Thursday, November 29, 2012

want #wifi on the beach? @hp has a solution!

http://h30507.www3.hp.com/t5/HP-Networking/Want-a-Wi-Fi-access-point-at-the-beach/ba-p/126485


how to video on stacking @hp #3800 series #switch


@cisco #lost 3.4% market share ethernet switching in 3q2012 !!!


@hp #router marknet share units shipped up 2.3% 3q2012 !!!


@hp switch market share ports shipped up 1.4% for 3q2012 !!!


@hp #router market revenue share up 6.0% in 3q2012 !!!


@HP #switch market share of revenue for 3q2012 up 1.4% points!


#sdn #seminar in Sioux Falls, SD with @hp and @mitel

YOU’RE INVITED TO
CHANGE THE RULES OF NETWORKING
WITH DATANET AND HP

GETTING TO THE CLOUD QUICKER!

A luncheon for IT professionals to explore
how Software Defined Networking can help
simplify, scale and automate your network.


Software Defined Networking is an approach to networking
in which control is decoupled from hardware and
given to a software application called a controller. In a
software-defined network, a network administrator can
shape traffic from a centralized control console without
having to touch individual switches. The administrator
can change any network switch’s rules when necessary
-- prioritizing, de-prioritizing or even blocking specific
types of packets with a very granular level of control. This
is especially helpful in a cloud computing multi-tenant
architecture because it allows the administrator to manage
traffic loads in a flexible more efficient manner. Essentially,
this allows the administrator to use less expensive,
commodity switches and have more control over network
traffic flow than ever before.


WEDNESDAY
DECEMBER 12, 2012
10:45 AM to 1:00 PM
Holiday Inn City Centre
100 West Eight Street Sioux
Falls, SD 57104



AGENDA
• 10:45 AM - Registration
• 11:00 AM - 12:30 PM - “Software
Defined Networking” Scott Runyon
• 12:30 PM to 1:00 PM - Lunch & HP
MINI 110 Giveaway


WHAT YOU WILL LEARN:
• What Software Defined Networking
(SDN) is.
• Why embracing an open SDN
ecosystem is a critical success
factor.
• How SDN can deliver scalable,
programmable clouds.
• What steps you can take to begin
deploying cloud applications in
minutes versus months



Please RSVP by emailing:  hp@conceptcommusa.com


Speaking will be:


Scott Runyon (HP Networks)  has 20 years of experience in the networking industry. Scott’s early days were focused on the movement from mini and mainframe technologies toward client server architectures known as Local Area Networks (LAN’s). Scott has worked with a wide range of clients within the service provider, large enterprise corporate, SMB, and SLED segment.


Wednesday, November 7, 2012

Setting up Authentication on @comware 7


One of the biggest changes to Comware 7 is the role based users. You can define different user roles and change what each role has access to from a command perspective. I strongly recommend reading the following guide:


Below is the “bare bones” info you need to know to get up and running quickly. For some of you this will not be anything new. For others, who have not had the experience with the changes in comware 7 this might help.

For the most part setting up telnet/ssh with local authentication is very similar. You need to enable ssh or telnet server. You need to create RSA public key(for ssh) and specify a local user.

To configure the switch log in through the console port and enter into the system-view.

Configuration procedure

Prior to configuring switch access, determine whether telnet or ssh is required. Then only enable the corresponding server

# Enable telnet or ssh servers
<Switch> system-view
[Switch] telnet server enable
[Switch] ssh server enable

If you are using ssh then create the public key
# Create a public key
[Switch] public-key local create rsa

The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024](enter)
Generating Keys...
+++++++++++++++
++++++++++++++++++++++++
+++
++++++
[Switch]

# Assign an IP address to VLAN interface 1, the interface connected to the Telnet user.
<Switch> system-view
[Switch] interface vlan-interface 1
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 (Use correct IP address/mask)
[Switch-Vlan-interface2] quit

# Enable scheme authentication on user interface
[Switch] user-interface vty 0 15
[Switch-ui-vty0-15] authentication-mode scheme
[Switch-ui-vty0-15] protocol inbound ssh (If you are configuring for ssh access. If you use this command you will not be able to telnet to the device)
[Switch-ui-vty0-15] quit

