for getting notes from Evernote into WordPress!

UCS Performance Manager

Based on and in partnership with ZenOSS – Cisco are releasing a new product called UCS Performance Manager.  There’s a tech talk on Cisco’s website which, if you can get past the waffling at the beginning and get onto the screen demo, looks pretty good.  Sure, it’s a cobbled ZenOSS, but the idea is good – it brings together a complete visual of the utilisation of UCS, something I haven’t see anywhere else.  It can include not only UCS infrastructure (Fabs, interface utilisation, blade usage etc) but also probe external switching infrastructure as well as the virtualisation layer (currently vSphere or Hyper-V).

Cisco Network Lab Emulators

I’ve been looking for a good training lab solution that doesn’t involved having a small office humming with old ISRs and Catalyst switches.. Having worked at Cisco, I was aware of the various internal options (IOU, Titanium) as well as the more widely available ones (GNS3). But now, Cisco have finally realised that not everyone can afford to build labs full of kit and are releasing a few products to support individuals and companies who want to test configurations and network designs.  This isn’t new news (we’d heard rumours for over a year of a product called VIRL, Virtual Internet Routing Lab) – but I’m not sure everyone’s found all the pieces yet.

Cisco Modelling Labs – is intended to be a corporate solution to support designing and planning of routed networks and their configurations.  It’s a fully supported product that needs some serious hardware to run on, but allows you to build a routed network in a simulated environment, configure all the components up and see how they behave.  Currently they’re supporting IOSv (a virtualised version of IOS), IOS-XRv and the CSR 1000v – which pretty much covers your main routing OSes.

onePK – is a development kit designed around Cisco’s onePK.  The ‘all-in-one’ VM is configured to provide three routers running IOSv, all interconnected and ready for playing with onePK Python and Java interfaces.  You can however, reconfigure it to provide additional IOSv instances, as demonstrated here.

There is also a Beta programme for a /dev/inovate lab – however I can’t see what the cost implications of this are.  It looks ideal for those intending to do some hard-core software/API development against Cisco’s gear.