Monday, December 5, 2011

#Network #Fallacies


1. The network is reliable.
2. Latency is zero.
3. Bandwidth is infinite.
4. The network is secure.
5. Topology doesn't change.
6. There is one administrator.
7. Transport cost is zero.
8. The network is homogeneous.

http://www.rgoarchitects.com/Files/fallacies.pdf

Monday, November 28, 2011

#RBC says attrition is high at #Cisco


.      Cisco continues to face ongoing attrition with many Cisco employees leaving for competitors. RBC Capital Markets analyst Mark Sue released a research note this week in which he writes “competitors seem to be hiring away Cisco engineers at a high rate.” Sue claims that Cisco’s restructuring is causing rifts within their organization.

Thursday, November 17, 2011

Is your #network fragile?

Was thinkng this morning about comments ive gotten sometimes from customers about not wanting to risk their network with a second vendor.

That there was risk in doing so.

Here's my question im going to start asking back.  If there is risk...Is that because your network is fragile?  Why do you have a solution from a vendor that is so fragile..It cant interop?  The risk then isnt with having two vendors...Its with the one you have.

Friday, November 11, 2011

Revenue down in several key areas at #Cisco

#MotleyFool says 3 Strikes against #Cisco

#PVST+ now in #HP switches


HPN
stp mode pvst
stp vlan 1 102 to 103 root primary
stp enable

interface GigabitEthernet2/9/0/34
port link-mode bridge
description Test STP to Cat6509
port link-type trunk
port trunk permit vlan 1 10 20 102 to 103
link-delay 0
sflow sampling-rate 512
 sflow flow collector 1
sflow counter interval 2
sflow counter collector 1

[12508_DC_CORE_IRF]display stp brief
 VLAN      Port                         Role  STP State     Protection
    1      GigabitEthernet2/9/0/34      DESI  FORWARDING    NONE
   10      Bridge-Aggregation1          DESI  FORWARDING    NONE
   10      Bridge-Aggregation2          DESI  FORWARDING    NONE
   20      Bridge-Aggregation1          DESI  FORWARDING    NONE
   20      Bridge-Aggregation2          DESI  FORWARDING    NONE
  102      GigabitEthernet1/9/0/30      DESI  FORWARDING    NONE
  102      GigabitEthernet2/9/0/34      DESI  FORWARDING    NONE
  103      GigabitEthernet2/9/0/34      DESI  FORWARDING    NONE
[12508_DC_CORE_IRF]

With “display stp vlan X” you can see the same result.


Cisco
spanning-tree mode pvst
spanning-tree vlan 1,102,103 root secondary

interface GigabitEthernet7/33
description Test STP to HPN12500
 switchport
switchport mode trunk
switch trunk allow vlan 1,10,20,102,103

Monday, October 31, 2011

Puss in Boots movie powered by #HP

"DreamWorks chose HP Networking solutions includingHP 12508 and 5800 series switches, HP Networking Intelligent Management Center, and HP Intelligent Resilient Framework to provide improved levels of network performance while simplifying network management across the studio’s scalable 10G WAN/LAN environment."


http://www.hp.com/hpinfo/newsroom/press/2011/111026xa.html

Listen to the #PacketPushers podcast interview of #HPN

#HP #Networking for Dummies Book

Good Questions to ask when designing a #DataCenter #Network

I appreciate the thoughts in this blog on good questions to ask when designing a data center network

Practice Test's for #HP #Networking #MASE

Thursday, October 27, 2011

#HP to keep #PSG (Personal Systems Group)

While not directly effecting the networking group here at HP... it certainly is good as HP is very big on component sharing between hardware products. This keeps our products more cost effective against our competition.

One big fallacy that our competitors try to score with... HP make a cheaper product. No, sorry, we dont, we use a lot of the same components that Cisco does... we're just bigger than they are...we buy more.. and we get a better discount than they do!!!

http://h30261.www3.hp.com/phoenix.zhtml?c=71087&p=irol-newsArticle&ID=1622848&highlight=

Wednesday, October 19, 2011

#JohnChambers makes $12.9M Is he worth it?

The stock continues to plunge, customers leave in drove, employees are rif'ed,  upper management is leaving in droves.

Is he worth it?  No.  But as long as John stays at Cisco..it probably means competitors have a better chance of winning.  

#HPN supports 2000 10gb connections in a core data center switch

With the announcement at Interop of four chassis IRF for the 12500 family it means that we can have 2048 10gb connections in one system with one cam, one fib. One config.


Wednesday, October 5, 2011

#HP announced Four Chassis IRF in the #12500 chassis

#HP announced 48port #10gb ToR switch Four #40gb uplinks

#Cisco feels #HP is a competitor in #networking

As soon as you start the hear the subjective arguments... the "slams" based on incorrect facts... the poorly thought out arguments...it normally means... Cisco is scared.   Check out the internal memo that Network World has posted:

http://www.networkworld.com/community/blog/cisco-memo-slams-hp-strategy?source=NWWNLE_nlt_cisco_2011-10-05

Even the fact that Network World has the leaked memo says reams about Cisco.  I know many people still working there... they are disillusioned.  The guys that are long term employees are milking it until they retire.  The young guys... are struggling trying to figure out how to sell the convoluted, very complex marketecture that Cisco has.

