Friday, June 24, 2011

Configuring DHCP Snooping on #HP #E-Series Switches

All here in this PDF.

#Ralph Nader goes after #Cisco & #John Chambers

Nader Kindles Fires of Revolt
Wall Street Journal, 06/24 , Susan Pulliam

Ralph Nader, the scourge of American business and onetime presidential candidate, has found his next corporate demon: Cisco Systems Inc.
Mr. Nader isn't calling for a router recall or claiming the company's networks are unsafe at any speed. Instead, he wants the tech company to pay a bigger dividend to boost its shares.
The consumer advocate's motives are far from altruistic. He is a longtime disgruntled Cisco investor who called the company's share performance "appalling." In a private letter to Cisco Chief Executive John Chambers sent June 13, Mr. Nader blasted the CEO for not doing enough to lift shares of the technology company and said "it is time for a long overdue Cisco shareholder revolt against a management that is oblivious to building or even maintaining shareholder value," according to the letter.
In 4 p.m. Nasdaq Stock Market composite trading Thursday, Cisco's shares rose 11 cents, or 0.7%, to $15.47. They are down nearly a third in the past year and are off 75% from their all-time, tech-bubble high. In comparison, the Nasdaq Composite index is down about 48% from its all-time high in March 2000.
Among the specific actions Mr. Nader suggested in the letter are the distribution of a one-time dividend of $1 a share and an increase in Cisco's annual dividend to 50 cents from 24 cents.
"If they can't give shareholders value, then they have to give cash," Mr. Nader said in an interview this week, adding that the company's stock has plummeted even though its profits generally were on the rise until recently.
Cisco, like many big tech companies, has been accumulating cash despite its weak growth. It holds $43 billion in cash, nearly half of its market value.
A Cisco spokeswoman said the company welcomes input from shareholders and added that the company is considering "capital allocation and returns to our shareholders," but declined to discuss specifically whether a dividend increase or one-time payout are on the table. She added that all but about $5 billion of the company's cash represents foreign earnings, which would be subject to taxes if the funds were brought back to the U.S.
The 77-year-old Mr. Nader, who rose to fame in the 1960s on his claims that American automobiles were unsafe, admitted the letter is a departure from his typical antibusiness stance. He said he has been an "adversary of corporate capitalism," but he is a believer in capitalism, so long as shareholders have a voice. He wrote the letter to Mr. Chambers, he said, because he objects to the "powerlessness of owner shareholders."
It has been a long and painful ride for Mr. Nader as a Cisco shareholder, he said. He first bought Cisco shares in 1995 at an adjusted price of $7 and currently owns 18,000 shares, he said. In 2000, his Cisco stake was valued at $1 million, about one-third of his $3 million portfolio. As Cisco's share price swooned in the years that followed, it has represented a smaller slice of his overall investment portfolio, which he said still is valued at about $3 million. At Thursday's closing price, his stake is valued at $278,460.
Even if Cisco adopted the changes he suggests, Mr. Nader would stand to gain only $27,000, including the first year's increase in the annual dividend on his 18,000-share stake in the company. "Just think of what people who have been loyal to them have endured," he said. "It's absurd." He said he personally didn't sell his Cisco stake because he thought the shares would rebound.
Cisco rose to dominance in the computer networking-gear business in the late 1990s but has struggled to regain its luster in recent years. The company made a string of acquisitions to keep up with the pace of change in the business but now suffers from a bloated sales force and stiff competition from Asia and smaller competitors, analysts and investors have said.
In May, Cisco reported an 18% drop in profit for its most recent quarter and the stock has slid from under $18 to its current level, despite assurances by Mr. Chambers in a call with investors that the company was overhauling its business model and cutting $1 billion in costs.
Mr. Nader launched his first major battle against a big company in 1965 when he published "Unsafe at Any Speed," which criticized the safety record of American cars. He and his followers have since gone after nuclear-power plants, nursing homes and industrial polluters.
Mr. Nader's letter to Mr. Chambers follows one he sent last October, in which he called for a dividend. Mr. Chambers wrote back and said he appreciated Mr. Nader's feedback. This year, Cisco instituted its 24-cent-a-share annual dividend. The spokeswoman said the dividend was under consideration before Mr. Nader's October letter.
Mr. Nader said he isn't going away any time soon. He said he talked to other investors and they are equally unhappy.
"They may be ready to organize, judging by the ones with whom I have spoken and by some comments made privately and publicly to the press," he said in the letter. He also said he plans to try to enlist investor Carl Icahn, who has in recent years taken up the mantle of activist investor through a hedge fund. Mr. Icahn didn't return calls for comment. "I think next year's shareholder meeting will be a hot time in Silicon Valley," Mr. Nader said.

