Monday, December 3, 2012
Thursday, November 29, 2012
want #wifi on the beach? @hp has a solution!
http://h30507.www3.hp.com/t5/HP-Networking/Want-a-Wi-Fi-access-point-at-the-beach/ba-p/126485
#sdn #seminar in Sioux Falls, SD with @hp and @mitel
YOU’RE INVITED TO
CHANGE THE RULES OF NETWORKING
WITH DATANET AND HP
GETTING TO THE CLOUD QUICKER!
how Software Defined Networking can help
simplify, scale and automate your network.
Software Defined Networking is an approach to networking
in which control is decoupled from hardware and
given to a software application called a controller. In a
software-defined network, a network administrator can
shape traffic from a centralized control console without
having to touch individual switches. The administrator
can change any network switch’s rules when necessary
-- prioritizing, de-prioritizing or even blocking specific
types of packets with a very granular level of control. This
is especially helpful in a cloud computing multi-tenant
architecture because it allows the administrator to manage
traffic loads in a flexible more efficient manner. Essentially,
this allows the administrator to use less expensive,
commodity switches and have more control over network
traffic flow than ever before.
WEDNESDAY
DECEMBER 12, 2012
10:45 AM to 1:00 PM
Holiday Inn City Centre
100 West Eight Street Sioux
Falls, SD 57104
AGENDA
• 10:45 AM - Registration
• 11:00 AM - 12:30 PM - “Software
Defined Networking” Scott Runyon
• 12:30 PM to 1:00 PM - Lunch & HP
MINI 110 Giveaway
WHAT YOU WILL LEARN:
• What Software Defined Networking
(SDN) is.
• Why embracing an open SDN
ecosystem is a critical success
factor.
• How SDN can deliver scalable,
programmable clouds.
• What steps you can take to begin
deploying cloud applications in
minutes versus months
Please RSVP by emailing: hp@conceptcommusa.com
Speaking will be:
Scott Runyon (HP Networks) has 20 years of experience in the networking industry. Scott’s early days were focused on the movement from mini and mainframe technologies toward client server architectures known as Local Area Networks (LAN’s). Scott has worked with a wide range of clients within the service provider, large enterprise corporate, SMB, and SLED segment.
Wednesday, November 7, 2012
Setting up Authentication on @comware 7
One of the biggest changes to
Comware 7 is the role based users. You can define different user roles and
change what each role has access to from a command perspective. I strongly
recommend reading the following guide:
Below is the “bare bones”
info you need to know to get up and running quickly. For some of you this will
not be anything new. For others, who have not had the experience with the
changes in comware 7 this might help.
For the most part setting up
telnet/ssh with local authentication is very similar. You need to enable ssh or
telnet server. You need to create RSA public key(for ssh) and specify a local
user.
To configure the switch log
in through the console port and enter into the system-view.
Configuration procedure
Prior to configuring switch
access, determine whether telnet or ssh is required. Then only enable the
corresponding server
# Enable telnet or ssh servers
<Switch> system-view
[Switch] telnet server enable
[Switch] ssh server enable
If you are using ssh then
create the public key
# Create a public key
[Switch] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024](enter)
Generating Keys...
+++++++++++++++
++++++++++++++++++++++++
+++
++++++
[Switch]
# Assign an IP address to VLAN
interface 1, the interface connected to the Telnet user.
<Switch> system-view
[Switch] interface vlan-interface 1
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 (Use correct IP
address/mask)
[Switch-Vlan-interface2] quit
# Enable scheme authentication
on user interface
[Switch] user-interface vty 0 15
[Switch-ui-vty0-15] authentication-mode scheme
[Switch-ui-vty0-15] protocol inbound
ssh (If you are
configuring for ssh access. If you use this command you will not be able to
telnet to the device)
[Switch-ui-vty0-15] quit
# Create local user admin and enter its view.
[Switch] local-user admin
# Set a plaintext password admin for the user and enable
displaying this password in cipher text.
[Switch-luser-admin] password simple admin
# Specify service type
[Switch-luser-admin] service-type
telnet or [Switch-luser-user1] service-type ssh
# Assign the user to the network-admin role.
[Switch-luser-admin] authorization-attribute user-role network-admin
By
default, network-admin is specified on the console user interface, and
network-operator
is specified on any other user interface.