Tuesday, September 27, 2011

#HPN updates #ProVision software with several high end features


Provision software release K.15.06.0006 has been posted on the web for download.  This release contains several key features for the ProVision switches such as

  •  BGP
  • PBR
  • Uplink Failure Detect
  • 6in4 tunneling
  • MLDv2



This is really huge for current and future customers as many of these features are only found in higher end products.  HP continues to include as many features as possible in our base software contrary to how most of our competitors charge you extra for.

https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J8697A&lang=en&cc=us&prodSeriesId=1827663

#RightNow is the best time ever to be a buyer of #ethernet switching as #HP drives costs down

HP is really making an impact by driving down costs of ethernet switching.  So says an article...

http://www.channelweb.co.uk/crn-uk/news/2111989/cisco-hp-turf-war-hits-switching-asps

Monday, September 26, 2011

#HPN 3800 Access Layer is better than #Cisco & #Juniper

Tolly just released a great report working through several comparison points comparing the HP 3800 series with the Cisco 3750x and Juniper EX4200.

Line rate from 64bytes to 9k frames
Latency from 3usec to 12usec  (from 50-100% faster than CSCO & JNPR)
Over Double the number of 10gb interfaces in a stack
From 8x to 25x more buffering capability than CSCO & JNPR
10% greater power efficiency than CSCO or JNPR in a stack or standalone
Over three years that efficient can save a customer from ~$300 to ~$800 per stack !!!

http://www.tolly.com/DocDetail.aspx?DocNumber=211127

#FCOE funny math

Check out this blog post from Cisco.

http://blogs.cisco.com/datacenter/3-for-2-the-fcoe-bandwidth-bonus/

It suggest that FCOE gives 50% greater bandwidth than 8gb FC.  While...theoretically true..its not in practice.

Here's why not..simple..not a long argument.  While I can transit FCOE at 10gb between server across a FCOE network... at the other end I can only hook up to 8gb FC compliant storage.  So..even if FCOE is more efficient and has more bandwidth, I can only talk to the end devices at 8gb.  This is especially true because FC is all about token credits..you can only send to me what I allow you to.  And...you cant buffer.  End result... no more throughput than your storage system has.

16gb FC is the next generation.  There are no converged adapters for 16gb FC yet.  So..for now that means 16gb FC is faster than 10gb FCOE.

Hence the problem with FCOE... its always going to be this disjointed architecture.

ISCSI today supports 10gb ethernet... it can utilize multi LAG 10gb...it can utilize 40gb.  It scales and it doesnt have the issues that FCOE has.

Thursday, September 22, 2011

#FlatterNetworks from #HP not only save on network costs, but server costs as well

I loved the articile from The Register talking about how networks need to become flatter.

Here's why... we already believe that networks have too many tiers.  Modern devices today can deliver both L2 & L3 functionality at a reasonable cost.  Also, we can deliver switching platforms with high density 1gb and 10gb ports.  The reason to have three or four tiers disappears.

The benefit to the customer... somewhat obvious.  You bought less equipment.  You have less oversubscription.  Your latency drops.

But..there are benefits that most dont realize.  Multi-tier architectures have greater latency...right?   With federated applications there is a great amount of server to server traffic.  Added latency in the network is multiplied and amplified.  sort of like that famous bridge in Washington that vibrated itself to death.

If I have 5-10ms of extra latency between devices..and a single user transaction means several servers working togetether...than every transaction can have many extra ms of latency.  The app starts to slow down.

But more imporant...what is a server doing while its waiting for return traffic from another server?  Nothing.  That means idle clock cycles on servers.. and less server utilization.  Multi-tier networks will require you to have more servers than you need.

And some customer are probably masking this problem as well by buying faster cpus, more cache, SSDs, or caching systems.  Costs also amplify we use other products to try to mask a bad network architecture.

   

#TheRegister weighs in on flatter networks

Tuesday, September 20, 2011

Overview of Cisco Nexus

#Cisco #UCS #Fallacy

http://www.networkworld.com/community/blog/cisco-claims-7400-ucs-customers-august?source=nww_rss

Does Cisco really have 7400 customers?  How many of those "customers" actually choose UCS?  and how many got some free units bundled into a networking deal?  How many of those 7400 bought UCS just to host CallManager?

My educated guess?  Less than 1,000 actually bought and paid real money to deploy UCS for a non-Cisco application.

Where's the vision #Cisco?

Cisco, what is your Vision?  Do you have one?  If you do...I think if you went to a shrink and tried to explain it..he would declare that you have multiple personalities.

Your latest announcement is VxLAN

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=467114

but how does a mac in udp tunnelling scheme jive with FCoE?

how does VxLAN jive with OTV?

how does VxLAN jive with FabricPath?

how does any of this jive with LISP?

I'm pulling my hair out thinking about it...


