Are you over 18 and want to see adult content?
More Annotations
A complete backup of odishapolice.gov.in
Are you over 18 and want to see adult content?
A complete backup of designerwatchstore.uk
Are you over 18 and want to see adult content?
A complete backup of paganfederation.org
Are you over 18 and want to see adult content?
A complete backup of jenningsmotorgroup.co.uk
Are you over 18 and want to see adult content?
A complete backup of purespace.com.my
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of worldtech.technology
Are you over 18 and want to see adult content?
A complete backup of seamenschurch.org
Are you over 18 and want to see adult content?
A complete backup of ealingtimes.co.uk
Are you over 18 and want to see adult content?
Text
perspective you
THE BANE OF BACKWARDS COMPATIBILITY I'm a huge fan of video games. I love playing them, especially on my old consoles from my formative years. The original Nintendo consoles were my childhood friends as much as anything else. By the time I graduated from high school, everyone had started moving toward the Sony Playstation. I didn't end up buying into DATA IS THE NEW SOLAR ENERGY You've probably been hearing a lot about analytics and artificial intelligence in the past couple of years. Every software platform under the sun is looking to increase their visibility into the way that networks and systems behave. They can then take that data and plug it into a model and make recommendations about the way SPB | THE NETWORKING NERD I was very interested to hear from Avaya at Interop New York. They were the company I knew the least about. I knew the most about them from the VoIP side of the house, but they’ve been coming on strong with networking as well. EPG | THE NETWORKING NERD I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. THE END OF SD-WAN’S PARTY IN CHINA I WAS A 10X ENGINEER. AND I’M SORRY. CISCO PHONE CHEAT CODES There are many things in this world that are hidden just beneath the surface that make our lives easier. Whether it be the Secret Menu at In-n-Out Burger or the good old Konami Code, the good stuff that we need is often just out of reach unless you know the code. This is alsothe case
CHANGE THE CCIE PORTAL LOGIN! It's been said that achieving the CCIE is one of the more painful processes in networking and certification. There's a lot of time and effort that must be expended to obtain those singular digits that identify you as an internetworking expert in the eyes of WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. The ABOUT THE NETWORKING NERD I'm Tom Hollingsworth. I've spent been in the Information Technology industry since 2001. I've worked with enterprise networking and wireless, server virtualization, and unified communications. A large part of my career was spent in the K-12 education market, so I look at many things from the perspective of education IT. Nothing like theperspective you
THE BANE OF BACKWARDS COMPATIBILITY I'm a huge fan of video games. I love playing them, especially on my old consoles from my formative years. The original Nintendo consoles were my childhood friends as much as anything else. By the time I graduated from high school, everyone had started moving toward the Sony Playstation. I didn't end up buying into DATA IS THE NEW SOLAR ENERGY You've probably been hearing a lot about analytics and artificial intelligence in the past couple of years. Every software platform under the sun is looking to increase their visibility into the way that networks and systems behave. They can then take that data and plug it into a model and make recommendations about the way SPB | THE NETWORKING NERD I was very interested to hear from Avaya at Interop New York. They were the company I knew the least about. I knew the most about them from the VoIP side of the house, but they’ve been coming on strong with networking as well. EPG | THE NETWORKING NERD I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. THE END OF SD-WAN’S PARTY IN CHINA I WAS A 10X ENGINEER. AND I’M SORRY. CISCO PHONE CHEAT CODES There are many things in this world that are hidden just beneath the surface that make our lives easier. Whether it be the Secret Menu at In-n-Out Burger or the good old Konami Code, the good stuff that we need is often just out of reach unless you know the code. This is alsothe case
CHANGE THE CCIE PORTAL LOGIN! It's been said that achieving the CCIE is one of the more painful processes in networking and certification. There's a lot of time and effort that must be expended to obtain those singular digits that identify you as an internetworking expert in the eyes of WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. The A DECADE OF CCIE CERTIFICATION I was notified this week that I’m eligible for the 10-year CCIE plaque. Which means that it’s been a decade since I walked out of Cisco’s Building C in San Jose with a new number and a different outlook on my networking career. The cliche is that “so many things have changed” since that day ABOUT THE NETWORKING NERD I'm Tom Hollingsworth. I've spent been in the Information Technology industry since 2001. I've worked with enterprise networking and wireless, server virtualization, and unified communications. A large part of my career was spent in the K-12 education market, so I look at many things from the perspective of education IT. Nothing like theperspective you
WHEN WILL YOU NEED WI-FI 6E AT HOME? The pandemic has really done a number on most of our office environments. For some, we went from being in a corporate enterprise with desks and coffee makers to being at home with a slightly different desk and perhaps a slightly better coffee maker. However, one thing that didn't improve was our home network. For WHY DO YOU NEED NAT66? It's hard to believe that it's been eight years since I wrote my most controversial post ever. I get all kinds of comments on my NAT66 post even to this day. I've been told I'm a moron, an elitist, and someone that doesn't understand how the Internet works. I've also had somegood comments that
TROUBLESHOOTING AND TRIAGE When troubleshooting any major issue, people tend to feel a bit lost at first. There is the crowd that wants to fix the immediate problem. Then there is the group that wants to look at everything going on and address the root problem no matter how long it takes. The key to troubleshooting is to CHANGE THE CCIE PORTAL LOGIN! It's been said that achieving the CCIE is one of the more painful processes in networking and certification. There's a lot of time and effort that must be expended to obtain those singular digits that identify you as an internetworking expert in the eyes of I WAS A 10X ENGINEER. AND I’M SORRY. You probably saw the big discussion this past weekend on Twitter about 10x Engineers. It all started with a tweet about how to recognize a 10x Engineer, followed by tons of responses about how useless they were and how people that had encountered them were happy to be rid of them.All that discussion made me think back to my old days as a SeniorNetwork Rock Star.