Inter
# Configure SNMP community
strings
[Switch]snmp comm read public
[Switch]snmp comm write private
[Switch]snmp sys-info version all
# Configure default route
[Switch]ip route 0.0.0.0 0.0.0.0 192.168.1.1
# Validate network
connectivity
[Switch]ping 4.2.2.2
PING 4.2.2.2: 56 data bytes, press
CTRL_C to break
Reply from 4.2.2.2: bytes=56
Sequence=1 ttl=54 time=89 ms
Reply from 4.2.2.2: bytes=56
Sequence=2 ttl=54 time=156 ms
Reply from 4.2.2.2: bytes=56
Sequence=3 ttl=54 time=73 ms
Reply from 4.2.2.2: bytes=56
Sequence=4 ttl=54 time=74 ms
Reply from 4.2.2.2: bytes=56
Sequence=5 ttl=54 time=74 ms
--- 4.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max =
73/93/156 ms
Display commands
Show line numbers in front of display output
<Sysname> display vlan
999 | by-linenum
Display parts of the configuration
<Sysname> display
current-configuration | begin user-interface
Save display output to a file
<Sysname> display vlan
1 > vlan.txt
Gaining access
Logging in through the console port
By default, you can log in to
a device through the console port. The
authentication mode is none
(no username or password required), and
the user role is
network-admin.
Logging in through Telnet
By default, you cannot log in
to a device through Telnet. To log in
through Telnet, first log in
to the device through the console port and
complete the following
configuration:
1. Enable the Telnet function if necessary. (Telnet is
enabled by
default.)
2. Assign an IP address to a VLAN interface or the
management
Ethernet interface, and make sure that your device and
the Telnet
client can reach each other. (By default, the device
does not have an
IP address.)
3. Configure a password for password authentication,
or change
authentication mode for VTY users and configure
related
parameters. (By default, the authentication mode is
password for
VTY users.)
4. Configure the user role for VTY users
(network-operator by default).
Logging in through SSH
By default, you cannot log in to a device through SSH.
To log in through
SSH, first log in to the device through the console
port, and then
complete the following configuration:
1. Enable the SSH function and configure SSH
attributes. (SSH is
disabled by default.)
2. Assign an IP address to a VLAN interface or the
management
Ethernet interface, and make sure that your device and
the SSH
client can reach each other (by default, your device
does not have
an IP address).
3. Configure the authentication mode of VTY users as
scheme (default
is password).
4. Configure the user role for VTY users
(network-operator by default).
Wednesday, October 31, 2012
Does @cisco have your back? Are they giving you the best price possible?
Apparently in California (home of Cisco) they dont...
http://www.networkworld.com/news/2012/102512-cisco-csu-263711.html?hpg1=bn
http://www.networkworld.com/news/2012/102512-cisco-csu-263711.html?hpg1=bn
Checking #Security #Compliance of your #networking equipment with @hp #imc
Keep in mind for those of you that own HP's IMC: IMC does have a compliance center function built into it that
can check, notify and provide corrective action on configuration errors and
policy verifcation. For example it could be used to determine if the
correct snmp switch hardening configuration was implemented.
For reference on how to
implement check out the great imc video on you tube that covers this very topic
and gives a reference case on how to detect and mitigate incorrect snmp
strings.
Thursday, October 25, 2012
Join @hp in #wisconsin for all business unit update!
Appleton, Madison, Brookfield, and Eau Claire
Here from all of HP...servers, storage, network, software, pcs, printers, and services
http://hpbroadband.com/program.aspx?key=PLJROQDIJG
Here from all of HP...servers, storage, network, software, pcs, printers, and services
http://hpbroadband.com/program.aspx?key=PLJROQDIJG
Monday, October 15, 2012
@hp a-series @cisco command aliases
So..you just cant unlearn all of those cisco cli commands like show or write. Honestly..it is hard jumping on different boxes... even though the industry has adopted pretty much a common cli (except juniper) there are differences. One nice thing you can do on the HP a-series boxes is do command aliases. Type a word and it issues a command. Here are a bunch that some folks like to put on so they dont flub with a cisco command on a hp switch:
command-alias enable
command-alias mapping undo no
command-alias mapping reboot reload
command-alias mapping header banner
command-alias mapping reset clear
command-alias mapping acl access-list
command-alias mapping port switchport
command-alias mapping stp spanning-tree
command-alias mapping snmp-agent snmp-server
command-alias mapping user-interface line
command-alias mapping display show
command-alias mapping undo no
command-alias mapping return end
command-alias mapping quit exit
command-alias mapping sysname hostname
command-alias mapping acl access-list
command-alias mapping save write
command-alias mapping delete erase
command-alias mapping info-center logging
command-alias mapping save wr
Thursday, October 11, 2012
@hp #msr #firewall config example
[MSR_3020]dis cur
#
version 5.20, Release 2105P02, Standard
#
sysname MSR_3020