#TACACS on #HP #MSR #Router


=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.05.10 21:22:23 =~=~=~=~=~=~=~=~=~=~=~=
disp	
<HYD-HSA>display curr	
<HYD-HSA>display current-configuration 
#
 version 5.20, Release 1809P01
#
 sysname HYD-HSA
#
 domain default enable test
#
 telnet server enable
#
 dar p2p signature-file flash:/p2p_default.mtd
#
 port-security enable
#
 hwtacacs nas-ip 172.16.78.1
#
vlan 1
#
hwtacacs scheme test
 primary authentication (Tacacs Server IP)
 primary authorization (Tacacs Server IP)
 primary accounting (Tacacs Server IP)
 key authentication (Tacacs Server Key)
 key authorization (Tacacs Server Key)
 key accounting (Tacacs Server Key)
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
domain test
 authentication login hwtacacs-scheme test
 authorization login hwtacacs-scheme test
 accounting login hwtacacs-scheme test
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
local-user admin
 password cipher .]@USE=B,53Q=^Q`MAF4<1!!
 authorization-attribute level 3
 service-type telnet
  ---- More ----                #
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Ethernet0/0
 port link-mode route
 ip address 10.237.60.2 255.255.255.252
#
interface Ethernet0/1
 port link-mode route
 ip address 172.16.78.1 255.255.255.192
#
interface Serial0/0
 link-protocol ppp
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 10.237.60.1
#
 load xml-configuration
#
 load tr069-configuration
  ---- More ----                #
user-interface aux 0
user-interface vty 0 4
 authentication-mode scheme
#
return
<HYD-HSA>

Is your network safe? #IPV6 might create new issues

Monday, September 19, 2011

#Tolly puts out a report on #HP #WLAN #MSM

http://tolly.com/DocDetail.aspx?DocNumber=211122

and reviews our current MSM controllers/software and 460/466 access points

#FCOE is the next #TokenRing


I think in 10 years we’re all going to be at a bar recounting funny technologies like FCOE…and for those of us that have been through this before…   I predict that FCOE will be lumped into the same category as Token Ring.

Yet another overly complex technology  that will not be very multi-vendor compatible that was more expensive than competing technologies and didn’t have a well defined path to higher performance.

#FCoE vs #ISCSI a #deathcage match

So much at stack... so many different opinions...  I love this tongue in cheek post...

http://datacenteroverlords.com/2011/09/14/fibre-channel-and-ethernet-the-odd-couple/

Crude...but pretty accurate.

FCOE is a solution looking for someone that likes overly complicated expensive architectures.

FCOE is this decades Token Ring.  

#NVGRE Network Virtualization without any new protocols?

#VxLAN will it suceed or #fail ?

Etherealmind doesnt think so...

http://etherealmind.com/top-5-things-vxlan-fail/

Please comment to let me know what you think....

Monday, September 12, 2011

#ComWare DHCP Option 43 with #HP E-MSM WLAN Solutions


ComWare DHCP Option 43 with HP E-MSM WLAN Solutions

Four discovery methods are available. The following table summarizes their
features and recommended applications.

If controlled APs are behind a firewall or NAT device.

Discovery is performed whenever an AP:
 Is restarted (or reset to factory defaults)
 Loses connectivity with its controller
 Is removed and rediscovered using an action on the Controlled APs >>
Overview > Discovered APs page.


Unprovisioned APs

Once an unprovisioned AP has received its IP address from a DHCP server, it
attempts to discover a controller using the following methods, in order:
 UDP broadcast
 DHCP
 DNS

When configured as DHCP client (which is the factory default setting for all APs),
an AP can obtain the IP addresses of controllers on the network from any DHCP
server configured to support the Colubris Vendor Class (DHCP option 43).
Note: If you have two (2) or more E-MSM Controllers, the AP will only connect to
one (1) controller at a time based on the priority listing. In the event that the EMSM
AP loses its connectivity to the active controller, discovery process is
performed again.
Green=1000Mbps, Yellow =10/100Mbps
SYS
RPS
SLOT1
SFP+
49 50 51 52
Green=10Gbps, Yellow=1Gbps
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
10/100/1000Base-T
Duplex: Green=Full Duplex, Yellow=Half Duplex PoE: Green=Delivering Power, Yellow=Fault, Flashing Gren=Over Budget
H3C S5800 Series
Mode
Green=Speed
Yellow=Duplex
Unit
Flashing=PoE


1. These are the assumptions that we will be using in our
config example using two (2) E-MSM Controllers.
E-MSM Controller #1 192.168.1.12 (hex C0A8 010C)
E-MSM Controller #2 192.168.1.13 (hex C0A8 010D)
Subnet – 192.168.5.0/255.255.255.0
Domain Name – cinci.rr.com
DNS servers – 209.18.47.62
Gateway – 192.168.5.1
#
dhcp enable
#
dhcp server ip-pool 192.168.5.0-net
network 192.168.5.0 mask 255.255.255.0
gateway-list 192.168.5.1
dns-list 209.18.47.62
domain-name cinci.rr.com
option 43 hex 0108 C0A8010C C0A8010D

Notes:
01 - Colubris option code 1 as defined in the DHCP server
08 - Option code 1 is 8 bytes long which are the IP addresses of the controller in
hex C0A8010C & C0A80CD