THE LAST CABLE TOOL YOU’LL EVER NEED We all have our own tools that we carry around in our toolkits when we need to get down and dirty with our hands. Screwdrivers, wire cutters, wire strippers, crimping tools, knives, duct tape, and even velcro are common sights. You can see what Tony CISCO PHONE CHEAT CODES There are many things in this world that are hidden just beneath the surface that make our lives easier. Whether it be the Secret Menu at In-n-Out Burger or the good old Konami Code, the good stuff that we need is often just out of reach unless you know the code. This is alsothe case
HOW HIGH CAN THE CCIE GO? Tom’s Take. The CCIE is a bellwether. It changes when it needs to change. When the CCIE Voice became the CCIE Collaboration, it was an endorsement of the fact that the nature of communications was changing away from a focus on phones THE BANE OF BACKWARDS COMPATIBILITY That’s because WPA3 was exploited last year thanks to a vulnerability in the WPA3-Transition mode designed to enhance backwards compatibility. WPA3-Transition Mode is designed to keep people from needing to upgrade their wireless cards and client software in one fell swoop. It can configure a WPA3 SSID with the ability for WPA2 clients to EPG | THE NETWORKING NERD Endpoint Group (EPG). Policy. If you’re familiar with ACI, you know what those words mean. You see the parallels between the data center and the push in the campus to embrace SD-Access. If you know how to create a contract for an EPG in ACI, then doing it in DNA Center is just as easy. If you’ve never learned ACI before, you can dive right SPB | THE NETWORKING NERD SPB allows you to use a locally significant VLAN for a service and then defined an ISID that will transport across the network to be decapsulated on the other side in a totally different VLAN that is attached to the ISID. That kind of flexibility is key for deployments THE SKY IS NOT FALLING FOR EKAHAU The Sky is Not Falling For Ekahau. Posted on August 21, 2019. by networkingnerd. i. 4 Votes. Ekahau Hat (photo courtesy of Sam Clements) You may have noticed quite a few high profile departures from Ekahau recently. A lot of very visible community members, concluding Joel Crane ( @PotatoFi ), Jerry Olla ( @JOlla ), and JussiKiviniemi
THE END OF SD-WAN’S PARTY IN CHINA CISCO PHONE CHEAT CODES Unplug the power from the phone. As you plug it back it, press and hold the “#” key. If performed correctly, the Headset, Mute, and Speaker buttons in the lower right corner will start to flash in sequence. When those three buttons start flashing in sequence, enter the following code: 1,2,3,4,5,6,7,8,9,*,0,#. THE LAST CABLE TOOL YOU’LL EVER NEED It was designed by Gerber to be used by U.S. military personnel in Forward Operating Bases (FOBs) for cabling projects. It is constructed from high-grade steel while the handles are made from glass-filled nylon. This means that while the length of the tool is 7.5 inches, the weight is a svelt 14 ounces. As you might expect, it is a hardy little I WAS A 10X ENGINEER. AND I’M SORRY. WHEN IS A TRUNK NOT A TRUNK? When these ports are designated as “trunks”, the frames are tagged with a special 802.1q header that indicates which VLAN they are a part of. The only VLAN that is not tagged with an 802.1q header (by default) is the native VLAN. On Cisco equipment, the default native VLAN for an 802.1q trunk is VLAN 1. The behavior of Cisco IOS is to WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. The THE BANE OF BACKWARDS COMPATIBILITY That’s because WPA3 was exploited last year thanks to a vulnerability in the WPA3-Transition mode designed to enhance backwards compatibility. WPA3-Transition Mode is designed to keep people from needing to upgrade their wireless cards and client software in one fell swoop. It can configure a WPA3 SSID with the ability for WPA2 clients to EPG | THE NETWORKING NERD Endpoint Group (EPG). Policy. If you’re familiar with ACI, you know what those words mean. You see the parallels between the data center and the push in the campus to embrace SD-Access. If you know how to create a contract for an EPG in ACI, then doing it in DNA Center is just as easy. If you’ve never learned ACI before, you can dive right SPB | THE NETWORKING NERD SPB allows you to use a locally significant VLAN for a service and then defined an ISID that will transport across the network to be decapsulated on the other side in a totally different VLAN that is attached to the ISID. That kind of flexibility is key for deployments THE SKY IS NOT FALLING FOR EKAHAU The Sky is Not Falling For Ekahau. Posted on August 21, 2019. by networkingnerd. i. 4 Votes. Ekahau Hat (photo courtesy of Sam Clements) You may have noticed quite a few high profile departures from Ekahau recently. A lot of very visible community members, concluding Joel Crane ( @PotatoFi ), Jerry Olla ( @JOlla ), and JussiKiviniemi
THE END OF SD-WAN’S PARTY IN CHINA CISCO PHONE CHEAT CODES Unplug the power from the phone. As you plug it back it, press and hold the “#” key. If performed correctly, the Headset, Mute, and Speaker buttons in the lower right corner will start to flash in sequence. When those three buttons start flashing in sequence, enter the following code: 1,2,3,4,5,6,7,8,9,*,0,#. THE LAST CABLE TOOL YOU’LL EVER NEED It was designed by Gerber to be used by U.S. military personnel in Forward Operating Bases (FOBs) for cabling projects. It is constructed from high-grade steel while the handles are made from glass-filled nylon. This means that while the length of the tool is 7.5 inches, the weight is a svelt 14 ounces. As you might expect, it is a hardy little I WAS A 10X ENGINEER. AND I’M SORRY. WHEN IS A TRUNK NOT A TRUNK? When these ports are designated as “trunks”, the frames are tagged with a special 802.1q header that indicates which VLAN they are a part of. The only VLAN that is not tagged with an 802.1q header (by default) is the native VLAN. On Cisco equipment, the default native VLAN for an 802.1q trunk is VLAN 1. The behavior of Cisco IOS is to WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. The WHEN WILL YOU NEED WI-FI 6E AT HOME? The pandemic has really done a number on most of our office environments. For some, we went from being in a corporate enterprise with desks and coffee makers to being at home with a slightly different desk and perhaps a slightly better coffee maker. However, one thing that didn't improve was our home network. For THE LAST CABLE TOOL YOU’LL EVER NEED It was designed by Gerber to be used by U.S. military personnel in Forward Operating Bases (FOBs) for cabling projects. It is constructed from high-grade steel while the handles are made from glass-filled nylon. This means that while the length of the tool is 7.5 inches, the weight is a svelt 14 ounces. As you might expect, it is a hardy little PLANNING FOR THE WORST CASE YOU CAN’T THINK OF The CSMA/CD method for detecting collisions on a layer 2 connection has an ingenious solution for what happens when a collision is detected. Once it realizes that there was a problem on the wire it stops what is going on and calculates a random backoff timer based on the number of detected collisions. Once that timer has expired itattempts to
WHY DO YOU NEED NAT66? In the case of the article, Marco Cilloni ( @MCilloni) lays out the need to use NAT66 to use IPv6 at his house due to ISP insanity and the latency overhead of using tunnels with Hurricane Electric. In this specific case, NAT66 was a good tool for him to use to translate his /128 address to something useable in his network. CLOUDGENIX | THE NETWORKING NERD Now, let’s look at a startup like CloudGenix, who was a presenter at Networking Field Day 22 and was recently acquired by Palo Alto Networks. They started off on a different path when they founded the startup. They knew what they wanted to accomplish. They I WAS A 10X ENGINEER. AND I’M SORRY. I Was A 10x Engineer. And I’m Sorry. You probably saw the big discussion this past weekend on Twitter about 10x Engineers. It all started with a tweet about how to recognize a 10x Engineer, followed by tons of responses about how useless they were and how people that had encountered them were happy to be rid of them. IP ADDRESSES IN ENTERTAINMENT TCP/IP has a large number of address ranges that can be used in a fictitious manner. For instance, Class E experimental addresses (240.0.0.0/4) were set aside and hard coded into most OSes as unavailable. The address range for example use and documentation purposes 192.0.2.0/24 can also serve as a safe fictitious range. WHEN IS A TRUNK NOT A TRUNK? When these ports are designated as “trunks”, the frames are tagged with a special 802.1q header that indicates which VLAN they are a part of. The only VLAN that is not tagged with an 802.1q header (by default) is the native VLAN. On Cisco equipment, the default native VLAN for an 802.1q trunk is VLAN 1. The behavior of Cisco IOS is toPOACHING CCIES
Poaching CCIEs. Posted on July 25, 2013. by networkingnerd. During the CCIE Netvet Reception at Cisco Live 2013, a curious question came up during our Q&A session with CEO John Chambers. Paul Borghese asked if it was time for the partner restriction on CCIE tenure to be lifted in order to increase the value of a CCIE in the larger market. MERAKI WILL NEVER BE A LARGE ENTERPRISE SOLUTION Meraki’s acquistion by Cisco has raised their profile and provided a huge new sales force to bring their hardware and software to the masses. The software in particular is a tipping point for a lot of medium and large enterprises. Meraki makes it easy to configure andTHE NETWORKING NERD