#
clock timezone cst minus 06:00:00
#
l2tp enable
#
ike local-name h3c
#
firewall enable
firewall default deny
#
domain default enable system
#
dns resolve
dns server 150.199.1.10
#
telnet server enable
#
blacklist enable
#
acl number 2000
description NAT ACL
rule 0 permit source 192.168.1.0 0.0.0.255
acl number 2001
description HTTP ACL
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 permit source 151.104.104.0 0.0.0.255
rule 2 permit source 139.87.8.0 0.0.0.255
rule 5 deny
#
acl number 3000
description TELNET_ACCESS_CONTROL
rule 0 permit ip source 192.168.1.0 0.0.0.255
rule 5 permit ip source 151.104.104.0 0.0.0.255
rule 10 deny ip
rule 10 comment DENY ALL OTHER INPUT OTHER THAN LOCAL LAN AND 3COM
acl number 3200 name Wan_Inbound
description WAN_INBOUND_FILTER
rule 0 permit icmp
rule 5 permit udp destination-port eq 1701
rule 10 permit udp destination-port eq 4500
rule 15 permit tcp destination-port eq 1723
rule 25 permit udp destination-port eq 500
rule 35 permit udp source-port eq 1023
rule 40 permit gre
rule 45 permit 50
rule 50 permit 51
rule 55 permit udp source-port eq 67
rule 60 permit udp source-port eq 68
rule 65 deny udp
rule 70 deny tcp
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 10.10.10.5 10.10.10.10
#
ike peer remote
exchange-mode aggressive
pre-shared-key simple sprigmaster
id-type name
remote-name remote
#
ipsec proposal remote
#
ipsec policy remote 1 isakmp
ike-peer remote
proposal remote
#
dhcp server ip-pool cable
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
dns-list 150.199.1.10
#
aspf-policy 1
detect RTSP
detect SMTP
detect FTP
detect TCP
detect UDP
#
user-group system
#
local-user 3Com
password simple 3com3com123
authorization-attribute level 1
service-type ppp
local-user test
password simple test
authorization-attribute level 1
service-type ppp
#
attack-defense policy 86 interface GigabitEthernet0/1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
l2tp-group 1
mandatory-chap
undo tunnel authentication
allow l2tp virtual-template 0
tunnel name remote
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Serial3/0
link-protocol ppp
#
interface Virtual-Template0
ppp authentication-mode chap domain system
remote address pool 1
ip address 10.10.10.254 255.255.255.0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
description LAN-INTERFACE
ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
description WAN-INTERFACE
firewall packet-filter name Wan_Inbound inbound
firewall aspf 1 outbound
nat outbound 2000
ip address dhcp-alloc
ipsec policy remote
attack-defense apply policy 86
#
nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 192.168.1.253
frequency 270000
#
snmp-agent
snmp-agent local-engineid 8000002B03001EC16FF729
snmp-agent community read hphp
snmp-agent community write hphp123
snmp-agent sys-info contact Network Admin
snmp-agent sys-info location 3Com Lab
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.1.115 params securityname public
undo snmp-agent trap enable voice dial
#
dhcp enable
#
nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
nqa server enable
#
ntp-service unicast-server 132.163.4.101
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
acl 3000 inbound
authentication-mode scheme
#
return
[MSR_3020]
@hp releases new software for K based and KA based switches
K.15.10 and KA.15.10 are now released!
Some highlights:
Openflow
OpenFlow v1.0 support (available prior, but was previously not in the general release train)
OF Matching rules: switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport
OF Actions: Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline
OF Stats: packet & byte counters
OF matches done in hardware with v1 modules: vlan pcp, in port
OF matches done in hardware with v2 modules: specified( vlan id, vlan pcp, in port) not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)
OF matches done in hardware: drop, forward to single port, forward normal, modify vlan, ip tos
CLI Compatability
additional fundamental and display commands have been added that are the same as comware
Other
aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options
Some highlights:
Openflow
OpenFlow v1.0 support (available prior, but was previously not in the general release train)
OF Matching rules: switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport
OF Actions: Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline
OF Stats: packet & byte counters
OF matches done in hardware with v1 modules: vlan pcp, in port
OF matches done in hardware with v2 modules: specified( vlan id, vlan pcp, in port) not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)
OF matches done in hardware: drop, forward to single port, forward normal, modify vlan, ip tos
CLI Compatability
additional fundamental and display commands have been added that are the same as comware
Other
aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options
Congrats! Another person figures out its safe to by @hp #networking
Its really not that hard...not that scary.... and as this new customer figures out, doesnt threaten their network nor their skills sets!
http://www.myteneo.net
http://www.myteneo.net
Wednesday, October 10, 2012
#milwaukee @vmware and @hp event with @arrow please join us!