2. These are the assumptions that we will be using in our
config example using two (3) E-MSM Controllers.
E-MSM Controller #1 192.168.1.12 (hex C0A8 010C)
E-MSM Controller #2 192.168.1.13 (hex C0A8 010D)
E-MSM Controller #2 192.168.1.14 (hex C0A8 010E)
Subnet – 192.168.5.0/255.255.255.0
Domain Name – cinci.rr.com
DNS servers – 209.18.47.62
Gateway – 192.168.5.1
#
dhcp enable
#
dhcp server ip-pool 192.168.5.0-net
network 192.168.5.0 mask 255.255.255.0
gateway-list 192.168.5.1
dns-list 209.18.47.62
domain-name cinci.rr.com
option 43 hex 010C C0A8010C C0A8010D C0A8010E
Notes:
01 - Colubris option code 1 as defined in the DHCP server
0C - Option code 1 is 12 bytes long which are the IP addresses of the controller
in hex C0A8010C, C0A8010D & C0A8010E

The MSM controller can handle up to five (5) IP addresses for IP
provisioning.

If there is a DNS Server lists defined on the DHCP IP pool, the AP(S) will try to
connect first via DNS before sending unicast packets to each individual controller
sent via DHCP. The AP appends the default domain name returned by a DHCP
server (when it assigns an IP address to the AP) to the controller name.
 cnsrv1.<domain-name>
 cnsrv2.<domain-name>
 cnsrv3.<domain-name>
 cnsrv4.<domain-name>
 cnsrv5.<domain-name>

#PDS to build a cloud data center here in #Milwaukee

One of HP's largest resellers in Wisconsin is about to roll out a large cloud  based data center...

http://www.jsonline.com/business/129626778.html

Wednesday, August 31, 2011

#NetworkTest has put out a report on #HP 's #IRF technology

#HP releases new deep buffer #ToR switch, the #A5830AF-48G part #JC691A

Deep 1gb buffers.  (48) ports of 1gbe with (4) 10gb uplink ports.  Just 1RU.  Redundant fans & power.  Reversible airflow.

Another interesting paper on #iSCSI vs. #FCOE

#Google #Namebench is a DNS benchmarking utility

Found this nice tool today for benchmarking DNS servers... especially good for helping you make choice as to which external DNS servers you should resolve to:

http://code.google.com/p/namebench/

HP Seminar Series

HP has a series of networking orientated webinars coming up.  Sign up here!

http://www2.ibtalk.net/index.php?cmp=mtx_pre_registration&PHPSESSID=23f153dfc5cc7f3db32b8634a8fac4ae

Wednesday, August 3, 2011

Nice article on how to build #greenfield #data centers

Thought I would share as the author shares my views on the over hyping of large L2 domains.  Cisco & Brocade are certainly pushing this agenda


And no surprise...both of these companies have absolutely hitched their future on one technology. FCOE.  And to do FCOE, you need large L2 domains.  

So...funny because back when I was at Cisco in the 90's, we fought against and beat another company, Cabletron, that was very focused on selling large L2 networks.  Remember Secure Fast Switching?  Yeah..complete failure!!!!


#Cisco makes too much margin... a recent customer example

Or... they are just scared.

We're involved a campus refresh for a large enterprise customer.  Its just one of their campus...5 buildings...maybe a couple of thousands ports. Not big, not small.

Cisco is going to "give away for free" (2) Cisco Telepresence systems and a starter UCS system.

But..Mr. Cisco, why not just offer me switching products at comparable prices to the competition?  I already use  HP for servers and Polycom for video conferencing... so this gear is just going to sit in a warehouse.  I'd much rather just get the switching products for a fair price.

But... unfortunately when you have margins on products of over 60% and you want to protect those margins..that is what you do.  Cisco..the market is changing!

Friday, July 22, 2011

#HPN supports #VRRP load balancing

Say you have determined that you need resiliency for a L3 default gateway.  VRRP comes to the rescue. But, typical VRRP implemtations means that only one of thoes routers will forward packets. That seems like a waste having a box sit there and doesnt accept traffic until failure of the other box.

No problem...there are advancements to VRRP that allow that second router...or 3rd or 4th to also accept traffic. And...there is no funny business with having to setup multiple VRRP groups and multiple default gateway ip addresses and do manual load balancing.


In load balancing mode, VRRP provides load balancing in addition to virtual gateway redundancy by
mapping a virtual IP address to multiple virtual MAC addresses to assign each router in a VRRP group
one virtual MAC address. In this way, each router in this VRRP group can respond to ARP requests in an
IPv4 network or ND requests in an IPv6 network from corresponding hosts, so that different hosts can
send packets to different routers, and each router in the VRRP group can forward packets. In load
balancing mode, you need to create only one VRRP group to balance load among multiple routers,
instead of allowing one router to bear the load and other routers stay idle.