Networking With A Side of Snark. It’s another event week for me at Networking Field Day 25 and I’m continually impressed with the level of technology that we see in the networking world. I think back to how things looked when I was still deploying the networks I built and it seems like a hundred years ago instead of a decade. THE BANE OF BACKWARDS COMPATIBILITY I'm a huge fan of video games. I love playing them, especially on my old consoles from my formative years. The original Nintendo consoles were my childhood friends as much as anything else. By the time I graduated from high school, everyone had started moving toward the Sony Playstation. I didn't end up buying into SPB | THE NETWORKING NERD I was very interested to hear from Avaya at Interop New York. They were the company I knew the least about. I knew the most about them from the VoIP side of the house, but they’ve been coming on strong with networking as well. WHY DO YOU NEED NAT66? It's hard to believe that it's been eight years since I wrote my most controversial post ever. I get all kinds of comments on my NAT66 post even to this day. I've been told I'm a moron, an elitist, and someone that doesn't understand how the Internet works. I've also had somegood comments that
EPG | THE NETWORKING NERDEPG FILE FOR IPTVEPG SOURCE FOR IPTV I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. THE SKY IS NOT FALLING FOR EKAHAU You may have noticed quite a few high profile departures from Ekahau recently. A lot of very visible community members, concluding Joel Crane (), Jerry Olla (), and Jussi Kiviniemi (@JussiKiviniemi) have all decided to move on.This has generated quite a bit of discussion among the members of the wireless community as to what this really means for the company and the product that is so beloved CISCO PHONE CHEAT CODES There are many things in this world that are hidden just beneath the surface that make our lives easier. Whether it be the Secret Menu at In-n-Out Burger or the good old Konami Code, the good stuff that we need is often just out of reach unless you know the code. This is alsothe case
HOW HIGH CAN THE CCIE GO? Tom’s Take. The CCIE is a bellwether. It changes when it needs to change. When the CCIE Voice became the CCIE Collaboration, it was an endorsement of the fact that the nature of communications was changing away from a focus on phones WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. TheTOMAHAWK II
Broadcom announced a new addition to their growing family of merchant silicon today. The new Broadcom Tomahawk II is a monster. It doubles the speed of it's first-generation predecessor. It has 6.4 Tbps of aggregate throughout, divided up into 256 25Gbps ports that can be combined into 128 50Gbps or even 64 100Gbps ports. That'sTHE NETWORKING NERD
Networking With A Side of Snark. It’s another event week for me at Networking Field Day 25 and I’m continually impressed with the level of technology that we see in the networking world. I think back to how things looked when I was still deploying the networks I built and it seems like a hundred years ago instead of a decade. THE BANE OF BACKWARDS COMPATIBILITY I'm a huge fan of video games. I love playing them, especially on my old consoles from my formative years. The original Nintendo consoles were my childhood friends as much as anything else. By the time I graduated from high school, everyone had started moving toward the Sony Playstation. I didn't end up buying into SPB | THE NETWORKING NERD I was very interested to hear from Avaya at Interop New York. They were the company I knew the least about. I knew the most about them from the VoIP side of the house, but they’ve been coming on strong with networking as well. WHY DO YOU NEED NAT66? It's hard to believe that it's been eight years since I wrote my most controversial post ever. I get all kinds of comments on my NAT66 post even to this day. I've been told I'm a moron, an elitist, and someone that doesn't understand how the Internet works. I've also had somegood comments that
EPG | THE NETWORKING NERDEPG FILE FOR IPTVEPG SOURCE FOR IPTV I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. THE SKY IS NOT FALLING FOR EKAHAU You may have noticed quite a few high profile departures from Ekahau recently. A lot of very visible community members, concluding Joel Crane (), Jerry Olla (), and Jussi Kiviniemi (@JussiKiviniemi) have all decided to move on.This has generated quite a bit of discussion among the members of the wireless community as to what this really means for the company and the product that is so beloved CISCO PHONE CHEAT CODES There are many things in this world that are hidden just beneath the surface that make our lives easier. Whether it be the Secret Menu at In-n-Out Burger or the good old Konami Code, the good stuff that we need is often just out of reach unless you know the code. This is alsothe case
HOW HIGH CAN THE CCIE GO? Tom’s Take. The CCIE is a bellwether. It changes when it needs to change. When the CCIE Voice became the CCIE Collaboration, it was an endorsement of the fact that the nature of communications was changing away from a focus on phones WHAT’S MY CISCO ATA SECOND LINE MAC ADDRESS? In the world of voice, not everything is wine and roses. As much as we might want to transition everything over to digital IP phones and soft clients, the fact remains that there are some analog devices that still need connectivity on a new phone system. TheTOMAHAWK II
Broadcom announced a new addition to their growing family of merchant silicon today. The new Broadcom Tomahawk II is a monster. It doubles the speed of it's first-generation predecessor. It has 6.4 Tbps of aggregate throughout, divided up into 256 25Gbps ports that can be combined into 128 50Gbps or even 64 100Gbps ports. That's CHARTING THE COURSE FOR ARUBA By now you’ve seen the news that longtime CEO of Aruba Keerti Melkote is retiring. He’s decided that his 20-year journey has come to a conclusion and he is stepping down into an advisory role until the end of the HPE fiscal year on October 31, 2021. WHEN WILL YOU NEED WI-FI 6E AT HOME? The pandemic has really done a number on most of our office environments. For some, we went from being in a corporate enterprise with desks and coffee makers to being at home with a slightly different desk and perhaps a slightly better coffee maker. However, one thing that didn't improve was our home network. For WHY DO YOU NEED NAT66? It's hard to believe that it's been eight years since I wrote my most controversial post ever. I get all kinds of comments on my NAT66 post even to this day. I've been told I'm a moron, an elitist, and someone that doesn't understand how the Internet works. I've also had somegood comments that
EPG | THE NETWORKING NERD I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. AGILITY VS. FLEXIBILITY When you're looking at moving to a new technology, whether it be SD-WAN or cloud, you're going to be told all about the capabilities it has and all the shiny new stuff it can do for you. I would almost guarantee that you're going to hear the words "agile" and "flexible" at some point during MERAKI IS ALMOST AN ENTERPRISE SOLUTION You may remember a three or so years ago when I famously declared that Meraki is not a good solution for enterprises. I know the folks at Meraki certainly haven't. The profile for the hardware and services has slowly been rising inside of Cisco. More than just wireless with the requisite networking components, Meraki has WHEN IS A TRUNK NOT A TRUNK? When I was an impressionable youth back in my college years, I decided it might be a good idea to take Japanese as a foreign language. I spent three semesters learning vocabulary and kanji and eventually managed to forget pretty much everything I learned. One lesson that did stick with me, however, occurred in my HOW TO ASK A QUESTION AT A CONFERENCE The last time you went to a conference, did you ask any questions? Were you curious about a technology and wanted to know more? Was there something that you didn't quite get and needed an explanation? Congratulations. You're in a quiet group of people that ask questions for knowledge. More and more, we are seeing THE END OF SD-WAN’S PARTY IN CHINA As I was listening to Network Break Episode 257 from my friends at Packet Pushers, I heard Greg and Drew talking about a new development in China that could be the end of SD-WAN's big influence there. China has a new policy in place, according to Axios, that enforces a stricter cybersecurity stance for companies. MERAKI WILL NEVER BE A LARGE ENTERPRISE SOLUTION Thanks to a couple of recent conversations, I thought it was time to stir the wireless pot a little. First was my retweet of an excellent DNS workaround post from Justin Cohen (@CanTechIt). One ofTHE NETWORKING NERD
NETWORKING WITH A SIDE OF SNARKSearch
MAIN MENU
Skip to primary content Skip to secondary content* Home
* About The Networking Nerd* Contact Info
* Disclaim This!
* Blogroll
* Cisco Live Twitter List* 2012
* 2013
* 2014
* 2015
* 2016
* 2017
* 2018
* 2019
* My Other Work
* Speaking Engagements* Network Computing
* Tech Field Day
* Packet Pushers
POST NAVIGATION
← Older posts
EVENTUALLY SECURE?