Thursday, June 9, 2011

Brad Reese attacked by #Cisco Lawyers!

http://bradreese.com/blog/6-6-2011.htm

INSTRUCTIONS HOW TO CHANGE SQL PASSWORD FOR DATABASE USED BY IMC

INSTRUCTIONS HOW TO CHANGE SQL PASSWORD FOR DATABASE USED BY IMC.

IMC is unable to recognise some non-alphanumeric characters in SQL database password, for example %. In this case, the IMC log will show the error ‘login failed’. It is necessary to modify the SQL password for IMC to gain full access to the SQL database.

-       Change SQL Password in SQL database
-       Use Deployment Monitoring Agent to modify SQL password used by IMC.

Full description of steps.

  1. Change SQL password in SQL
Start -> Run-> cmd
 sqlcmd 
 sp_password @old = null, @new = '3commypwd1',  @loginame ='sa'
 go
quit


  1. Click environment tab in Deployment Monitoring Agent and change password to new one.


  1. Stop jserver process and then start it, Right click on jserver, select stop process, wait until the status is stopped, then start process






HP NQA - HTTP Test

nqa entry admin http
 type http
  destination ip 140.147.249.7
  history-record enable
  url /index.html

nqa schedule admin http start-time now lifetime forever



The display results:



[labrack-b-labgw]dis nqa res admin http
  NQA entry(admin admin, tag http) test results:
    Destination IP address: 140.147.249.7
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 214/214/214
      Square-Sum of round trip time: 45796
      Last succeeded probe time: 2007-01-02 05:57:52.4
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:


[labrack-b-labgw]dis nqa his admin http
  NQA entry(admin admin, tag http) history record(s):
    Index      Response     Status           Time
    1          296          Succeeded        2007-01-02 06:00:10.0




HP NQA - DHCP server test

nqa entry admin dhcp
 type dhcp
  history-record enable
  operation interface Ethernet0/0

nqa schedule admin dhcp start-time now lifetime forever

and display for it:


[labrack-b-labgw]dis nqa res admin dhcp
  NQA entry(admin admin, tag dhcp) test results:
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 1033/1033/1033
      Square-Sum of round trip time: 1067089
      Last succeeded probe time: 2007-01-02 05:25:11.6
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:

[labrack-b-labgw]dis nqa his admin dhcp
  NQA entry(admin admin, tag dhcp) history record(s):
    Index      Response     Status           Time
    1          1033         Succeeded        2007-01-02 05:25:11.6

HP NQA - DNS Test

NQA can test resolution of a DNS server:

nqa entry admin dns
type dns
destination ip 4.2.2.2
resolve-target google.com
history-record enable
quit

and the current results:


[labrack-b-labgw]dis nqa res admin dns
  NQA entry(admin admin, tag dns) test results:
    Destination IP address: 4.2.2.2
      Send operation times: 1              Receive response times: 1
      Min/Max/Average round trip time: 19/19/19
      Square-Sum of round trip time: 361
      Last succeeded probe time: 2007-01-02 05:22:26.3
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and history:

[labrack-b-labgw]dis nqa his admin dns
  NQA entry(admin admin, tag dns) history record(s):
    Index      Response     Status           Time
    1          19           Succeeded        2007-01-02 05:22:26.3


HP NQA - ICMP test

Network Quality Analyzer (NQA) analyzes network performance, services and service quality through
sending test packets, and provides you with network performance and service quality parameters
such as delay jitter, TCP connection delay, FTP connection delay and file transfer rate.