Hosted at the Harley Davidson Museum in Milwaukee!
Details and registration here!
http://xactlyit.com/emails/vmware/museum/harley/invite.html
Details and registration here!
http://xactlyit.com/emails/vmware/museum/harley/invite.html
@cisco is wavering on SDN like a us politician!!!
Which way is it Cisco? You dont see value in SDN?
http://www.wired.com/wiredenterprise/2012/10/cisco-vcider/
oh wait... you just bought an SDN company....
www.vcider.com
Who's interest are you working in? yours? or your customers? Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it. SDN has been building for five years...and where have they been?
http://www.wired.com/wiredenterprise/2012/10/cisco-vcider/
oh wait... you just bought an SDN company....
www.vcider.com
Who's interest are you working in? yours? or your customers? Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it. SDN has been building for five years...and where have they been?
Tuesday, October 9, 2012
@cisco says @vmware is becoming a competitor
http://www.crn.com/news/networking/240007716/lloyd-vmwares-nicira-deal-a-competitive-threat-to-cisco.htm?cid=rssFeed
So..as this plays out.. where does it put VCE? For that matter...as Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?
The whole partnership they have with these companies just doesnt make sense.
This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.
So..as this plays out.. where does it put VCE? For that matter...as Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?
The whole partnership they have with these companies just doesnt make sense.
This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.
@hp adds #irf to #bladesystem
with the new 6125 series of switches that run comware.
Up to 10 in a cluster!
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
Up to 10 in a cluster!
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
@hp releases new switches for the #bladesystem
The new 6125 switch family is out and is very exciting because it brings the same Comware operating system that we have in the 12500, 10500, 5900, 5800, 5500, 5120 swtiches down into the Bladesystem.
It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
Saturday, October 6, 2012
notably missing from @interop this year @extreme @aruba @dell @juniper @enterasys
HP was there..Cisco was there... Riverbed... F5
Not showing up says a lot.
Not showing up says a lot.
Friday, October 5, 2012
Reason #362 to buy @HPN instead of @cisco
Software licensing for the Cisco Nexus is so complex, they actually publish a 20 page guide just to understand it!
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.pdf
Want a routing protocols? You need a license (even eigrp)
Want some like HP's EVI You need a license (OTV)
Want something like HP Multi-tenant Device Context? You need a license (VDC)
Want MPLS? you need a license.
With HP..all of this is included and you dont need licenses!!!
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.pdf
Want a routing protocols? You need a license (even eigrp)
Want some like HP's EVI You need a license (OTV)
Want something like HP Multi-tenant Device Context? You need a license (VDC)
Want MPLS? you need a license.
With HP..all of this is included and you dont need licenses!!!
Thursday, October 4, 2012
Wednesday, October 3, 2012
Tuesday, October 2, 2012
@networkworld has the leak on @hp #sdn announcements
http://www.networkworld.com/news/2012/100212-hp-sdn-262928.html
Official announcements to come Thursday at Interop in NYC
Official announcements to come Thursday at Interop in NYC
Monday, September 24, 2012
Monday, September 17, 2012
@cisco employees burned out by reorgs
Network World reports:
http://www.networkworld.com/community/node/81314
I've heard the same myself from takling to several people... they dont feel that the layoffs nor reorgs have any rhyme or reason...so they feel demotivated and feel like its time to change jobs.
http://www.networkworld.com/community/node/81314
I've heard the same myself from takling to several people... they dont feel that the layoffs nor reorgs have any rhyme or reason...so they feel demotivated and feel like its time to change jobs.
Wednesday, September 12, 2012
Friday, September 7, 2012
@hp #IMC community sponsored board
Ran across this network management discussion group that focuses on the HP IMC platform
http://www.netopscommunity.net/
http://www.netopscommunity.net/
Friday, August 24, 2012
#epiphany of the day; #sdn and #openflow are like #atm #svc
I know..I'm dating my self. ATM SVC? LOL. That was a techno flop. But... it was a great idea. Create a network that was based on switched point to point circuits. A server and a user could be on a point to point connection with eachother. What today we would call a link-local connection. It really simplifies the world.