# Create local user admin and enter its view.
[Switch] local-user admin

# Set a plaintext password admin for the user and enable displaying this password in cipher text.
[Switch-luser-admin] password simple admin
# Specify service type
[Switch-luser-admin] service-type telnet or [Switch-luser-user1] service-type ssh

# Assign the user to the network-admin role.
[Switch-luser-admin] authorization-attribute user-role network-admin

By default, network-admin is specified on the console user interface, and
network-operator is specified on any other user interface.
Inter

# Configure SNMP community strings
[Switch]snmp comm read public
[Switch]snmp comm write private
[Switch]snmp sys-info version all


# Configure default route
[Switch]ip route 0.0.0.0 0.0.0.0 192.168.1.1

# Validate network connectivity
[Switch]ping 4.2.2.2
PING 4.2.2.2: 56  data bytes, press CTRL_C to break
    Reply from 4.2.2.2: bytes=56 Sequence=1 ttl=54 time=89 ms
    Reply from 4.2.2.2: bytes=56 Sequence=2 ttl=54 time=156 ms
    Reply from 4.2.2.2: bytes=56 Sequence=3 ttl=54 time=73 ms
    Reply from 4.2.2.2: bytes=56 Sequence=4 ttl=54 time=74 ms
    Reply from 4.2.2.2: bytes=56 Sequence=5 ttl=54 time=74 ms

  --- 4.2.2.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 73/93/156 ms



Display commands
Show line numbers in front of display output
<Sysname> display vlan 999 | by-linenum

Display parts of the configuration
<Sysname> display current-configuration | begin user-interface

Save display output to a file
<Sysname> display vlan 1 > vlan.txt

Gaining access

Logging in through the console port
By default, you can log in to a device through the console port. The
authentication mode is none (no username or password required), and
the user role is network-admin.

Logging in through Telnet
By default, you cannot log in to a device through Telnet. To log in
through Telnet, first log in to the device through the console port and
complete the following configuration:
1. Enable the Telnet function if necessary. (Telnet is enabled by
default.)
2. Assign an IP address to a VLAN interface or the management
Ethernet interface, and make sure that your device and the Telnet
client can reach each other. (By default, the device does not have an
IP address.)
3. Configure a password for password authentication, or change
authentication mode for VTY users and configure related
parameters. (By default, the authentication mode is password for
VTY users.)
4. Configure the user role for VTY users (network-operator by default).

Logging in through SSH
By default, you cannot log in to a device through SSH. To log in through
SSH, first log in to the device through the console port, and then
complete the following configuration:
1. Enable the SSH function and configure SSH attributes. (SSH is
disabled by default.)
2. Assign an IP address to a VLAN interface or the management
Ethernet interface, and make sure that your device and the SSH
client can reach each other (by default, your device does not have
an IP address).
3. Configure the authentication mode of VTY users as scheme (default
is password).
4. Configure the user role for VTY users (network-operator by default).

@Cisco Systems faces threat to core #router business

@emc supports @juniper #qfabric ... what does @cisco think of all of this?

Wednesday, October 31, 2012

Does @cisco have your back? Are they giving you the best price possible?

Apparently in California (home of Cisco) they dont...

http://www.networkworld.com/news/2012/102512-cisco-csu-263711.html?hpg1=bn

Checking #Security #Compliance of your #networking equipment with @hp #imc


Keep in mind for those of  you that own HP's IMC:  IMC does have a compliance center function built into it that can check, notify and provide corrective action on configuration errors and policy verifcation.  For example it could be used to determine if the correct snmp switch hardening configuration was implemented.

For reference on how to implement check out the great imc video on you tube that covers this very topic and gives a reference case on how to detect and mitigate incorrect snmp strings.


Thursday, October 25, 2012

Join @hp in #wisconsin for all business unit update!