With the NQA test results, you can:
1) Know network performance in time and then take corresponding measures.
2) Diagnose and locate network faults.


At present, NQA supports ten test types: ICMP echo, DHCP, DNS, FTP, HTTP, UDP jitter, SNMP, TCP,
UDP echo and DLSw.

In an NQA test, the client sends different types of test packets to the peer to detect the availability and
the response time of the peer, helping you know protocol availability and network performance based
on the test results.

If I want to just send ICMP from one device to another, continuously...

nqa client enable



nqa entry admin icmp
 type icmp-echo
  destination ip 68.191.191.242
  frequency 5000
  history-record enable
  history-record number 10
  probe count 10
  probe timeout 500

 nqa schedule admin icmp start-time now lifetime forever

and here is what a display looks like:

[labrack-b-labgw]display nqa res admin icmp
  NQA entry(admin admin, tag icmp) test results:
    Destination IP address: 68.191.191.242
      Send operation times: 10             Receive response times: 10
      Min/Max/Average round trip time: 2/3/2
      Square-Sum of round trip time: 65
      Last succeeded probe time: 2007-01-02 05:11:02.7
    Extended results:
      Packet lost in test: 0%
      Failures due to timeout: 0
      Failures due to disconnect: 0
      Failures due to no connection: 0
      Failures due to sequence error: 0
      Failures due to internal error: 0
      Failures due to other errors: 0
      Packet(s) arrived late: 0

and using the history:

[labrack-b-labgw]dis nqa hist admin icmp
  NQA entry(admin admin, tag icmp) history record(s):
    Index      Response     Status           Time
    1070       2            Succeeded        2007-01-02 05:11:32.7
    1069       3            Succeeded        2007-01-02 05:11:32.7
    1068       2            Succeeded        2007-01-02 05:11:32.7
    1067       2            Succeeded        2007-01-02 05:11:32.7
    1066       2            Succeeded        2007-01-02 05:11:32.7
    1065       3            Succeeded        2007-01-02 05:11:32.7
    1064       2            Succeeded        2007-01-02 05:11:32.7
    1063       2            Succeeded        2007-01-02 05:11:32.7
    1062       2            Succeeded        2007-01-02 05:11:32.7
    1061       3            Succeeded        2007-01-02 05:11:32.7



Wednesday, June 8, 2011

HP IP Tunneling (aka GRE) Availability

ipv4 & ipv6 tunnels

MSR
a5800
a9500
a12500
a6600
a8800

ipv6 tunnels only


a5500
a7500

IPv4 over IPv4 (classic gre) tunnel config for MSR

<RouterA> system-view
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet1/1] quit

[RouterA] interface serial 2/0
[RouterA-Serial2/0] ip address 2.1.1.1 255.255.255.0
[RouterA-Serial2/0] quit
[RouterA] interface tunnel 1
[RouterA-Tunnel1] ip address 10.1.2.1 255.255.255.0
[RouterA-Tunnel1] tunnel-protocol ipv4-ipv4
[RouterA-Tunnel1] source 2.1.1.1
[RouterA-Tunnel1] destination 3.1.1.1
[RouterA-Tunnel1] quit
[RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1

􀁺 Configuration on Router B

<RouterB> system-view
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 10.1.3.1 255.255.255.0
[RouterB-Ethernet1/1] quit
[RouterB] interface serial 2/1
[RouterB-Serial2/1] ip address 3.1.1.1 255.255.255.0
[RouterB-Serial2/1] quit
[RouterB] interface tunnel 2
[RouterB-Tunnel2] ip address 10.1.2.2 255.255.255.0
[RouterB-Tunnel2] tunnel-protocol ipv4-ipv4
[RouterB-Tunnel2] source 3.1.1.1
[RouterB-Tunnel2] destination 2.1.1.1
[RouterB-Tunnel2] quit
[RouterB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2