When VRRP works in load balancing mode, the master assigns virtual MAC addresses to the routers in
the VRRP group and answers the ARP requests or ND requests from different hosts. The backup routers,
however, do not answer the ARP requests or ND requests from the hosts.
Assume that a VRRP group works in an IPv4 network. The following describes how the load balancing
mode works:
1. The master assigns virtual MAC addresses to the routers—including the master itself and the
backups—in the VRRP group. For example, as shown in Figure 35, the virtual IP address of the
VRRP group is 10.1.1.1/24; Router A is the master; Router B and Router C are the backups. Router
A assigns 000f-e2ff-0011 to itself, and 000f-e2ff-0012 to Router B.


2. Upon receiving an ARP request destined for the virtual IP address of the VRRP group from a host,
the master, based on the load balancing algorithm, uses a corresponding virtual MAC address to
answer the ARP request. For example, as shown Figure 36, when Host A sends an ARP request to
retrieve the MAC address of gateway 10.1.1.1, the master—Router A, after receiving the request,
returns the virtual MAC address of Router A to Host A; when Host B sends an ARP request to
retrieve the MAC address of gateway 10.1.1.1, the master, after receiving the request, returns the
virtual MAC address of Router B to Host B.


3.  Different hosts send packets to different routers according to the requested virtual MAC addresses.
For example, as shown in Figure 37, Host A regards the virtual MAC address of Router A as the
gateway MAC address, so it sends packets to Router A for forwarding; Host B regards the virtual
MAC address of Router B as the gateway MAC address, so it sends packets to Router B for
forwarding.

quick example:


<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 1/0/5
[SwitchA-vlan2] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0
[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110
[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5


<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-Vlan2] port gigabitethernet 1/0/5
[SwitchB-vlan2] quit
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0
[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

and to check its state:


[SwitchA-Vlan-interface2] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : None
141
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1

and on the other switch:


[SwitchB-Vlan-interface2] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 202.38.160.111
Master IP : 202.38.160.1

#HPN #A10500 information now available on the hp.com website

http://h17007.www1.hp.com/us/en/whatsnew/10500/10500.aspx

Wednesday, July 20, 2011

#HPN E-Series Mac-Auth with Radius backend

aaa authentication port-access eap-radius
aaa authentication web-based peap-mschapv2
aaa accounting update periodic 1
aaa accounting network start-stop radius
aaa accounting exec start-stop radius
aaa accounting system start-stop radius
radius-server host 10.10.50.12 key 'xxx'
aaa port-access authenticator active
aaa port-access mac-based 15
aaa port-access mac-based 15 addr-limit 2
aaa port-access mac-based 15 auth-vid 50
aaa port-access mac-based 15 unauth-vid 1
aaa port-access web-based 13
aaa port-access web-based 13 client-limit 2
aaa port-access web-based 13 ssl-login
aaa port-access web-based 13 redirect-url "
http://www.procurve.com"
aaa port-access web-based 13 auth-vid 50
aaa port-access web-based 13 unauth-vid 1

#Dell to Buy #Force10 .... #HPN still stronger solution

Dell is trying to mimic HP in building a strong data center solution.

HP has put together the strongest porfolio...it was already king of servers, it added on 3par, and 3com/h3c.

But...Dell...is not king of servers...bought a nice player Force10...and two other storage companies: compellant and equallogic.

Honestly... I think Dell's practice of buying 2 & 3rd tier players is not a winning play.

http://techcrunch.com/2011/07/20/dell-to-buy-data-center-solutions-provider-force10-networks/

#Intel Buying Ethernet Chip Maker #Fulcrum Microsystems

This is interesting... and I suspect will be very good for industry as hopefully Intel will drive down prices of high end networking asics

http://www.eweek.com/c/a/IT-Infrastructure/Intel-Buying-Ethernet-Chip-Maker-Fulcrum-Systems-661149/

Wednesday, July 13, 2011

#Wisconsin school district goes with #HPN and Shoretel

And saves considerably over #CSCO

http://www.networkworld.com/news/2011/041111-shoretel-voip-kaukauna.html?page=2

Tuesday, July 12, 2011

#CSCO to elimnate 10,000 jobs

John Chambers is partying like its two thousand and one.... that was the last really really big layoff.

http://www.reuters.com/article/2011/07/12/cisco-jobs-idUSL3E7IC05120110712

For being touted..or is it self-touted as a great leader... why does this keep happening?  I'll tell you.
The problem is all John.  It's John's ego that has the best of him, the best of those 10,000 employees, and the best of two many stock investors that wrongly listened to John.  No wonder Cisco is now a corporate villian.

For over the last decade, CSCO has enjoyed 70+% margins.  But..if you were a stock investor, you lost money.
John runs the company not for the stock holders..but for his own ego.

Time to go John.

#CSCO loses 5.8% marketshare, #HPN gains 2.5%!

So reports CRN magazine

http://www.crn.com/news/networking/231001334/hp-touts-share-gains-in-networking-war-with-cisco.htm?itc=refresh

Monday, July 11, 2011

Who is #2 in Worldwide Router market share?

It would surprise you...as I'm thinking the name you had in mind starts with a J...

Nope... its HP!

HP has it both in units and in revenue!

In revenue, HP is 5.5% and Juniper is 5.3%.

In units, HP is 10.3% and Juniper is 1.9%.

OneAccess and Adtran both sell more in units than Juniper does.