The problem with ATM SVC was we weren't that good at network operating systems yet..and ASIC/CPU designs werent powerful enough to handle the speed and number of setup/teardown requests .
SDNs... and specifically Openflow can make this happen. We now will have a SVC like fabric...but built on ethernet. Techno flashback time... LANE was the solution for ATM.. This is better...no SAR process. Just straight ethernet..nice and efficient. No changes in technologies. You can now trick devices into thinking they are on a very very small network. One link-local to the exchange server... another to the lync server... maybe another to a nas server... maybe another to the internet firewall.
I've got thoughts on how this improves security and broadcasts as well. more about that in another blog post.
The problem with ATM SVC was we weren't that good at network operating systems yet..and ASIC/CPU designs werent powerful enough to handle the speed and number of setup/teardown requests .
SDNs... and specifically Openflow can make this happen. We now will have a SVC like fabric...but built on ethernet. Techno flashback time... LANE was the solution for ATM.. This is better...no SAR process. Just straight ethernet..nice and efficient. No changes in technologies. You can now trick devices into thinking they are on a very very small network. One link-local to the exchange server... another to the lync server... maybe another to a nas server... maybe another to the internet firewall.
I've got thoughts on how this improves security and broadcasts as well. more about that in another blog post.
Thursday, August 23, 2012
While the greater @hp was down in Q3, @hpnetworking was up!!!
HP
Networking continued to deliver positive results with revenue growth up 6% year
over year, 10% adjusting for a Q1 divestiture.
Wednesday, August 22, 2012
Tuesday, August 21, 2012
@hpnetworking to show #van at @vmworld
HP
Networking presence at VMworld, San Francisco, 26-30 August [AMS]
HP is a Global Diamond Sponsor at this event, which will feature HPN Virtual Application Network and Data Center Interconnect solutions in demos and theatre sessions in booth 1503 on the show floor. Activities will include a partner reception, roundtables, and one-on-one customer meetings with HP Cloud Advisors, key HP executives, and technical experts.
http://www.vmworld.com/index.jspa
HP is a Global Diamond Sponsor at this event, which will feature HPN Virtual Application Network and Data Center Interconnect solutions in demos and theatre sessions in booth 1503 on the show floor. Activities will include a partner reception, roundtables, and one-on-one customer meetings with HP Cloud Advisors, key HP executives, and technical experts.
http://www.vmworld.com/index.jspa
Friday, August 17, 2012
My thoughts exactly on #sdn and #openflow
http://www.networkworld.com/columnists/2012/081312-sdn.html
Nice guide on @hp @wireless that one of our partners put together
http://www.sourceonetechnology.com/images/MSM_Setup-Rev0_4H.pdf
Wednesday, August 15, 2012
@hp announces multitenant device context #mdc
This is HP's technology for multi tenant across a hardware platform.
http://h17007.www1.hp.com/docs/814/factsheet.pdf
http://h17007.www1.hp.com/docs/814/factsheet.pdf
@hp announces #ethernet virtual interconnect #evi
http://h17007.www1.hp.com/docs/814/factsheet.pdf
A very scalable technology for interconnecting data centers with layer two.
Monday, August 13, 2012
Thursday, August 2, 2012
@hp hires new #CIO @ramonbaez
And he comes to us from Kimberly Clark. This should be very exciting as Ramon has 30+ years experience and will bring some nice customer orientated culture to HP
http://www.bizjournals.com/portland/morning_call/2012/08/hewlett-packard-hires-baez-as-cio.html
http://www.bizjournals.com/portland/morning_call/2012/08/hewlett-packard-hires-baez-as-cio.html
Monday, July 30, 2012
Damh #monkies are showing up everywhere... @chaosmonkey attacks
First was the Video Monkey...then the Network Monkey... now the Chaos Monkey?????
http://www.networkworld.com/news/2012/073012-chaos-monkey-261279.html?hpg1=bn
http://www.networkworld.com/news/2012/073012-chaos-monkey-261279.html?hpg1=bn
Thursday, July 26, 2012
Tuesday, July 24, 2012
#rumor of the day#2: @cisco to divest itself of #UCS
Its a money loser alright. While they've gained some marketshare...it cost a lot of r&d and sales dollars...and...they lost a ton of business to HP and others while they were distracted.
Is #sdn slipping away from @cisco ? @vmware buys @nicira
“VMware
said it will acquire Nicira for $1.05 billion in cash and about $210 million of
assumed unvested equity awards. The company said the acquisition, which is
expected to close in the second half of the year, will position VMware to be
the industry leader in software-defined networking.”