Posted on April 24, 2020by
networkingnerd
Reply
I have a Disney+ account. I have kids and I like Star Wars, so it made sense. I got it all set up the day it came out and started binge watching the Mandalorian. However, in my haste to get things up and running I reused an old password instead of practicing good hygiene. As the titular character might scold me, “This is _not_ the way.” I didn’t think anything about it until I got a notification that someone from New Jersey logged into my account. I panicked and reset my password like a good security person should have done in the first place. I waited for the usual complaints that people had been logged out of the app and prepared to log everyone in again and figure out how to remove my New Jersey interloper. Imagine my surprise when no one came to ask me to turn Phineas and Ferb back on. Imagine my further surprise when I looked in the app and on the Disney+ website and couldn’t find a way to see which devices were logged in to this account. Nor could I find a way to disconnect a rogue device as I could with Netflix or Hulu. I later found out that this functionality exists but you have to call the Disney+ support team to make it happen. I also have no doubts that the functionality will eventually come to the app as more and more people are sharing account information so they can binge watch Clone Wars. However, this eventual security planning has me a bit concerned. And that concern extends beyond Mice and Mandalorians. MINIMUM SECURE PRODUCT If you’re figuring out how to secure your newest application or a new building or even just a new user, you first have to figure out what “secure” looks like. If you have trouble figuring that out, all you need to do is look at your closest competitor. They will usually have a good baseline of the security and accessibility features you should have. Maybe it’s basic device and user controls like the Disney+ example above. Maybe it’s encryption of your traffic end-to-end, as Zoom learned a couple of weeks ago. Or maybe
it’s something as simple as ensuring that you don’t have a hard-coded backdoor password for SSH, like Fortinet remembered earlierthis year
.
The real point is that you can survey the landscape and figure out what you need to do to make your product or app meet a minimumstandard.
On the extremely off-chance that you’re developing something new and unique and never-before-seen in the world, you have a different problem. For one, you need to chill on the marketing. Maybe you’re using something in a novel and different way. But unless you’ve developed psychic powers or anti-gravity boosters or maybe teleportation you haven’t come up with anything completely unique. Secondly, you still have some references to draw on. You can look for similar things and use similar security controls. If your teleport requires a login by a qualified person to operate you should look at login security for other industries that are similar to determine what is appropriate. Maybe it’s like a medical facility where you have two-factor authentication (2FA) with smart cards or tokens as well as passwords or biometrics. Maybe it’s a lockout system with two operators required to engage the mechanism so someone’s arm doesn’t actually get teleported away without the rest of them. Even if your teleport produces massive amounts of logs you should keep them lest someone show up on the other pad with a different color hair than when they left. Those logs may be different from anything ever seen before, but even Airbus knows how to store the flight data from every A380 flight.
Security isn’t a hard problem. It’s a series of challenges that must be overcome. All of them are rooted in common sense and discovery. Sure, you may not know all the problems right now. But you know what they look like in general and you also know what the outcome should look like. Common sense comes into play when you start thinking like a bad actor. If I were able to get into this app, what would I want to do? Maybe I want to sign up for the all-inclusive package and not get a confirmation sent to an account. So put a control in place that makes you confirm that. Sure, it reduces the likelihood that someone is going to sign up for something without realizing what they’ve done. But the side effect is that you also have happier customers because they were stopped from doing something they may not have wanted to do. Your security controls served a double purpose. -------------------------TOM’S TAKE
Ultimately, security should be about preventing bad or unwanted outcomes. Theft, destruction, and impersonation are all undesired outcomes of something. If your platform doesn’t protect against those you are not secure. If your process requires intervention to make those outcomes happen you’re not there yet. Disney+ could have launched with device reports and the ability to force logoff after password change. But the developers were focused on other things. It’s time for developers to learn how to examine what the minimum requirements are to be secure and ensure they’re included in the process along the way. We shouldn’t have to hope that we might one day become eventually secure.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Security| Tagged 2FA
, Two-Factor Authentication, User
Security | Leave a
reply
CREATING CONSPICUOUSLY COMPELLING CONTENT Posted on April 17, 2020by networkingnerd
1
It’s funny how little things change in the middle of big, world changing experiences. I’ve noticed that my daily blog viewership has gone down, as have many other folks I’ve talked to. The number of people reading has been reduced for some reason. However the number of video views of content on other platforms like Youtube has gone up dramatically. It’s almost like the people that were reading because they wanted to get a quick digest now have the free time to watch a whole video on a topic. I got on the bandwagon too, recently publishing my first episode of Tomversations this week. I’ve also talked to several friends that are either starting or restarting a podcast. The gold mine for content creation has opened for business. However, I still hear the same refrains about content that I’ve heard for years when I talk about writing: * “I don’t have anything to say!” * “It’s hard to write things down!” * “Isn’t it easier to just talk about stuff?” These are all valid questions, no matter what medium you’re developing for. But let me give you a roadmap to take those objections, turn them on their heads, and be able to create any kind of content you want to produce. And yes, because you’re reading this instead of watching it, be prepared to write just a little. I promiseit will pay off.
WRITER’S CLEARINGHOUSE You can’t create without ideas, right? You need some way to jot down all the things you think about. Photographers have a saying that the best camera is the one you have with you. I would say that the best note taking device you own is the one you have with you _that you use_. I know a lot of people that carry pens and little notebooks, like my favorite ones from Field Notes . They think that having a few pieces of paper in their pocket is enough to get their ideas to spring forth from their forehead like an ethereal Athena. Sadly, that’s not the case. If you don’t use your note taking device often you won’t build a habit of using it whenyou get an idea.
For example, I take notes in a variety of places. One of them is a program called Drafts . I’ve recently started using it to corral all my random ideas. Thoughts about posts. Story outlines. Scripts for videos. You name it. If it think it, it goes in a draft somewhere. It’s like my digital version of The Jones Grail Diary. It’s not organized, but it doesn’t have to be. Just enough reference for me to remember what I was talking about and the main idea. Sometimes I’ll pull out my phone during conversations to take notes. Those drafts are then synced back to my laptop for perusal and consolidation. Whatever tool your using, make sure you use it as soon as you get the idea. If that poor thought escapes into the nether realm of your brain it’s no good to anyone. And don’t be afraid to jot down the craziest things. No idea is wasted if it’s on paper somewhere. You never know when you’ll create BGP on napkins.
Just make sure you have all those papers or drafts in a place where you check them. If not writing something down is bad, writing it down and forgetting to check in on it is just a little bit better, butstill bad.
OUTLINE EVERYTHING
People think that when they start a conversation or join a podcast recording that magic is just going to happen. The ideas are going to flow and we’re going to have compelling content. The real world couldn’t get any further from the truth. Ideas spring from nowhere, but they grow very slowly. In order to really build around them, you need to nurture then along with some help. And that help usually takes the form of an outline. Outlines help you plan out your ideas and support them. Remember how we were all taught to write paragraphs in elementary school? Main ideas followed by two or three supporting sentences. It’s basically and reads like formula written by a fourth grader. Guess what? That’s a _perfect_ outline. When I started writing this post in my head, I started with the main ideas and then wrote down supporting ideas. Now that you’re out of high school grammar class you can build around your paragraphs with more than just a detail or two. You can add anecdotes or data or even pictures. And that makes your content nice and supported. Outlines also help the thinking process. When I record podcasts I have an outline. The Gestalt IT Rundown happens because Rich researches the stories that we riff on. I can make jokes because I know the stories ahead of time. We work on where to put stories because some are better fodder for jokes than others. That’s the outline process. Podcasts are no different no matter how many guests you have. Maybe it’s a one-on-one episode. There’s an outline of the flow of the episode. It may be very detailed to hit all the points. If it’s a community show or discussion, there may be a loose outline designed to give some guardrails to the content. Even a one-sentence main idea for the topic can be and outline if you keep referring your discussion and arguments back to it.SAVAGE WRITING
I know far too many people that treat their first draft like some kind of sacred relic. This is the best thing I’ve ever produced and it can never change from this form. I will pour my effort into it and that’s all I need.THAT’S CRAP.
