BGP is Great!
I am back again to my BGP studies for the final refresh to take the BGP exam. The great thing about BGP that I love is the level of control you have and how different and intelligent mechanisms are there to manipulate your routing and traffic flow. One of my wishes is to become a BGP instructor to share the joy with the rest of the world 
There is so much to learn about BGP.
CCIP Retires…
This was surprising for me that Cisco is retiring the CCIP certificate by 29th of October! The BGP and MPLS exam which are part of the CCIP will expire even earlier in July! Interested candidates are advised to take on the new "CCNP Service Provider" which comes with completely new exams and objectives with much emphasis on Cisco Next-Generation-Network (IOS-XR/XE) technologies. To take on the CCNP SP path the prerequisite is the "CCNA Service Provider" which unlike other CCNA variants is a two exam path (SPNGN1/SPNGN2).
I was just about to take the BGP exam in two weeks and now I need to reconsider!
Thoughts Around Career Paths
These days I have a lot of thoughts on my mind regarding different career paths I can embark on. Its a tough and important decision, because a lot of consistent effort is required in each path and one important factor in my decision making is the current technical exposure I have at the moment. Some paths are irrelevant to what I am doing at the moment but they are aligned to my long term goals. Right now I guess I need to to come up with a one year plan which might divert me from what I expect from myself but since its aligned with my work environment it may open some new and unexpected opportunities. My goal is to keep my "Network and Security Engineering" profile high...
Marriage Affect on TV Series!
They say that marriage changes every aspect of your life, even the TV series you used to watch!
TV Series I watched before marriage (Alphabetic):
TV Series I am watching / have watched after marriage (Alphabetic):
I leave the judgement to you
NAT66, NPTv6 or What?
One thing that is concerning me these days regarding stretching IPv6 to end user is the security risk of having public route able addresses on user machines! Well, from a IPv4 world mindset this is a concern for everyone and in IPv4 life NAT (NAT44) is the remedy but talking about the same algorithm in IPv6 and naming it NAT66 is not much welcomed and even IETF is declining any IPv6-to-IPv6 NAT approach the way we use to have o IPv4 although there is an experimental RFC for IPv6-to-IPv6 Network Prefix Translation (NPTv6) which is really different from NAT44 and it serves a different purpose.
Having direct end-to-end communication with the world will of course help us get away with some of the tools that are just there to fix end-to-end communication problems that are as a result of NAT. This will save cost in terms of performance, operation complications, and CASH! But I really need some degree of security comfort at the back of my mind which can not find it yet without finding some mechanism to hide my user IPv6 addresses from the rest of the wild world!
This post is not to give a conclusion or solution as not everyone is clearly able to do so at this stage. But there are so many great work being done to address these issues and the best way we can handle this is to follow "current" guidelines and best practices and be ready for any change in future.
These two RFCs might give some ideas :
IPv6 Challenges of Enterprises
This is a three part video from a round table held during the "V6 World Congress 2012" where the representative of some major enterprises such as Google, Microsoft, HP, etc. share their challenges while implementing IPv6 in their organization:
V6 World Congress 2012 Challenges of Enterprises - part 1
Cisco Router as IPv6 DHCP-PD
This is a quick video on how to configure a basic Cisco IPv6 DHCP-PD (Prefix-Delegation):
Cisco Router as a DHCPv6 Prefix Delegation Server
Refer to the following documents for more info on the scenario:
DHCPv6 using the Prefix Delegation Feature Configuration Example
Central Logging System; SIEM
Previously I always used and recommended open source tools to setup a central logging system. It is cheap and fully customizable to all needs. I wonder how people do without logging their network devices, servers, and services activities in a central location. You have no visibility into what is going on. No planning, no proactive measures, no incident forensic or root cause analysis!
My favorite open-source logging system is "PHP-SYSLOG-NG" which is based on Syslog-NG and MySQL and now has a new name as "LogZilla". Of course there are so many free and standalone Syslog applications but they do not keep history and no rich filtering and reporting features available on these tools. In the open source world there are also some fantastic tools which can add more value to the logging such as "SWATCH". I have used and manipulated these tools extensively to achieve my ends and still my first choice.
Recently I have been engaged on a project which required a strong logging system and luckily the customer had already a proper logging system in place from a vendor called "Enterasys" and the software is called "SIEM: Security Information Event Manager". In the past I had a chance to evaluate some commercial logging software but this was my first exposure to a commercial logging system which I really loved it and its highly recommended! It comes with all sorts of filtering and reporting options and it gives a bird's eye view on what is going on in the network! Since its commercial you get a nice user interface, easy setup, and rich reporting and filtering features.
NetQoS Network Performance Management
Last week attended "ca technologies" partner workshop training which covered four NetQoS products from their network performance management portfolio as bellow:
- NetQoS NetVoyant
- NetQoS ReportAnalyzer
- NetQoS Application Delivery Analysis (SuperAgent)
- NetQoS Performance Center
NetVoyant:
NetVoyant is the SNMP manager which reports on hardware resource utilization and related statistics such as CPU, RAM, storage, network.
ReportAnalyzer:
ReportAnalyzer is the Netflow collector and reports on all Flows going on in the network.
Application Delivery Analysis (ADA):
Application Delivery Analysis previously called SuperAgent is the module which provides application level performance reports by collecting all packet data using SPAN which is a little bit different from other players in the market working on application monitoring!
NetQoS Performance Center (NPC):
This is the module which brings everything under a single management umbrella and this is what makes it different from other vendors. Just add any number of NetVoyant, ReportAnalyzer, and ADA servers as required to your environment and add them as a data source in NPC to have all the management, monitoring, and reporting in a single interface!
Having extensive experience with Solarwinds, Whatsup, and ManageEngine I can say this was a new and different experience. I still will vote for Solarwinds for its user interface but in terms of scalability I have not seen any other product like NetQoS. This is a product for very large enterprises and service providers with large number of network devices and applications running.
Notepad++ Replacement for Mac?
Every now and then I go for a search to see what the alternatives to the popular and lovely Windows Notepad++ are, and here are some of the alternatives:
- TextWrangler (Free)
- Smultron (Commercial)
- Coda (Commercial)
Personally I think Coda is the best, but since its commercial and I am not an everyday developer I will stay with TextWrangler.