Appleton, Madison, Brookfield, and Eau Claire

Here from all of HP...servers, storage, network, software, pcs, printers, and services

http://hpbroadband.com/program.aspx?key=PLJROQDIJG

Monday, October 15, 2012

@hp a-series @cisco command aliases

So..you just cant unlearn all of those cisco cli commands like show or write.  Honestly..it is hard jumping on different boxes...   even though the industry has adopted pretty much a common cli (except juniper) there are differences.     One nice thing you can do on the HP a-series boxes is do command aliases.  Type a word and it issues a command.  Here are a bunch that some folks like to put on so they dont flub with a cisco command on a hp switch:


command-alias enable
command-alias mapping undo no
command-alias mapping reboot reload
command-alias mapping header banner
command-alias mapping reset clear
command-alias mapping acl access-list
command-alias mapping port switchport
command-alias mapping stp spanning-tree
command-alias mapping snmp-agent snmp-server
command-alias mapping user-interface line
command-alias mapping display show
command-alias mapping undo no
command-alias mapping return end
command-alias mapping quit exit
command-alias mapping sysname hostname
command-alias mapping acl access-list
command-alias mapping save write
command-alias mapping delete erase
command-alias mapping info-center logging
command-alias mapping save wr


Thursday, October 11, 2012

@hp #msr #firewall config example


[MSR_3020]dis cur
#
 version 5.20, Release 2105P02, Standard
#
 sysname MSR_3020
#
 clock timezone cst minus 06:00:00
#
 l2tp enable
#
 ike local-name h3c
#
 firewall enable
 firewall default deny
#
 domain default enable system
#
 dns resolve
 dns server 150.199.1.10
#
 telnet server enable
#
 blacklist enable
#
acl number 2000
 description NAT ACL
 rule 0 permit source 192.168.1.0 0.0.0.255
acl number 2001
 description HTTP ACL
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 1 permit source 151.104.104.0 0.0.0.255
 rule 2 permit source 139.87.8.0 0.0.0.255
 rule 5 deny
#
acl number 3000
 description TELNET_ACCESS_CONTROL
 rule 0 permit ip source 192.168.1.0 0.0.0.255
 rule 5 permit ip source 151.104.104.0 0.0.0.255
 rule 10 deny ip
 rule 10 comment DENY ALL OTHER INPUT OTHER THAN LOCAL LAN AND 3COM
acl number 3200 name Wan_Inbound
 description WAN_INBOUND_FILTER
 rule 0 permit icmp
 rule 5 permit udp destination-port eq 1701
 rule 10 permit udp destination-port eq 4500
 rule 15 permit tcp destination-port eq 1723
 rule 25 permit udp destination-port eq 500
 rule 35 permit udp source-port eq 1023
 rule 40 permit gre
 rule 45 permit 50
 rule 50 permit 51
 rule 55 permit udp source-port eq 67
 rule 60 permit udp source-port eq 68
 rule 65 deny udp
 rule 70 deny tcp
#
vlan 1
#
domain system
 authentication ppp local
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
 ip pool 1 10.10.10.5 10.10.10.10
#
ike peer remote
 exchange-mode aggressive
 pre-shared-key simple sprigmaster
 id-type name
 remote-name remote
#
ipsec proposal remote
#
ipsec policy remote 1 isakmp
 ike-peer remote
 proposal remote
#
dhcp server ip-pool cable
 network 192.168.1.0 mask 255.255.255.0
 gateway-list 192.168.1.254
 dns-list 150.199.1.10
#
aspf-policy 1
 detect RTSP
 detect SMTP
 detect FTP
 detect TCP
 detect UDP
#
user-group system
#
local-user 3Com
 password simple 3com3com123
 authorization-attribute level 1
 service-type ppp
local-user test
 password simple test
 authorization-attribute level 1
 service-type ppp