Monday, July 23, 2012
Friday, July 20, 2012
Service Providers check out @cisco #ucs
High cost and inflexibility in configuration are touted by some. Nice article:
http://searchdatacenter.techtarget.com/news/2240146725/Service-providers-trade-Cisco-UCS-for-commodity-gear
http://searchdatacenter.techtarget.com/news/2240146725/Service-providers-trade-Cisco-UCS-for-commodity-gear
Thursday, July 19, 2012
Wednesday, July 18, 2012
Is Leo now consulting with @dell ???
LOL...he must be... Dell is now saying they will probably exit the PC business.
http://news.cnet.com/8301-1001_3-57474036-92/dell-ceo-really-were-not-a-pc-company-anymore/
http://news.cnet.com/8301-1001_3-57474036-92/dell-ceo-really-were-not-a-pc-company-anymore/
Monday, July 16, 2012
#rdma over ethernet #roce
A stronger converged solution than fcoe?
Watch this internet2 talk:
http://events.internet2.edu/2012/jt-stanford/agenda.cfm?go=session&id=10002408&event=1232
RoCE stands for RDMA over Converged Ethernet. Pronounced "Rocky"
Watch this internet2 talk:
http://events.internet2.edu/2012/jt-stanford/agenda.cfm?go=session&id=10002408&event=1232
RoCE stands for RDMA over Converged Ethernet. Pronounced "Rocky"
public network management?
Is there going to be a trend in allowing anyone to see data about your network? Folks like ESNet are actually allowing guests to view most of the data about their network
Interesting internet data out of the @stanford #pinger project
You can see their whole project here:
http://www-iepm.slac.stanford.edu/pinger/
but, I was impressed with seeing the data on the google explorer tool:
http://www.google.com/publicdata/explore?ds=nc650op6n4i1l_&ctype=l&strail=false&bcs=d&nselm=h&met_y=average_rtt#ctype=b&strail=false&bcs=d&nselm=s&met_y=throughput&scale_y=log&ind_y=false&met_x=average_rtt&scale_x=log&ind_x=false&dimp_c=country:region&met_s=population&ifdim=country&hl=en&dl=en
http://www-iepm.slac.stanford.edu/pinger/
but, I was impressed with seeing the data on the google explorer tool:
http://www.google.com/publicdata/explore?ds=nc650op6n4i1l_&ctype=l&strail=false&bcs=d&nselm=h&met_y=average_rtt#ctype=b&strail=false&bcs=d&nselm=s&met_y=throughput&scale_y=log&ind_y=false&met_x=average_rtt&scale_x=log&ind_x=false&dimp_c=country:region&met_s=population&ifdim=country&hl=en&dl=en
Friday, July 6, 2012
@cisco lost 2.8% points of market share this last quarter in #switching
And HP gained 2.4% of those points!!!!
New #hp #imc module... Application Performance Module rocks!
HP just added a new purchasable module to IMC... Application Performance Module... it allows you to dive in an trend/track application specific parameters on devices. Simple things like if port 8080 is open..or slightly more specific like Active Directory. Here's a few screens shots
Thursday, July 5, 2012
RACL/VACL/PACL Notes for #hpn and #cisco
Thanks for Bob Wong for putting this together:
E-series
|
A-series
|
Cisco
|
|
RACL
|
Applied to vlan interface
controls routed traffic in/out |
Applied to vlan interface or port
Controls routed traffic in/out
|
Applied to vlan interface
controls routed traffic in/out
|
VACL
|
Applied to vlan interface
ip-access group … vlan (implicit deny at end)
controls all traffic within and out VLAN, not in
To create approximation of Cisco VACL, also add outbound
RACL on vlan interface
|
Applied to vlan interface
Packet-filter (implicit permit at end)
Controls all routed traffic in and out of all ports in
the VLAN, not switched
To create approximation of Cisco VACL, use inbound PACL
instead
|
Access-list
Vlan-access map
vlan filter
Controls within, out, routed into the VLAN
from another VLAN
|
PACL
|
Applied to port
Controls traffic in, not out
|
Applied to port
controls traffic in/out |
Applied to port
controls traffic in/out |
Thursday, June 28, 2012
Wednesday, June 27, 2012
Friday, June 22, 2012
Monday, June 18, 2012
Thursday, June 14, 2012
@cisco yet again...a follower..this time in #sdn
Well..by now you know my bent...so why even read the post? Well... there is a point...have some patience...