First drafts are one step removed from outlines and notes. They’re tying things together. Treat them like sketches and not paintings. Don’t be afraid to rearrange, delete, or outright destroy them. There have been many drafts that have been deleted or radically changed by the time I got to the end of the last paragraph. Likewise, there are times when I realize halfway through a conversation that we need to take things in a different direction. The value of being able to change your mind is that you do it when you need to. Drafts should be massaged and built up to get to a final product. But don’t be afraid to put them on the shelf and let them sit until the time is right. I have dozens of drafts in my archives waiting for more attention, more research, or better timing to be effective. The ideas are sound. The outlines are good. They just need more than I can give right now. Or maybe the topic isn’t quite ready to be discussed at length. What’s important is that the work I’ve done is already waiting for me when I want to come back to it. Coming back to your work after the fact is an important thing to try if you feel stuck. I’ve been known to walk away from a draft post or script because I need to get my head out of the wagon rut thinking I was in. Forcing myself to do something else or talk to someone to change my way of thinking has done wonders. Coming back to something with fresh eyes and brain cells often makes a huge difference. You can catch little mistakes or realize there’s a better way to state your argument. The time it takes to change your mind for a few minutes probably would have been wasted on doing nothing anyway.JUST RECORD.
Okay, you’ve jotted down ideas, built your outline, and written a script or a first draft. What do you do now? Well, like my otherfamous advice , you
need to record your thoughts. Just. Record. Don’t get caught up in things like perfect lighting or audio balance. Don’t freak out if you stammer or someone drives a garbage truck past your recording studio. Just get the thoughts down. Get a feel for how the flow works. Often, you’ll find that you think of changes on the fly. New ways to word things. New supporting ideas that work better for your discussion. I’ve been known to come up with some really great analogies halfway through an explanation that I would never have been able to think of otherwise. You have to get the content down somewhere. You can always record again. You can always edit mistakes. You can record the intro last and the ending first. You can fix just about anything in post-production after you get the hang of it. The key is that you’re capturing content. Just like writing or outlining or note taking. It’s happening and the content is being created. -------------------------TOM’S TAKE
Content may not be perfect the first time, but neither was the electric light bulb. It’s only through the process of forming things that we can refine them to something that works. Every creative endeavor is rough around the edges. As time goes on, the wear is less apparent as you focus on the good instead of the bad. The errors are less conspicuous than the content you want to share.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Blogging, Musing
| Tagged Podcast
, Video
, Writing
| 1 Reply
BGP HELL IS OTHER PEOPLE Posted on April 10, 2020by
networkingnerd
Reply
If you configure a newsreader to alert you every time someone hijacks a BGP autonomous system (AS), it will probably go off at least once a week. The most recent onewas on
the first of April courtesy of Rostelecom. But they’re not the only one. They’re just the latest. The incidences of people redirecting BGP, either by accident or by design, are becoming more and more frequent. And as we rely more and more on things like cloud computing and online applications to do our daily work and live our lives, the impact of these hijacks is becoming more and more critical. PROFESSIONAL-GRADE PROTOCOL BGP isn’t the oldest thing on the Internet. RFC 1105 is the initial draft of Border Gateway Protocol. The version that we use today, BGP4, is documented in RFC 4271 . It’s a protocol that has enjoyed a long history of revisions and a reviled history of making networking engineers’ lives difficult. But why is that? How can a routing protocol be so critical and yet obtuse? My friend Marko Milivojevic famously stated in his CCIE training career that, “BGP isn’t a routing protocol. It’s a policy engine.” When you look at the decisions of BGP in this light it makes a lot more sense. BGP isn’t necessarily concerns with the minutia of figuring out exactly how to get somewhere. Sure, it has a table of prefixes that it uses to make decisions about where to forward packets. Almost every protocol does this. But BGP is different because it’s so customizable. Have you ever tried to influence a route in RIP or OSPF? It’s not exactly easy. RIP is almost impossible to manipulate outside of things like route poisoning or just turning off interfaces. Sometimes the simplest things are the most hardened. OSPF gives us a lot more knobs to play with, like interface bandwidth and link delay. We can tweak and twerk those values to our heart’s content to make packets flow a certain direction. But we don’t have a lot of influence outside of a specific area for those values. If you’ve ever had to memorize the minutia of OSPF not-so-stubby-areas, ASBRs, and the different between Type 5 and Type 7 LSAs you know that these topics were all but created for certification exams. But what about BGP? How can you influence routes in BGP? Oh, man! How much time do you have??? We can manipulate things all sorts of ways! * Weight the routes to prefer one over another * Set LOCAL_PREFERENCE to pick which route to use in a multiple exitsystem
* Configure multi-exit discriminator (MED) values * AS Path Prepending to reduce the likelihood of a path being chosen * Manipulate the underlying routing protocol to make certain routeslook more preferred
* Just change the router ID to something crazy low to break all the other ties in the system That’s a lot of knobs! Why on earth would you do that to someone? Because professionals need options.OPTIONAL AWFULNESS
BGP is one of those curious things that seems to be built without guardrails because it’s never used on accident. You’ve probably seen something similar in the real world whenever a person removes a safety feature or modifies a device to increase performance and remove an annoyance designed to slow them down. It could be anything from wrapping a bandana around a safety switch lockout to keep something running to pulling the trigger guard off a nail gun so you don’t keep hitting it with your fingers. Some professionals believe that safety features aren’t keeping them safe as much as they are slowing them down. Something as simple as removing the safety from a pellet gun can have dire consequences in the name of efficiency. So, how does this apply to our new favorite policy engine that happens to route packets? Well, it applies quite a bit. There is no system of guardrails that keeps you from making dumb choices. Accidentally paste your own AS into the AS Path? That’s going to be a routing decision that is considered. Make a typo for an AS that doesn’t exist in the routing table? That’s going into the formula, too. Announcing to the entire world you have the best path to an AS somewhere on the other side of the world? BGP is happy to send traffic your way. BGP assumes that professionals are programming it. Which means it’s not going to try and stop you from shooting off your own foot. And because the number of knobs that are exposed by the engine are large and varied you can spend a lot of time trying to troubleshoot just how half of a cloud provider’s traffic came barreling through your network for the last hour. CCIEs spend a lot of time memorizing BGP path selection because every step matters when trying to figure out why BGP is acting up. Likewise, knowing where the knobs are best utilized means knowing how to influence path selection. AS Pathprepending
is
probably the best example of this. If you want to put that AS number in there a hundred times to influence path selection you go for it. Why? Because it’s something you can do. Or, more explicitly, something you aren’t prohibited from doing. Which leads to the problem of route hijacking. BGP is going to do what you tell it to do because it assumes you’re not trying to do anything nefarious or stupid when you program it. Like an automation script, BGP is going to do whatever it is instructed to do by the policy engine as quickly as possible. Taking out normal propagation delays, BGP will sync things up within a matter of minutes. Maybe a few hours. Which means it’s not hard to watch a mistake cascade through the Internet. Or, in the case of people that are doing less-than-legal things, to watch the fruits of your labors succeed. BGP isn’t inherently bad any more than claiming a catwalk without a handrail has an evil intent. Yes, the situation you find yourself in is less-than-ideal. Sure, something bad can happen if you screw up or do something you’re not supposed to. But blaming the protocol or the object or the situation is not going to fix the issue. We really only have two options at this point: * Better educate our users and engineers about how to use BGP and ensure that only qualified people are able to work on it * Create controls in BGP that limit the ability to use certain knobs and options in order to provide more security and reliability options. -------------------------TOM’S TAKE
I’m a proponent of both of those options. We need to ensure that people have the right training. However, we also need to ensure that nefarious actors are locked out and that we are protected from making dumb mistakes or that our errors aren’t propagated at light speed through the dark corners of the Internet. We can’t fix everything wrong with BGP but it’s the best option we have right now. Hellish though it may be, we have to find a way to make a better combination of the protocol and the people that use it.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Routing| Tagged BGP
, Hijacking
| Leave a reply
SD-WAN AND TECHNICAL DEBT Posted on April 1, 2020by
networkingnerd
2
Back during Networking Field Day 22 , I was having a fun conversation with Phil Gervasi (@Network_Phil ) and Carl Fugate (@CarlFugate ) about SD-WAN and innovation. I mentioned that it was fascinating to see how SD-WAN companies kept innovating but that bigger, more established companies that had bought into SD-WAN seemed to be having issues catching up. As our conversation continued I realized that technical debt plays a huge role in startup culture in all factors, not just with SD-WAN. However, SD-WAN is a great example of technical debt totalk about here.