#
attack-defense policy 86 interface GigabitEthernet0/1
 signature-detect action drop-packet
 signature-detect fraggle enable
 signature-detect land enable
 signature-detect winnuke enable
 signature-detect tcp-flag enable
 signature-detect icmp-unreachable enable
 signature-detect icmp-redirect enable
 signature-detect tracert enable
 signature-detect smurf enable
 signature-detect source-route enable
 signature-detect route-record enable
 signature-detect large-icmp enable
 defense scan enable
  defense scan add-to-blacklist
 defense syn-flood enable
  defense syn-flood action drop-packet
 defense udp-flood enable
  defense udp-flood action drop-packet
 defense icmp-flood enable
  defense icmp-flood action drop-packet
#
l2tp-group 1
 mandatory-chap
 undo tunnel authentication
 allow l2tp virtual-template 0
 tunnel name remote
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Cellular0/0
 async mode protocol
 link-protocol ppp
#
interface Serial3/0
 link-protocol ppp
#
interface Virtual-Template0
 ppp authentication-mode chap domain system
 remote address pool 1
 ip address 10.10.10.254 255.255.255.0
#
interface NULL0
#
interface GigabitEthernet0/0
 port link-mode route
 description LAN-INTERFACE
 ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet0/1
 port link-mode route
 description WAN-INTERFACE
 firewall packet-filter name Wan_Inbound inbound
 firewall aspf 1 outbound
 nat outbound 2000
 ip address dhcp-alloc
 ipsec policy remote
 attack-defense apply policy 86
#
nqa entry imclinktopologypleaseignore ping
 type icmp-echo
  destination ip 192.168.1.253
  frequency 270000
#
 snmp-agent
 snmp-agent local-engineid 8000002B03001EC16FF729
 snmp-agent community read hphp
 snmp-agent community write hphp123
 snmp-agent sys-info contact Network Admin
 snmp-agent sys-info location 3Com Lab
 snmp-agent sys-info version all
 snmp-agent target-host trap address udp-domain 192.168.1.115 params securityname public
 undo snmp-agent trap enable voice dial
#
 dhcp enable
#
 nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
 nqa server enable
#
 ntp-service unicast-server 132.163.4.101
#              
 load xml-configuration
#
 load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
 acl 3000 inbound
 authentication-mode scheme
#
return
[MSR_3020]

@hp releases new software for K based and KA based switches

K.15.10  and KA.15.10   are now released!

Some highlights:

Openflow
OpenFlow v1.0 support (available prior, but was previously not in the general release train)

OF Matching rules:    switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport

OF Actions:  Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline

OF Stats:  packet & byte counters

OF matches done in hardware with v1 modules:  vlan pcp, in port

OF matches done in hardware with v2 modules:  specified( vlan id, vlan pcp, in port)  not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)

OF matches done in hardware:  drop, forward to single port, forward normal, modify vlan, ip tos

CLI Compatability

additional fundamental and display commands have been added that are the same as comware

Other

aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options







@sdncentral comments on recent @hp #networking #sdn announcements

Congrats! Another person figures out its safe to by @hp #networking

Its really not that hard...not that scary.... and as this new customer figures out, doesnt threaten their network nor their skills sets!

http://www.myteneo.net

Wednesday, October 10, 2012

#milwaukee @vmware and @hp event with @arrow please join us!

Hosted at the Harley Davidson Museum in Milwaukee!

Details and registration here!

http://xactlyit.com/emails/vmware/museum/harley/invite.html

@cisco is wavering on SDN like a us politician!!!

Which way is it Cisco?  You dont see value in SDN?

http://www.wired.com/wiredenterprise/2012/10/cisco-vcider/

oh wait... you just bought an SDN company....

www.vcider.com

Who's interest are you working in?  yours? or your customers?  Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it.  SDN has been building for five years...and where have they been?

Tuesday, October 9, 2012

@cisco says @vmware is becoming a competitor

http://www.crn.com/news/networking/240007716/lloyd-vmwares-nicira-deal-a-competitive-threat-to-cisco.htm?cid=rssFeed



So..as this plays out.. where does it put VCE?  For that matter...as Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?

The whole partnership they have with these companies just doesnt make sense.

This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.


@hp adds #irf to #bladesystem

with the new 6125 series of switches that run comware.

Up to 10 in a cluster!

http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html

@hp releases new switches for the #bladesystem

The new 6125 switch family is out and is very exciting because it brings the same Comware operating system that we have in the 12500, 10500, 5900, 5800, 5500, 5120 swtiches down into the Bladesystem.

It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.

http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html


Is @juniper #qfabric at risk?

@juniper to #layoff 500 people?

Friday, October 5, 2012

Reason #362 to buy @HPN instead of @cisco

Software licensing for the Cisco Nexus is so complex, they actually publish a 20 page guide just to understand it!

http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.pdf


Want a routing protocols?  You need a license (even eigrp)

Want some like HP's EVI You need a license (OTV)

Want something like HP Multi-tenant Device Context?  You need a license (VDC)

Want MPLS?  you need a license.


With HP..all of this is included and you dont need licenses!!!