Tuesday, June 7, 2011

Virtual Connect and HP A-Series switches (A5820) IRF Integration Guide

Virtual Connect and HP A-Series switches (A5820) IRF
Integration Guide

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02843088/c02843088.pdf

HP A5800 IRF is better than Cat3750-X Stackwise because of following reasons

A5800 IRF is better than Cat3750-X Stackwise because of following reasons




1)      Can be used in Access, Aggregation, Distribution, Core or Data Center Layer
A5800-IRF can be used in Access, Aggregation, Distribution or Data Center; Cat3750-X Stackwise can only be used in Access layer.
This is because of the fact that there are performance limitations on Cat3750-X which will prohibit one from any other usage besides access/campus layer.
Here are some key limitations of Cat3750-X


Cat3750-X
A5800
Performance
160Gbps
280 Gbps
Total VLAN
1005 VLANs
4094 VLANS
Max # of MAC Entries
4K (Access Mode)
32K
Max # of Routing Entries
6K (Access Mode)
16K
Max # of GE Copper Ports
48
80
Max # of GE Fiber Ports
4
32
Max # of 10GE
2
8
           
In fact, as per Cisco switch positioning guide http://www.cisco.com/en/US/products/hw/switches/index.html#N2549C4
Cat4948 is much better than Cat3750-X for aggregation/distribution/Core/DC usage, but it does not support Stacking. Hence you lose all the advantages of Stacking

2)      Merge two layers (access + aggregation/distribution) into one layer
With A5800-IRF you can merge two layers (access + aggregation/distribution/Core) into one layer; this is very difficult in Cat3750-X Stackwise because of Layer 3 functionality limitations
A5800-IRF provides all Layer 3 functionality which is needed in an aggregation/distribution/core layer. Some of the key functionalities which are missing in Cat3750-X Stackwise are
-          Rapid Convergence Via Bi-Directional Forwarding Detection (BFD) RFC 5880 – Not supported on Cat3750-X Stackwise
-          MPLS
-          Campus-to-Campus or DC-to-DC Extension Via VPLS
-          Layer 2 Segmentation via VPLS ; Cisco Stackwise uses Private-VLAN which does not scale beyond layer 2 domain and is proprietary


3)      Cable limitations
Cat3750-X Stackwise needs a special cable and this limits its deployment. A5800-IRF uses normal ports on the switch to connect to other members in the group. This provides flexibility in terms of cable distances and member-to-member bandwidth


Cat3750-X Stackwise
A5800 IRF
Cable Type
Special Cable
Any GE/10GE Copper or Fiber cable will do
Max Cable Distance
150 Centimeters
Up to 70 Kms
Max Bandwidth between members
64 Gbps RX, 64 Gbps TX
Up to 80Gbps RX, 80 Gbps TX


4)      Licensing Costs
With Cat3750-X Stackwise you cannot mix and match a LAN-Base license with any other members in the stack. Thus one is either forced to have a dumb Layer-2 only Stack or have all members upgrade to at least IP-Base license. This adds to the cost significantly. More details on - http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933.html
With A5800-IRF there are no premium licenses; Base level license has all the functionality

5)      Stack Management
A5800-IRF is managed by a robust tool called Intelligent Management Center (IMC). Cisco Stackwise needs LAN Management System tool. There are several limitations with Cisco Stackwise Management


Cisco LMS
HP Networking IMC
Ability to manage all devices from Same company
No ; Only LAN switches ; Need to purchase other tools
Yes ; All HP Networking Devices
Ability to manage devices from other vendors
No ; Only Cisco Switches
Yes ; Can manage 2000 different devices including Cisco, JNPR, FDRY etc
FCAPS (Fault, Configure, Accounting, Performance, Security) Compliant
No
Yes
Performance Monitoring
No Netflow on Cat3K
Yes


Reference Material

HPN EOS Announcements

Curious as to what products have been EOS?  Here's a web page that gives you all the info:

http://h17007.www1.hp.com/us/en/products/eos/index.aspx?tab=tab_all_products

Friday, June 3, 2011

Forrester says "Smartnet is dead"

SMARTnet Is dead. Long live the lifetime warranty!