Cisco just released their strategy for SDNs. You can read up many places...check out Light Reading's article:
http://www.lightreading.com/document.asp?doc_id=221921&f_src=lrdailynewsletter
Cisco has always been a follower... it started out with multi-processor routers (wellfleet was first) and then went to switches (kalpana, grand junction, synoptics, cabletron, etc) and many other product lines.
You might argue, so what...they were not a leader in switching and then became one. While true...there are other factors and I'd suggest that the forces that put Cisco together arent there today. The market has changed and from talking to the VCs I know... for the last years, hardware has been out of vogue. Software is in. Why? Huge returns. And why is that important.. money is going to dump into the market and in a big way to develop network architectures based on just software to build the overlays. I could launch a SDN startup today probably with just $600k or so and quickly build a solution. You could never do that with hardware solution...I'd need $30-60M. (on the low side) So... expect to see a lot of interesting innovation.
I'm also skeptical about Cisco and how they are attacking this. First off..they broke with how they always have launched these efforts... the infamous five phase product launch that mysteriously is always launched in phase 2... giving the illusion they had been planning this all along. I think Cisco has the jitters and is not acting rashly.
Lastly... an API? Really? Not to say that HP is not bringing out APIs, we are. But..they have their place. They are for customers that deeply need to control their network...typically service providers and ultra large scale data centers. The bulk of the market doesnt want this..nor needs...nor could even take advantage of it. They want a controller based solution and orchestration software that allows them to drag and drop deploy networks, applications,and security. They want speed... they want to deploy with more control with less staff. This is fail for Cisco.
While I get why Cisco is going the API route... if they convince customers...those customers are locked into Cisco. Its yet another EIGRP, RPVST, CDP, VTP, SCCP, etc in their back pocket...its not the way the market wants to head. They want better control..and they want commodization of the market.
Cisco just released their strategy for SDNs. You can read up many places...check out Light Reading's article:
http://www.lightreading.com/document.asp?doc_id=221921&f_src=lrdailynewsletter
Cisco has always been a follower... it started out with multi-processor routers (wellfleet was first) and then went to switches (kalpana, grand junction, synoptics, cabletron, etc) and many other product lines.
You might argue, so what...they were not a leader in switching and then became one. While true...there are other factors and I'd suggest that the forces that put Cisco together arent there today. The market has changed and from talking to the VCs I know... for the last years, hardware has been out of vogue. Software is in. Why? Huge returns. And why is that important.. money is going to dump into the market and in a big way to develop network architectures based on just software to build the overlays. I could launch a SDN startup today probably with just $600k or so and quickly build a solution. You could never do that with hardware solution...I'd need $30-60M. (on the low side) So... expect to see a lot of interesting innovation.
I'm also skeptical about Cisco and how they are attacking this. First off..they broke with how they always have launched these efforts... the infamous five phase product launch that mysteriously is always launched in phase 2... giving the illusion they had been planning this all along. I think Cisco has the jitters and is not acting rashly.
Lastly... an API? Really? Not to say that HP is not bringing out APIs, we are. But..they have their place. They are for customers that deeply need to control their network...typically service providers and ultra large scale data centers. The bulk of the market doesnt want this..nor needs...nor could even take advantage of it. They want a controller based solution and orchestration software that allows them to drag and drop deploy networks, applications,and security. They want speed... they want to deploy with more control with less staff. This is fail for Cisco.
While I get why Cisco is going the API route... if they convince customers...those customers are locked into Cisco. Its yet another EIGRP, RPVST, CDP, VTP, SCCP, etc in their back pocket...its not the way the market wants to head. They want better control..and they want commodization of the market.
Wednesday, June 13, 2012
Tuesday, June 12, 2012
#DLDP is HP's feature set similiar to #UDLD
Sometimes, unidirectional links may appear in networks. On a unidirectional link, one end can receive packets from the other end but the other end cannot. Unidirectional links result in problems such as loops in an STP-enabled network.
The Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair. On detecting a unidirectional link, DLDP can shut down the related port automatically or prompt users to take measures as configured to avoid network problems.As a data link layer protocol, DLDP cooperates with physical layer protocols to monitor the link status of a switch. The auto-negotiation mechanism provided by physical layer protocols detects physical signals and faults. DLDP, however, performs operations such as identifying peer switches, detecting unidirectional links, and shutting down unreachable ports. The cooperation of physical layer protocols and DLDP ensures that physical/logical unidirectional links be detected and shut down. For a link with the switches on the both sides of it operating properly, DLDP checks whether the cable is connected correctly and whether packets can be exchanged between the two switches. This is beyond the capability of the auto-negotiation mechanism at the physical layer.