ANY COLOR YOU WANT IN BLACK Big companies have investments in supply chains. They have products that are designed in a certain way because it’s the least expensive way to develop the project or it involves using technology developed by the company that gives them a competitive advantage. Think about something like the Cisco Nexus 9000-series switches that launched with Cisco ACI. Every one of them came with the Insieme ASIC that was built to accelerate the policy component of ACI. Whether or not you wanted to use ACI or Insieme in your deployment, you were getting the ASIC inthe switch.
Policies like this lead to unintentional constraints in development. Think back five years to Cisco’s IWAN solution. It was very much the precursor to SD-WAN. It was a collection of technologies like Performance Routing (PfR), Application Visibility Control (AVC), Policy Based Routing (PBR), and Network Based Application Recognition (NBAR). If that alphabet soup of acronyms makes you break in hives, you’re not alone. Cisco IWAN was a platform very much market by potential and complexity. Let’s step back and ask ourselves an important question: “Why?” Why was IWAN so complicated? Why was IWAN hard to deploy? Why did IWAN fail to capture a lot of market share and ride the wave that eventually became SD-WAN? Looking back, a lot of the choices that were made that eventually doomed IWAN can come down to existing technical debt. Cisco is a company that makes design decisions based on what they’ve been doing for a while. I’m sure that the design criteria for IWAN came down to two points: * It needs to run on IOS. * It needs to be an ISR router. That doesn’t sound like much. But imagine the constraints you run into with just those two limitations. You have a hardware platform that may not be suited for the kind of work you want to do. Maybe you want to take advantage of x86 chipset acceleration. Too bad. You have to run what’s in the ISR. Which means it could be underpowered. Or incapable of doing things like crypto acceleration for VPNs, which is important for building a mesh of encrypted tunnels. Or maybe you need some flexibility to build a better detection platform for applications. Except you have to use IOS. Which uses NBAR. And anything you write to extend NBAR has to run on their platforms going forward. Which means you need to account for every possible permutation of hardware that IOS runs on. Which is problematic atbest.
See how technical debt can creep in from the most simplistic of sources? All we wanted to do was build a platform to connect WANs together easily. Now we’re mired in a years-old hardware choice and an aging software platform that can’t help us do what needs to be done. Is it any wonder why IWAN didn’t succeed in the original form? Or why so many people involved with the first generation of SD-WAN startups were involved with IWAN, even if just tangentially? DEBT-FREE DEVELOPMENT Now, let’s look at a startup like CloudGenix , who was a presenter at Networking Field Day 22 and was recently acquired by Palo Alto Networks.
They started off on a different path when they founded the startup. They knew what they wanted to accomplish. They had a vision for what would later be called SD-WAN. But instead of shoehorning it into an existing platform, they had the freedom to build what they wanted. No need to keep the ISR platform? Great. That means you can build on x86 hardware to make your software more universally deployable on a variety of boxes. Speaking of boxes, using commercial off-the-shelf (COTS) equipment means you can buy some very small devices to run the software. You don’t need a system designed to use ATM modules or T1 connections. If all you little system is ever going to use is Ethernet there’s no reason to include expansion at all. Maybe USB for something like a 4G/LTE modem. But those USB ports are baked into theboard already.
A little side note here that came from Olivier Huynh Van of Gluware. You know the USB capabilities on a Cisco ISR? Yeah, the ISR chipset didn’t support USB natively. And it’s almost impossible to find USB that isn’t baked into an x86 board today. So Cisco had to add it to the ISR in a way that wasn’t 100% spec-supported. It’s essentially emulated in the OS. Which is why not every USB drive works in an ISR. Take that for what’s it’s worth. Back to CloudGenix. Okay, so you have a platform you can build on. And you can build software that can run on any x86 device with Ethernet ports and USB devices. That means your software doesn’t need to do complicated things. It also means there are a lot of methods already out there for programming network operating systems for x86 hardware, such as Intel’s Data Plane Development Kit (DPDK). However CloudGenix chose to build their OS, they didn’t need to build everything completely from scratch. Even if they chose to do it there are still a ton of resources out there to help them get started. Which means you don’t have to restart your development every time you needto add a feature.
Also, the focus on building the functions you want into an OS you can bend to your needs means you don’t need to rely on other teams to build pieces of it. You can build your own GUI. You can make it look however you want. You can also make it operate in a manner that is easiest for your customer base. You don’t need to include every knob or button or bell and whistle. You can expose or hide functions as you wish. Don’t want customers to have tons of control over VPN creation or certificate authentication? You don’t need to worry about the GUI team exposing it without your permission. Simple and easy. One other benefit of developing on platforms without technical debt? It’s easy to port your software from physical to virtual. CloudGenix was already successful in porting their software to run from physical hardware to the cloud thanks to CloudBlades. Could you
imagine trying to get the original Cisco IWAN running in a cloud package for AWS or Azure? If those hives aren’t going crazy right now I’m sure you must have nerves or steel. -------------------------TOM’S TAKE
Technical debt is no joke. Every decision you make has consequences. And they may not be apparent for this generation of products. People you may never meet may have to live with your decisions as they try to build their vision. Sometimes you can work with those constraints. But more often than not brilliant people are going to jump ship and do it on their own. Not everyone is going to succeed. But for those that have the vision and drive and turn out something that works the rewards are legion. And that’s more than enough to pay off any debts, technical or not.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Routing, Software Defined
Networking
|
Tagged #NFD22 , cisco, CloudGenix
, SD-WAN
| 2 Replies
THE BANE OF BACKWARDS COMPATIBILITY Posted on March 27, 2020by networkingnerd
Reply
I’m a huge fan of video games. I love playing them, especially on my old consoles from my formative years. The original Nintendo consoles were my childhood friends as much as anything else. By the time I graduated from high school, everyone had started moving toward the Sony Playstation. I didn’t end up buying into that ecosystem as I started college. Instead, I just waited for my brother to pick up a new console and give me his old one. This meant I was always behind the curve on getting to play the latest games. I was fine with that, since the games I wanted to play were on the old console. The new one didn’t have anything that interested me. And by the time the games that I wanted to play did come out it wouldn’t be long until my brother got a new one anyway. But one thing I kept hearing was that the Playstation was backwards compatible with the old generation of games. I could buy a current console and play most of the older games on it. I wondered how they managed to pull that off since Nintendo never did. When I was older, I did some research into how they managed to build backwards compatibility into the old consoles. I always assumed it was some kind of translation engine or enhanced capabilities. Instead, I found out it was something much less complicated. For the PS2, the same controller chip from the PS1 was used, which ensured backwards compatibility. For the PS3, they essentially built the guts of a PS2 into the main board. It was about as elegant as you could get. However, later in the life of those consoles, system redesigns made them less compatible. Turns out that it isn’t easy to create backwards compatibility when you redesign things to remove the extrahardware you added.