Thank you HP for making other vendors raise their game



http://blogs.computerworlduk.com/infrastructure-and-operations/2011/06/-smartnet-is-dead-long/

Thursday, June 2, 2011

John Chambers was the 9th Highest Paid CEO last year...but has delivered -1% shareholder return!

No wonder I sold all my stock long ago...

http://www.forbes.com/lists/2011/12/ceo-compensation-11_John-T-Chambers_736O.html

Cisco customers stop buying because Cisco Intimidates them!

Interesting articile in Bloomberg:

http://www.bloomberg.com/news/2011-06-02/cisco-rivals-woo-customers-with-price-cuts-less-intimidation-.html?cmpid=yhoo

RRPP - Single Ring Config

If you want to read up on the basics of RRPP please go here.

RRPP is our implementation of EAPS...you can read here.

RRPP is a ethernet ring based topology that does not use STP.  Here's a simple config for a single ring.  One device must be the master and the other nodes in the ring can be transient nodes.  The master config


rrpp domain 1
 control-vlan 4000
 protected-vlan reference-instance 0
 fast-detection enable
 timer fast-fail-timer 300
 timer fast-hello-timer 100
 ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet2/0/1 level 0
 ring 1 enable
#
 rrpp enable

The primary & secondary ports must be setup as "trunks".

Transit node config:


rrpp domain 1
 control-vlan 4000
 protected-vlan reference-instance 0
 ring 1 node-mode transit primary-port GigabitEthernet1/0/31 secondary-port GigabitEthernet1/0/32 level 0
 ring 1 enable
#
rrpp enable


In the future, I'll post some more advanced configs.  One in particular that would be worth trying is vlan load sharing within RRPP.



Cisco drops 4.9% points of market share...HP gains 3% points!!!

HP, Juniper win as switch sales drop during Q1, says Canalys
IDG/Network World, Also appeared in Computerworld, TechWorld, 06/1 , Mikael Ricknäs

Though price competition and a weak public sector made the first three months of 2011 difficult for Ethernet switch vendors, Hewlett-Packard and Juniper Networks still managed to increase sales and market share, according to data from market research company Canalys.
Overall revenue was down 8.8 percent year-on-year in the first quarter to US$4.6 billion, even though vendors sold more ports. A key factor behind this development was aggressive competition between market leader Cisco Systems and challengers HP and Juniper, according to Canalys.
Cisco is still the largest Ethernet switch vendor by a large margin. But the company has been struggling lately, and its market share in terms of revenue fell from 73.1 percent a year ago to 68.2 percent.
Cisco is facing intense pressure on both its core switch and overall enterprise networking businesses, according to Matthew Ball, director of Enterprise Services at Canalys. But the company isn't going to sit back and see its market share continue to erode, and shouldn't be underestimated, he said.
HP, which acquired 3Com in 2010, increased its market share in revenue from 11.1 percent to 14.1 percent year-over-year, thanks to strong performances in Europe, the Middle East and Africa as well as Asia Pacific.
Juniper also increased revenue market share, from 1.8 percent to 2.4 percent, thanks to the growing momentum of its EX family of switches. It is now the third largest Ethernet switch vendor. A sales increase helped it grow past Brocade, which is now in fourth place. Brocade's market share was the same as last year, 2.2 percent.
Fifth place D-Link also did well, but on a smaller scaler, expanding its market share from 1.3 percent to 1.6 percent.
From a technology point of view, the continuing growth in 10-Gigabit Ethernet port shipments marked the first quarter's bright spot, with a 70 percent year-on-year increase.

Mac Address limiting

So, you want to limit the number of mac addresses on a ethernet port to say two. One for a phone and one for the PC.  Pretty easy to do on HP a-series:


….globally…

port-security enable
port-security timer autolearn aging 30
port-security trap intrusion
port-security timer disableport 30

...at the interface level….
port-security max-mac-count 2
port-security port-mode autolearn
port-security intrusion-mode disableport-temporarily


The switch will auto-learn the first two mac-addresses it sees on the port and then if someone insert a third device, it will disallow it and, as well, disable the port for 30 seconds.  (damn users!)