Monday, September 17, 2012

@cisco employees burned out by reorgs

Network World reports:

http://www.networkworld.com/community/node/81314

I've heard the same myself from takling to several people... they dont feel that the layoffs nor reorgs have any rhyme or reason...so they feel demotivated and feel like its time to change jobs.

Friday, August 24, 2012

@hpnetworking grew at 6% while @cisco only grew at 4% this last quarter!


#epiphany of the day; #sdn and #openflow are like #atm #svc

I know..I'm dating my self.  ATM SVC?  LOL.  That was a techno flop.  But... it was a great idea.  Create a network that was based on switched point to point circuits.  A server and a user could be on a point to point connection with eachother.  What today we would call a link-local connection.  It really simplifies the world.
The problem with ATM SVC was we weren't that good at network operating systems yet..and ASIC/CPU designs werent powerful enough to handle the speed and number of setup/teardown requests .

SDNs... and specifically Openflow can make this happen.  We now will have a SVC like fabric...but built on ethernet.  Techno flashback time... LANE was the solution for ATM..  This is better...no SAR process. Just straight ethernet..nice and efficient.  No changes in technologies. You can now trick devices into thinking they are on a very very small network.  One link-local to the exchange server... another to the  lync server... maybe another to a nas server... maybe another to the internet firewall.

I've got thoughts on how this improves security and broadcasts as well.  more about that in another blog post.

Analysis: @Cisco, @EMC partnership turning into #rivalry

Lots of talk about #mdc and #evi

Thursday, August 23, 2012

While the greater @hp was down in Q3, @hpnetworking was up!!!

HP Networking continued to deliver positive results with revenue growth up 6% year over year, 10% adjusting for a Q1 divestiture.

Tuesday, August 21, 2012

@hpnetworking to show #van at @vmworld

HP Networking presence at VMworld, San Francisco, 26-30 August [AMS]
HP is a Global Diamond Sponsor at this event, which will feature HPN Virtual Application Network and Data Center Interconnect solutions in demos and theatre sessions in booth 1503 on the show floor. Activities will include a partner reception, roundtables, and one-on-one customer meetings with HP Cloud Advisors, key HP executives, and technical experts.

http://www.vmworld.com/index.jspa 

Thursday, August 2, 2012

@hp hires new #CIO @ramonbaez

And he comes to us from Kimberly Clark.  This should be very exciting as Ramon has 30+ years experience and will bring some nice customer orientated culture to HP

http://www.bizjournals.com/portland/morning_call/2012/08/hewlett-packard-hires-baez-as-cio.html

Monday, July 30, 2012

Cool apps built on #openflow how about a software driven patch panel?

Damh #monkies are showing up everywhere... @chaosmonkey attacks

First was the Video Monkey...then the Network Monkey... now the Chaos Monkey?????


http://www.networkworld.com/news/2012/073012-chaos-monkey-261279.html?hpg1=bn

@oracle buys @xsigo ... the @datacenter war heats up

@cisco reseller @didata says 50% of @cisco networks are #obsolete

@carriers all excited about #openflow says @infonetics

Tuesday, July 24, 2012

the @cisco transformation projects = #rifs

#rumor of the day#2: @cisco to divest itself of #UCS

Its a money loser alright.  While they've gained some marketshare...it cost a lot of r&d and sales dollars...and...they lost a ton of business to HP and others while they were distracted.


rumor of the day #1: @cisco to get rid of @linksys consumer products


Is #sdn slipping away from @cisco ? @vmware buys @nicira



“VMware said it will acquire Nicira for $1.05 billion in cash and about $210 million of assumed unvested equity awards. The company said the acquisition, which is expected to close in the second half of the year, will position VMware to be the industry leader in software-defined networking.”


@cisco ditches #waas and apparently gets out of wan optimization

@cisco laysoff 1300 employees

Monday, July 16, 2012

@larrysinger from #hp talks about open networking @internet2

#rdma over ethernet #roce

A stronger converged solution than fcoe?

Watch this internet2 talk:

http://events.internet2.edu/2012/jt-stanford/agenda.cfm?go=session&id=10002408&event=1232

RoCE stands for RDMA over Converged Ethernet.  Pronounced "Rocky"

@dnssec and amount of sites deployed

@internet2 Joint Techs conference... watch it live

public network management?