Friday, June 24, 2011

Configuring DHCP Snooping on #HP #E-Series Switches

All here in this PDF.

#Ralph Nader goes after #Cisco & #John Chambers

Nader Kindles Fires of Revolt
Wall Street Journal, 06/24 , Susan Pulliam

Ralph Nader, the scourge of American business and onetime presidential candidate, has found his next corporate demon: Cisco Systems Inc.
Mr. Nader isn't calling for a router recall or claiming the company's networks are unsafe at any speed. Instead, he wants the tech company to pay a bigger dividend to boost its shares.
The consumer advocate's motives are far from altruistic. He is a longtime disgruntled Cisco investor who called the company's share performance "appalling." In a private letter to Cisco Chief Executive John Chambers sent June 13, Mr. Nader blasted the CEO for not doing enough to lift shares of the technology company and said "it is time for a long overdue Cisco shareholder revolt against a management that is oblivious to building or even maintaining shareholder value," according to the letter.
In 4 p.m. Nasdaq Stock Market composite trading Thursday, Cisco's shares rose 11 cents, or 0.7%, to $15.47. They are down nearly a third in the past year and are off 75% from their all-time, tech-bubble high. In comparison, the Nasdaq Composite index is down about 48% from its all-time high in March 2000.
Among the specific actions Mr. Nader suggested in the letter are the distribution of a one-time dividend of $1 a share and an increase in Cisco's annual dividend to 50 cents from 24 cents.
"If they can't give shareholders value, then they have to give cash," Mr. Nader said in an interview this week, adding that the company's stock has plummeted even though its profits generally were on the rise until recently.
Cisco, like many big tech companies, has been accumulating cash despite its weak growth. It holds $43 billion in cash, nearly half of its market value.
A Cisco spokeswoman said the company welcomes input from shareholders and added that the company is considering "capital allocation and returns to our shareholders," but declined to discuss specifically whether a dividend increase or one-time payout are on the table. She added that all but about $5 billion of the company's cash represents foreign earnings, which would be subject to taxes if the funds were brought back to the U.S.
The 77-year-old Mr. Nader, who rose to fame in the 1960s on his claims that American automobiles were unsafe, admitted the letter is a departure from his typical antibusiness stance. He said he has been an "adversary of corporate capitalism," but he is a believer in capitalism, so long as shareholders have a voice. He wrote the letter to Mr. Chambers, he said, because he objects to the "powerlessness of owner shareholders."
It has been a long and painful ride for Mr. Nader as a Cisco shareholder, he said. He first bought Cisco shares in 1995 at an adjusted price of $7 and currently owns 18,000 shares, he said. In 2000, his Cisco stake was valued at $1 million, about one-third of his $3 million portfolio. As Cisco's share price swooned in the years that followed, it has represented a smaller slice of his overall investment portfolio, which he said still is valued at about $3 million. At Thursday's closing price, his stake is valued at $278,460.
Even if Cisco adopted the changes he suggests, Mr. Nader would stand to gain only $27,000, including the first year's increase in the annual dividend on his 18,000-share stake in the company. "Just think of what people who have been loyal to them have endured," he said. "It's absurd." He said he personally didn't sell his Cisco stake because he thought the shares would rebound.
Cisco rose to dominance in the computer networking-gear business in the late 1990s but has struggled to regain its luster in recent years. The company made a string of acquisitions to keep up with the pace of change in the business but now suffers from a bloated sales force and stiff competition from Asia and smaller competitors, analysts and investors have said.
In May, Cisco reported an 18% drop in profit for its most recent quarter and the stock has slid from under $18 to its current level, despite assurances by Mr. Chambers in a call with investors that the company was overhauling its business model and cutting $1 billion in costs.
Mr. Nader launched his first major battle against a big company in 1965 when he published "Unsafe at Any Speed," which criticized the safety record of American cars. He and his followers have since gone after nuclear-power plants, nursing homes and industrial polluters.
Mr. Nader's letter to Mr. Chambers follows one he sent last October, in which he called for a dividend. Mr. Chambers wrote back and said he appreciated Mr. Nader's feedback. This year, Cisco instituted its 24-cent-a-share annual dividend. The spokeswoman said the dividend was under consideration before Mr. Nader's October letter.
Mr. Nader said he isn't going away any time soon. He said he talked to other investors and they are equally unhappy.
"They may be ready to organize, judging by the ones with whom I have spoken and by some comments made privately and publicly to the press," he said in the letter. He also said he plans to try to enlist investor Carl Icahn, who has in recent years taken up the mantle of activist investor through a hedge fund. Mr. Icahn didn't return calls for comment. "I think next year's shareholder meeting will be a hot time in Silicon Valley," Mr. Nader said.

Thursday, June 9, 2011

Brad Reese attacked by #Cisco Lawyers!

http://bradreese.com/blog/6-6-2011.htm

INSTRUCTIONS HOW TO CHANGE SQL PASSWORD FOR DATABASE USED BY IMC

INSTRUCTIONS HOW TO CHANGE SQL PASSWORD FOR DATABASE USED BY IMC.

IMC is unable to recognise some non-alphanumeric characters in SQL database password, for example %. In this case, the IMC log will show the error ‘login failed’. It is necessary to modify the SQL password for IMC to gain full access to the SQL database.