BRINGING IT BACK TO THE OLD SCHOOL Cool story, but what does it have to do with enterprise technology? Well, the odds are good that you’re about to fight a backwards compatibility nightmare on two fronts. The first is with WPA3 , the newest security protocol from the Wi-Fi Alliance. WPA3 fixes a lot of holes that were present in the ancient WPA2 and includes options to protect public traffic and secure systems from race conditions and key exchange exploits. You’d think it was designed to be more secure and would take a long time to break right? Well, you’d be wrong. That’s because WPA3 was exploited last year thanks to a vulnerability in the WPA3-Transition mode designed to enhance backwards compatibility. WPA3-Transition Modeis
designed to keep people from needing to upgrade their wireless cards and client software in one fell swoop. It can configure a WPA3 SSID with the ability for WPA2 clients to connect to it without all the new enhanced requirements. Practically, it means you don’t have to run two separate SSIDs for all your devices as you move from older to newer. But practical doesn’t cover the fact that security vulnerabilities exist in the transition mechanism. Enterprising attackers can exploit the weaknesses in the transition setup to crackyour security.
It’s not unlike the old vulnerabilities in WPA when it used TKIP. TKIP was found to have a vulnerability that allowed for exploiting. People were advised to upgrade to WPA-AES as soon as possible to prevent this. But if you enabled older non-AES capable clients to connect to your SSIDs for compatibility reasons you invalidated all that extra security. Because AES had to operate in TKIP mode to connect the TKIP clients. And because the newer clients were happy to use TKIP over AES you were stuck using a vulnerable mode. The only real solution was to have a WPA-AES SSID to connect to for your newer secure clients and leave a WPA-TKIP SSID active for the clients that had to use it until they could be upgraded. 4GS FOR THE PRICE OF 5 The second major area where we’re going see issues with backwards compatibility is with 5G networking. We’re hearing about the move to using 5G everywhere. We’ve no doubt heard by now that 5G is going to replace enterprise wireless or change the way we connect to things. Honestly, I’m not surprised someone has tried to make the claim that 5G can make waffles and coffee yet. But 5G is rife with the same backwards compatibility issues present in enterprise wireless too. 5G is an evolution of the 4G standards. Phones issued today are going to have 4G and 5G radios and the base stations are going to mix the radio types to ensure those phones can connect. Just like any new technology, they’re going to maximize the connectivity of the existing infrastructure and hope that it’s enough to keep things running as they build out the new setup. But by running devices with two radios or having a better connection from the older devices, you’re going to set yourself up to have your new protocol inherently insecure thanks to vulnerabilities in the old versions. It’s already projected that governments are going to take advantage of this for a variety of purposes. We find ourselves in the same boat as we do with WPA3. Because we have to ensure maximum compatibility, we make sacrifices. We keep two different versions running at the same time, which increases complexity. We even mark a lot of necessary security upgrades as _optional_ in order to keep people from refusing to implement them or fall behind because they don’t understand them1. The biggest failing for me is that we’re pushing for backwards compatibility and performance over security. We’re not willing to make the hard choices to reduce functionality in order to save our privacy and security. We want things to be backwards compatible so we can buy one device today and have it work on everything. We’ll just make the next one more secure. Or the one after that. Until we realize that we’re still running old 802.11 data rates in our newest protocols because no one bothered to remove them. We have to make hard choices sometimes and sacrifice some compatibility in order to ensure that we’re safe and secure with the newer technology. -------------------------TOM’S TAKE
Backwards compatibility is like the worst kind of nostalgia. I want the old thing but I want it on a new thing that runs faster. I want the glowing warmth of my youth but with the convenience of modern technology. It’s like buying an old sports car. Sure, you get all the look and feel of an old powerful engine. You also lose the safety features of the new body along with the comforts you’ve become accustomed to. You have to make a hard choice. Do you keep the old car original and lose out on what you like to get what you want? Or do you create some kind of hybrid that has exactly what you want and need but isn’t what you started with? It’s a tough choice to make. In the world of technology, there’s no right answer. But we need to remember that every compromise we make for performance can lead to compromises in security. ------------------------- * I’m looking at you, OWE ↩︎SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Musing, Wireless
| Tagged 5G
, Backwards Compatibility, WPA3
| Leave a reply
FAST FRIDAY THOUGHTS ON WHERE WE ARE Posted on March 20, 2020by networkingnerd
Reply
It’s been a crazy week. I know the curse is “May you live in interesting times,” but I’m more than ready for things to be less interesting for a while. It’s going to take some time to adjust to things. From a networking perspective, I have a few things that havesprung up.
* Video conferencing is now a big thing. Strangely, Cisco couldn’t make video the new phone. But when people are stuck at home now we need to do video again? I get that people have a need to see each other face-to-face. But having worked from home for almost seven years at this point I can tell you video isn’t a necessity. It’s a nice option, but you can get a lot accomplished with video calls andregular emails.
* Along side this is the fact that the push to put more video out there is causing applications to reach their breaking points. Zoom, which is fairing the best out of all of them so far, had some issues on Thursday morning. Tripling the amount of traffic that’s going out and making it very sensitive to delay and jitter is going expose a lot of flaws in the system. * I applaud all of the companies in the last week that have chosen to step out and offer resources to help people work better from home. I also hope that employees and managers use them after this is over to help enable more remote work. Just remember that flexibility has a cost axis as well. Those VPNs and security services and CASBs aren’t going to be free forever. If it makes sense, use it. Otherwise, find something that does. * Remember that this is a stressful time for everyone. I work from home all the time. And this week I have been totally exhausted. Try to find a way to keep your sanity. Step outside for air. Take a short break. Look for ways to keep yourself healthy. It’s going to take time for people to adjust to this. It’s going to take time even if you know how to work remotely too. -------------------------TOM’S TAKE
I’m not sure where this is all headed. We’re all still figuring it out. Things won’t look the same six months from now no matter what. But keep working where you can and improving what you do. The value in this shift comes from empowering us to do what we can. If that means cutting back on Netflix during working hours or spending some extra time learning a new skill make it happen and grow as much as you can. We’re going to need that.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Musing| Leave a reply
I HATE EXCELLENT QUESTIONS Posted on March 10, 2020by
networkingnerd
2
I was listening to a recent episode of the Packet Pushers Podcast about SD-WAN and some other stuff.
At one point, my good friend Greg Ferro (@EtherealMind ) asked the guest something, and the guest replied with, “That’s an excellent question!” Greg replied with, “Of course it was. I only ask excellent questions.” I was walking and laughed out loud harder than I’ve laughed in a longtime.
This was also a common theme during Networking Field Day . Everyone was asking “great” or “excellent” questions. I chuckled and told the delegates that it was a canned response that most presenters give today. But then I wondered why all our questions are excellent. And why I hated thatresponse so much.