DLDP can operate in two modes: normal mode and enhanced mode, as described below.
The Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair. On detecting a unidirectional link, DLDP can shut down the related port automatically or prompt users to take measures as configured to avoid network problems.As a data link layer protocol, DLDP cooperates with physical layer protocols to monitor the link status of a switch. The auto-negotiation mechanism provided by physical layer protocols detects physical signals and faults. DLDP, however, performs operations such as identifying peer switches, detecting unidirectional links, and shutting down unreachable ports. The cooperation of physical layer protocols and DLDP ensures that physical/logical unidirectional links be detected and shut down. For a link with the switches on the both sides of it operating properly, DLDP checks whether the cable is connected correctly and whether packets can be exchanged between the two switches. This is beyond the capability of the auto-negotiation mechanism at the physical layer.
DLDP can operate in two modes: normal mode and enhanced mode, as described below.
l In normal DLDP mode, when an entry timer expires, the switch removes the corresponding neighbor entry and sends an Advertisement packet with RSY tag.
l In enhanced DLDP mode, when an entry timer expires, the Enhanced timer is triggered and the switch sends up to eight Probe packets at a frequency of one packet per second to test the neighbor. If no Echo packet is received from the neighbor when the Echo timer expires, the switch transits to the Disable state.
Configuration procedure
1) Configuration on Device A
# Enable DLDP on GigabitEthernet2/0/1 and GigabitEthernet 2/0/2 separately.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] dldp enable
[DeviceA-GigabitEthernet2/0/1] quit
[DeviceA] interface gigabitethernet 2/0/2
[DeviceA-GigabitEthernet2/0/2] dldp enable
[DeviceA-GigabitEthernet2/0/2] quit
# Set the interval for sending Advertisement packets to 6 seconds.
[DeviceA] dldp interval 6
# Set the DelayDown timer to 2 seconds.
[DeviceA] dldp delaydown-timer 2
# Set the DLDP mode as enhanced mode.
[DeviceA] dldp work-mode enhance
# Set the port shutdown mode as auto mode.
[DeviceA] dldp unidirectional-shutdown auto
# Enable DLDP globally.
[DeviceA] dldp enable
2) Configuration on Device B
Configure Device B as you configure Device A.
3) Verifying the configurations
You can use the display dldp command to display the DLDP configuration information on ports.
# Display the DLDP configuration information on all the DLDP-enabled ports of Device A.
[DeviceA] display dldp
DLDP global status : enable
DLDP interval : 6s
DLDP work-mode : enhance
DLDP authentication-mode : none
DLDP unidirectional-shutdown : auto
DLDP delaydown-timer : 2s
The number of enabled ports is 2.
Interface GigabitEthernet2/0/1
DLDP port state : disable
DLDP link state : down
The neighbor number of the port is 0.
Interface GigabitEthernet2/0/2
DLDP port state : disable
DLDP link state : down
The neighbor number of the port is 0.
The output information indicates that both GigabitEthernet2/0/1 and GigabitEthernet2/0/2 are in Disable state and the links are down, which means unidirectional links are detected and the two ports are thus shut down.
Correct the fiber connections after detecting the problem, and perform the following operations:
# Reset DLDP state for the ports shut down by DLDP.
[DeviceA] dldp reset
# Display the DLDP configuration information on all the DLDP-enabled ports of Device A.
[DeviceA] display dldp
DLDP global status : enable
DLDP interval : 6s
DLDP work-mode : enhance
DLDP authentication-mode : none
DLDP unidirectional-shutdown : auto
DLDP delaydown-timer : 2s
The number of enabled ports is 2.
Interface GigabitEthernet2/0/1
DLDP port state : advertisement
DLDP link state : up
The neighbor number of the port is 1.
Neighbor mac address : 0000-0000-0101
Neighbor port index : 59
Neighbor state : two way
Neighbor aged time : 11
Interface GigabitEthernet2/0/2
DLDP port state : advertisement
DLDP link state : up
The neighbor number of the port is 1.
Neighbor mac address : 0000-0000-0102
Neighbor port index : 59
Neighbor state : two way
Neighbor aged time : 11
The output information indicates that both GigabitEthernet2/0/1 and GigabitEthernet2/0/2 are in the Advertisement state and the links are up, which means unidirectional links are not detected and the two ports are restored.
Subscribe to:
Posts (Atom)