-       Change SQL Password in SQL database
-       Use Deployment Monitoring Agent to modify SQL password used by IMC.

Full description of steps.

  1. Change SQL password in SQL
Start -> Run-> cmd
 sqlcmd 
 sp_password @old = null, @new = '3commypwd1',  @loginame ='sa'
 go
quit


  1. Click environment tab in Deployment Monitoring Agent and change password to new one.


  1. Stop jserver process and then start it, Right click on jserver, select stop process, wait until the status is stopped, then start process






HP NQA - HTTP Test

nqa entry admin http
 type http
  destination ip 140.147.249.7
  history-record enable
  url /index.html

nqa schedule admin http start-time now lifetime forever



The display results:



[labrack-b-labgw]dis nqa res admin http
  NQA entry(admin admin, tag http) test results:
    Destination IP address: 140.147.249.7
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 214/214/214
      Square-Sum of round trip time: 45796
      Last succeeded probe time: 2007-01-02 05:57:52.4
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:


[labrack-b-labgw]dis nqa his admin http
  NQA entry(admin admin, tag http) history record(s):
    Index      Response     Status           Time
    1          296          Succeeded        2007-01-02 06:00:10.0




HP NQA - DHCP server test

nqa entry admin dhcp
 type dhcp
  history-record enable
  operation interface Ethernet0/0

nqa schedule admin dhcp start-time now lifetime forever

and display for it:


[labrack-b-labgw]dis nqa res admin dhcp
  NQA entry(admin admin, tag dhcp) test results:
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 1033/1033/1033
      Square-Sum of round trip time: 1067089
      Last succeeded probe time: 2007-01-02 05:25:11.6
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:

[labrack-b-labgw]dis nqa his admin dhcp
  NQA entry(admin admin, tag dhcp) history record(s):
    Index      Response     Status           Time
    1          1033         Succeeded        2007-01-02 05:25:11.6

HP NQA - DNS Test

NQA can test resolution of a DNS server:

nqa entry admin dns
type dns
destination ip 4.2.2.2
resolve-target google.com
history-record enable
quit

and the current results:


[labrack-b-labgw]dis nqa res admin dns
  NQA entry(admin admin, tag dns) test results:
    Destination IP address: 4.2.2.2
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 19/19/19
      Square-Sum of round trip time: 361
      Last succeeded probe time: 2007-01-02 05:22:26.3
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:

[labrack-b-labgw]dis nqa his admin dns
  NQA entry(admin admin, tag dns) history record(s):
    Index      Response     Status           Time
    1          19           Succeeded        2007-01-02 05:22:26.3


HP NQA - ICMP test

Network Quality Analyzer (NQA) analyzes network performance, services and service quality through
sending test packets, and provides you with network performance and service quality parameters
such as delay jitter, TCP connection delay, FTP connection delay and file transfer rate.

With the NQA test results, you can:
1) Know network performance in time and then take corresponding measures.
2) Diagnose and locate network faults.


At present, NQA supports ten test types: ICMP echo, DHCP, DNS, FTP, HTTP, UDP jitter, SNMP, TCP,
UDP echo and DLSw.

In an NQA test, the client sends different types of test packets to the peer to detect the availability and
the response time of the peer, helping you know protocol availability and network performance based
on the test results.

If I want to just send ICMP from one device to another, continuously...

nqa client enable



nqa entry admin icmp
 type icmp-echo
  destination ip 68.191.191.242
  frequency 5000
  history-record enable
  history-record number 10
  probe count 10
  probe timeout 500

 nqa schedule admin icmp start-time now lifetime forever

and here is what a display looks like:

[labrack-b-labgw]display nqa res admin icmp
  NQA entry(admin admin, tag icmp) test results:
    Destination IP address: 68.191.191.242
      Send operation times: 10             Receive response times: 10
      Min/Max/Average round trip time: 2/3/2
      Square-Sum of round trip time: 65
      Last succeeded probe time: 2007-01-02 05:11:02.7
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and using the history:

[labrack-b-labgw]dis nqa hist admin icmp
  NQA entry(admin admin, tag icmp) history record(s):
    Index      Response     Status           Time
    1070       2            Succeeded        2007-01-02 05:11:32.7
    1069       3            Succeeded        2007-01-02 05:11:32.7
    1068       2            Succeeded        2007-01-02 05:11:32.7
    1067       2            Succeeded        2007-01-02 05:11:32.7
    1066       2            Succeeded        2007-01-02 05:11:32.7
    1065       3            Succeeded        2007-01-02 05:11:32.7
    1064       2            Succeeded        2007-01-02 05:11:32.7
    1063       2            Succeeded        2007-01-02 05:11:32.7
    1062       2            Succeeded        2007-01-02 05:11:32.7
    1061       3            Succeeded        2007-01-02 05:11:32.7



Wednesday, June 8, 2011

HP IP Tunneling (aka GRE) Availability

ipv4 & ipv6 tunnels

MSR
a5800
a9500
a12500
a6600
a8800

ipv6 tunnels only


a5500
a7500

IPv4 over IPv4 (classic gre) tunnel config for MSR

<RouterA> system-view
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet1/1] quit