CAN YOU DEFINE “EXCELLENT”? The first reason why I think people tend to counter with “excellent” praise is because they are stalling for an answer. It’s a time-honored tradition from spelling bees when you don’t know how to spell the word and you need a few more seconds to figure out if this is one of those “i before e” words or not. I get the purpose of defining something of non-native speaker origin. But defining a simple word? It’s such a recognizable trope that we incorporated some of the fun into a video we did a few years ago atAruba Atmosphere:
Watching my friends “stall” while they’re trying to figure out how to spell a made up word still cracks me up. More importantly, in technology this response is designed to help the engineer or tech person spend a few critical seconds formulating their response and matching it to the question that was asked. Even just a second of memorized, practiced response repetition means you can think about how to answer the question without leaving silence. We live in a world today where silence is bad. We’re so used to hearing noise and other kinds of filler that anything regarded as contemplation or thinking is negative. Instead, we must always be talking and making an audible effort to answer things. Even if it means repeating the same phrases over and over again. It’s bad enough when it’s a pause word.
It’s really bad when it’s the same word at the beginning of a sentence for almost an hour. “That’s an
excellent question” is quickly becoming the response equivalent of “um” in the vocabulary.HIGH PRAISE, INDEED
The other reason why I think people are quick to praise “excellent” questions comes from a bit of social trickery. Sadly, too many sales opportunities descend into an antagonistic relationship where salespeople feel they have to use every trick in the book to separate people from their money. They use tactics designed to inflate egos and make people feel more important so they feel like their making a good decision. Think about the suspect phrasing here. It’s not a “good” question. Or even a “great” question. It’s almost always an “excellent” question. And I’d argue that the more likely a person is to sell you something, the more likely that person is to remark that all your questions are excellent. This kind of puffery can be infuriating to people. It’s not unlike the standard “have you lost weight?” opening when you see someone for the first time in a long time. It’s verbal garbage. You don’t believe it. They don’t believe it. It’s rare that people even acknowledge it. And yet, we find ourselves repeating it over and over again. “That’s an excellent question” is ego stroking at itsfinest.
And the worst part? You’re not praising the person! You’re praising their question. You’re really saying that the words they used were good enough to merit praise. It’s not even that you are praising the person as much as their output. If you really, really, really feel the need to do this, think about doing it in a way that calls out the person asking the question instead: * Wow, you’re really paying attention here! * Did you read ahead? * You’re really getting this. * I’m very impressed with your grasp of this topic. See how each of these responses is designed to work with the person in mind and not just the question? Sure, there s a bit more ego stroking here than with a simple “excellent” question. But if you’re just trying to flatter the person and you don’t even care about the quality of the question why not just sell out all the way? If the point of the response is to make a person feel good about themselves then just go all out. -------------------------TOM’S TAKE
I’m not likely to change the world overnight. Lord knows I’ve lost the battle against GIF and on-premisesenough
already and those are grammatically correct. The “excellent” question thing is a quirk of speech that isn’t going to just disappear because we bring it to light. People are still going to stall or try to boost the questioner’s ego. They’re still going to fill silence or make people full of themselves. Instead of falling back on the tropes of bygone eras, be a different person next time. Instead of the knee-jerk reaction of excellence, take a moment to think and praise the person asking the question. Then give a solid answer that they need to hear. You’ll find it a lot more effective. In fact, I’d venture to say it’s an _excellent_ strategy.SHARE THIS:
*
*
*
Share
*
* More
*
*
Save
*
*
*
*
LIKE THIS:
Like Loading... Posted in Community, Musing
| Tagged Pause Words, Questions
, Verbal Filler
| 2 Replies
POST NAVIGATION
← Older posts
RSS - Posts
ARCHIVES
Archives Select Month April 2020 (4) March 2020 (4) February 2020 (4) January 2020 (5) December 2019 (4) November 2019 (5) October 2019 (4) September 2019 (4) August 2019 (5) July 2019 (4) June 2019 (4) May 2019 (5) April 2019 (4) March 2019 (4) February 2019 (4) January 2019 (5) December 2018 (4) November 2018 (5) October 2018 (4) September 2018 (4) August 2018 (5) July 2018 (4) June 2018 (5) May 2018 (4) April 2018 (4) March 2018 (5) February 2018 (4) January 2018 (4) December 2017 (5) November 2017 (4) October 2017 (4) September 2017 (4) August 2017 (5) July 2017 (4) June 2017 (5) May 2017 (4) April 2017 (4) March 2017 (5) February 2017 (4) January 2017 (5) December 2016 (4) November 2016 (5) October 2016 (4) September 2016 (4) August 2016 (5) July 2016 (4) June 2016 (5) May 2016 (4) April 2016 (4) March 2016 (5) February 2016 (4) January 2016 (5) December 2015 (5) November 2015 (4) October 2015 (4) September 2015 (5) August 2015 (4) July 2015 (4) June 2015 (5) May 2015 (4) April 2015 (4) March 2015 (5) February 2015 (5) January 2015 (5) December 2014 (5) November 2014 (4) October 2014 (3) September 2014 (6) August 2014 (4) July 2014 (5) June 2014 (4) May 2014 (4) April 2014 (5) March 2014 (4) February 2014 (4) January 2014 (5) December 2013 (9) November 2013 (8) October 2013 (9) September 2013 (9) August 2013 (9) July 2013 (9) June 2013 (8) May 2013 (9) April 2013 (9) March 2013 (8) February 2013 (8) January 2013 (10) December 2012 (7) November 2012 (9) October 2012 (8) September 2012 (7) August 2012 (9) July 2012 (8) June 2012 (7) May 2012 (8) April 2012 (11) March 2012 (9) February 2012 (13) January 2012 (6) December 2011 (9) November 2011 (15) October 2011 (12) September 2011 (10) August 2011 (12) July 2011 (11) June 2011 (12) May 2011 (17) April 2011 (7) March 2011 (20) February 2011 (17) January 2011 (13) December 2010 (8) November 2010 (8) October 2010 (11) September2010 (6)
CATEGORIES
Categories Select Category Activism (12) Administrativa (11) Apple (23) Big data (8) Blogging (28) Bugs (4) CCIE (52) Certification (51) Cisco Live (21) Community (13) Configuration (14) Data Center (63) Dell (3) Education (23) Events (4) Google (7) Grammar (1) HP (14) Humor (42) Internet of Things (2) IPv6 (28) Juniper (12) Links (3) Mobile (17) Musing (208) NAT (9) Packet Pushers (3) Review (30) Routing (54) Security (56) Software Defined Networking (69) Storage (2) Switching (56) Tech Field Day (79) Training (15) Troubleshooting (41) Vendors (2) Video (8) Virtualization (23) Voice (46) Wireless (68) FOLLOW ME ON TWITTERMy Tweets
TECH FIELD DAY
Cannot load blog information at this time.PACKET
PUSHERS EPISODES
* Tech Bytes: IT Accountability In The Age Of Network Transformation(Sponsored)
* Day Two Cloud 046: A Cloud Checkup During Covid-19 With ThousandEyes (Sponsored) * Network Break 281: FCC Opens 6Ghz Band For Unlicensed Use; Arista Boosts WLAN Software * Heavy Networking 513: How The Internet Is Handling The Covid-19Load
* Day Two Cloud 045: Tackling Multi-Cloud Challenges With An Actual Multi-Cloud ConsumerFOLLOW ALONG
* Vimeo
The Networking Nerd
Blog at WordPress.com.Post to
Cancel
* Follow
*
* The Networking Nerd* Customize
* Follow
* Sign up
* Log in
* Report this content * Manage subscriptions* Collapse this bar
%d bloggers like this: Send to Email Address Your Name Your Email AddressCancel
Post was not sent - check your email addresses! Email check failed, please try again Sorry, your blog cannot share posts by email.Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0