Is there going to be a trend in allowing anyone to see data about your network?  Folks like ESNet are actually allowing guests to view most of the data about their network

Interesting internet data out of the @stanford #pinger project

Friday, July 6, 2012

@cisco loses 4.9% market share in Data Center switching

@cisco lost 4.3% points of wlan market share this last quarter


@cisco lost 1.2% points of router market share this last quarter


@cisco lost 2.8% points of market share this last quarter in #switching

And HP gained 2.4% of those points!!!!

#HP #IMC Service Health Monitor


New #hp #imc module... Application Performance Module rocks!

HP just added a new purchasable module to IMC... Application Performance Module... it allows you to dive in an trend/track application specific parameters on devices.  Simple things like if port 8080 is open..or slightly more specific like Active Directory.  Here's a few screens shots




Thursday, July 5, 2012

Does @cisco care about your #rights and #privacy?

RACL/VACL/PACL Notes for #hpn and #cisco

Thanks for Bob Wong for putting this together:



E-series
A-series
Cisco
RACL
Applied to vlan interface
controls routed traffic in/out
Applied to vlan interface or port
Controls routed traffic in/out
Applied to vlan interface
controls routed traffic in/out
VACL
Applied to vlan interface
ip-access group … vlan  (implicit deny at end)
controls all traffic within and out VLAN, not in


To create approximation of Cisco VACL, also add outbound RACL on vlan interface
Applied to vlan interface
Packet-filter (implicit permit at end)
Controls all routed traffic in and out of all ports in the VLAN, not switched

To create approximation of Cisco VACL, use inbound PACL instead
Access-list
Vlan-access map
vlan filter
Controls within, out, routed into the VLAN from another VLAN

PACL
Applied to port
Controls traffic in, not out
Applied to port
controls traffic in/out
Applied to port
controls traffic in/out

Thursday, June 14, 2012

@cisco yet again...a follower..this time in #sdn

Well..by now you know my bent...so why even read the post?  Well... there is a point...have some patience...

Cisco just released their strategy for SDNs.  You can read up many places...check out Light Reading's article:

http://www.lightreading.com/document.asp?doc_id=221921&f_src=lrdailynewsletter


Cisco has always been a follower... it started out with multi-processor routers (wellfleet was first) and then went to switches (kalpana, grand junction, synoptics, cabletron, etc) and many other product lines.

You might argue, so what...they were not a leader in switching and then became one. While true...there are other factors and I'd suggest that the forces that put Cisco together arent there today.  The market has changed and from talking to the VCs I know... for the last years, hardware has been out of vogue.  Software is in. Why?  Huge returns. And why is that important.. money is going to dump into the market and in a big way to develop network architectures based on just software to build the overlays.  I could launch a SDN startup today probably with just $600k or so and quickly build a solution. You could never do that with hardware solution...I'd need $30-60M.  (on the low side)  So... expect to see a lot of interesting innovation.

I'm also skeptical about Cisco and how they are attacking this.  First off..they broke with how they always have launched these efforts... the infamous five phase product launch that mysteriously is always launched in phase 2... giving the illusion they had been planning this all along.  I think Cisco has the jitters and is not acting rashly.

Lastly... an API?  Really?  Not to say that HP is not bringing out APIs, we are. But..they have their place.  They are for customers that deeply need to control their network...typically service providers and ultra large scale data centers.   The bulk of the market doesnt want this..nor needs...nor could even take advantage of it.  They want a controller based solution and orchestration software that allows them to drag and drop deploy networks, applications,and security. They want speed... they want to deploy with more control with less staff.  This is fail for Cisco.

While I get why Cisco is going the API route... if they convince customers...those customers are locked into Cisco.  Its yet another EIGRP, RPVST, CDP, VTP, SCCP, etc in their back pocket...its not the way the market wants to head.  They want better control..and they want commodization of the market.


Tuesday, June 12, 2012

#DLDP is HP's feature set similiar to #UDLD

Sometimes, unidirectional links may appear in networks. On a unidirectional link, one end can receive packets from the other end but the other end cannot. Unidirectional links result in problems such as loops in an STP-enabled network.


The Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair. On detecting a unidirectional link, DLDP can shut down the related port automatically or prompt users to take measures as configured to avoid network problems.As a data link layer protocol, DLDP cooperates with physical layer protocols to monitor the link status of a switch. The auto-negotiation mechanism provided by physical layer protocols detects physical signals and faults. DLDP, however, performs operations such as identifying peer switches, detecting unidirectional links, and shutting down unreachable ports. The cooperation of physical layer protocols and DLDP ensures that physical/logical unidirectional links be detected and shut down. For a link with the switches on the both sides of it operating properly, DLDP checks whether the cable is connected correctly and whether packets can be exchanged between the two switches. This is beyond the capability of the auto-negotiation mechanism at the physical layer.


DLDP can operate in two modes: normal mode and enhanced mode, as described below.

l          In normal DLDP mode, when an entry timer expires, the switch removes the corresponding neighbor entry and sends an Advertisement packet with RSY tag.
l          In enhanced DLDP mode, when an entry timer expires, the Enhanced timer is triggered and the switch sends up to eight Probe packets at a frequency of one packet per second to test the neighbor. If no Echo packet is received from the neighbor when the Echo timer expires, the switch transits to the Disable state.


Configuration procedure
1)        Configuration on Device A
# Enable DLDP on GigabitEthernet2/0/1 and GigabitEthernet 2/0/2 separately.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] dldp enable
[DeviceA-GigabitEthernet2/0/1] quit
[DeviceA] interface gigabitethernet 2/0/2
[DeviceA-GigabitEthernet2/0/2] dldp enable
[DeviceA-GigabitEthernet2/0/2] quit
# Set the interval for sending Advertisement packets to 6 seconds.
[DeviceA] dldp interval 6
# Set the DelayDown timer to 2 seconds.
[DeviceA] dldp delaydown-timer 2
# Set the DLDP mode as enhanced mode.
[DeviceA] dldp work-mode enhance
# Set the port shutdown mode as auto mode.
[DeviceA] dldp unidirectional-shutdown auto
# Enable DLDP globally.
[DeviceA] dldp enable
2)        Configuration on Device B
Configure Device B as you configure Device A.
3)        Verifying the configurations
You can use the display dldp command to display the DLDP configuration information on ports.
# Display the DLDP configuration information on all the DLDP-enabled ports of Device A.
[DeviceA] display dldp
DLDP global status : enable
 DLDP interval : 6s
 DLDP work-mode : enhance
 DLDP authentication-mode : none
 DLDP unidirectional-shutdown : auto
 DLDP delaydown-timer : 2s
 The number of enabled ports is 2.
Interface GigabitEthernet2/0/1
 DLDP port state : disable
 DLDP link state : down
 The neighbor number of the port is 0.
Interface GigabitEthernet2/0/2
 DLDP port state : disable
 DLDP link state : down
 The neighbor number of the port is 0.
The output information indicates that both GigabitEthernet2/0/1 and GigabitEthernet2/0/2 are in Disable state and the links are down, which means unidirectional links are detected and the two ports are thus shut down.
Correct the fiber connections after detecting the problem, and perform the following operations:
# Reset DLDP state for the ports shut down by DLDP.
[DeviceA] dldp reset
# Display the DLDP configuration information on all the DLDP-enabled ports of Device A.
[DeviceA] display dldp
 DLDP global status : enable
 DLDP interval : 6s
 DLDP work-mode : enhance
 DLDP authentication-mode  : none
 DLDP unidirectional-shutdown : auto
 DLDP delaydown-timer : 2s
 The number of enabled ports is 2.
Interface GigabitEthernet2/0/1
 DLDP port state : advertisement
 DLDP link state : up
 The neighbor number of the port is 1.
    Neighbor mac address : 0000-0000-0101
    Neighbor port index : 59
    Neighbor state : two way
    Neighbor aged time : 11
Interface GigabitEthernet2/0/2
 DLDP port state : advertisement
 DLDP link state : up
 The neighbor number of the port is 1.
    Neighbor mac address : 0000-0000-0102
    Neighbor port index : 59
    Neighbor state : two way
    Neighbor aged time : 11
The output information indicates that both GigabitEthernet2/0/1 and GigabitEthernet2/0/2 are in the Advertisement state and the links are up, which means unidirectional links are not detected and the two ports are restored.