[RouterA] interface serial 2/0
[RouterA-Serial2/0] ip address 2.1.1.1 255.255.255.0
[RouterA-Serial2/0] quit
[RouterA] interface tunnel 1
[RouterA-Tunnel1] ip address 10.1.2.1 255.255.255.0
[RouterA-Tunnel1] tunnel-protocol ipv4-ipv4
[RouterA-Tunnel1] source 2.1.1.1
[RouterA-Tunnel1] destination 3.1.1.1
[RouterA-Tunnel1] quit
[RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1

􀁺 Configuration on Router B

<RouterB> system-view
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 10.1.3.1 255.255.255.0
[RouterB-Ethernet1/1] quit
[RouterB] interface serial 2/1
[RouterB-Serial2/1] ip address 3.1.1.1 255.255.255.0
[RouterB-Serial2/1] quit
[RouterB] interface tunnel 2
[RouterB-Tunnel2] ip address 10.1.2.2 255.255.255.0
[RouterB-Tunnel2] tunnel-protocol ipv4-ipv4
[RouterB-Tunnel2] source 3.1.1.1
[RouterB-Tunnel2] destination 2.1.1.1
[RouterB-Tunnel2] quit
[RouterB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2

Tuesday, June 7, 2011

Virtual Connect and HP A-Series switches (A5820) IRF Integration Guide

Virtual Connect and HP A-Series switches (A5820) IRF
Integration Guide

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02843088/c02843088.pdf

HP A5800 IRF is better than Cat3750-X Stackwise because of following reasons

A5800 IRF is better than Cat3750-X Stackwise because of following reasons




1)      Can be used in Access, Aggregation, Distribution, Core or Data Center Layer
A5800-IRF can be used in Access, Aggregation, Distribution or Data Center; Cat3750-X Stackwise can only be used in Access layer.
This is because of the fact that there are performance limitations on Cat3750-X which will prohibit one from any other usage besides access/campus layer.
Here are some key limitations of Cat3750-X


Cat3750-X
A5800
Performance
160Gbps
280 Gbps
Total VLAN
1005 VLANs
4094 VLANS
Max # of MAC Entries
4K (Access Mode)
32K
Max # of Routing Entries
6K (Access Mode)
16K
Max # of GE Copper Ports
48
80
Max # of GE Fiber Ports
4
32
Max # of 10GE
2
8
           
In fact, as per Cisco switch positioning guide http://www.cisco.com/en/US/products/hw/switches/index.html#N2549C4
Cat4948 is much better than Cat3750-X for aggregation/distribution/Core/DC usage, but it does not support Stacking. Hence you lose all the advantages of Stacking

2)      Merge two layers (access + aggregation/distribution) into one layer
With A5800-IRF you can merge two layers (access + aggregation/distribution/Core) into one layer; this is very difficult in Cat3750-X Stackwise because of Layer 3 functionality limitations
A5800-IRF provides all Layer 3 functionality which is needed in an aggregation/distribution/core layer. Some of the key functionalities which are missing in Cat3750-X Stackwise are
-          Rapid Convergence Via Bi-Directional Forwarding Detection (BFD) RFC 5880 – Not supported on Cat3750-X Stackwise
-          MPLS
-          Campus-to-Campus or DC-to-DC Extension Via VPLS
-          Layer 2 Segmentation via VPLS ; Cisco Stackwise uses Private-VLAN which does not scale beyond layer 2 domain and is proprietary


3)      Cable limitations
Cat3750-X Stackwise needs a special cable and this limits its deployment. A5800-IRF uses normal ports on the switch to connect to other members in the group. This provides flexibility in terms of cable distances and member-to-member bandwidth


Cat3750-X Stackwise
A5800 IRF
Cable Type
Special Cable
Any GE/10GE Copper or Fiber cable will do
Max Cable Distance
150 Centimeters
Up to 70 Kms
Max Bandwidth between members
64 Gbps RX, 64 Gbps TX
Up to 80Gbps RX, 80 Gbps TX


4)      Licensing Costs
With Cat3750-X Stackwise you cannot mix and match a LAN-Base license with any other members in the stack. Thus one is either forced to have a dumb Layer-2 only Stack or have all members upgrade to at least IP-Base license. This adds to the cost significantly. More details on - http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933.html
With A5800-IRF there are no premium licenses; Base level license has all the functionality

5)      Stack Management
A5800-IRF is managed by a robust tool called Intelligent Management Center (IMC). Cisco Stackwise needs LAN Management System tool. There are several limitations with Cisco Stackwise Management


Cisco LMS
HP Networking IMC
Ability to manage all devices from Same company
No ; Only LAN switches ; Need to purchase other tools
Yes ; All HP Networking Devices
Ability to manage devices from other vendors
No ; Only Cisco Switches
Yes ; Can manage 2000 different devices including Cisco, JNPR, FDRY etc
FCAPS (Fault, Configure, Accounting, Performance, Security) Compliant
No
Yes
Performance Monitoring
No Netflow on Cat3K
Yes


Reference Material