The second presentation of day 2 of Network Field Day was from Ruckus wireless. Yes, a wireless company at a non-wireless Field Day event. I had known for a while that Ruckus wanted to present at Network Field Day and I was excited to see what they would bring. My previous experience with Ruckus was very enlightening. I wanted to see how they would do outside the comfort zone of a wireless event. Add in the fact that most networks are now becoming converged from the perspective of offering both wired and wireless access and you can see the appeal of being the only wireless company on the slate.
We started off with a talk from GT Hill (@GTHill). GT is one of those guys that started out very technical before jumping into the dark side of marketing. I think his presentation should be required viewing for those that think they may want to talk to any Tech Field Day group. GT had a lot of energy that he poured into his talk. I especially loved how he took a few minutes at the beginning to ask the delegates about their familiarity with wireless. That’s not something you typically see from a vertical-focused field day like NFD, but it does get back to the cross discipline aspect that makes the greater Tech Field Day events so great. Once GT had an idea of what we all knew he kept each and every one of the delegates engaged as he discussed why wireless was so hard to do compared to the “simplicity” of wired networking. Being a fan of explaining technical subjects with easy-to-understand examples, I loved GT using archery as a way to explain the relative difficulty of 802.11 broadcasts in 802.11n and 802.11ac.
The second part of the discussion from Sandip Patel about 802.11ac was great. I didn’t get a chance to hear the presentations from the other wireless vendors at Wireless Field Day 3 & 4. Picking up all the new information regarding things like channel bandwidth and multi-user spatial streams was very nice for me. There’s a lot of new technology being poured into 802.11ac right now. There’s also a lot that’s being prepped for the future as well. While I knew that 160 MHz channels were going to be necessary to get the full bandwidth rates out of 802.11ac, I was unaware that you could have two 80 MHz channels simultaneously working together to provide that. You learn something awesome at every Field Day event. I think 802.11ac is going to push a lot of lesser vendors out of the market before all is said and done. The huge leap forward for throughput comes with a great cost insofar as making sure that your wireless radios work correctly while at the same time accommodating noise and interference. Companies like Cisco and Aruba are going to come out okay just by virtue of being so large. Aerohive should come out fine as well. I think Ruckus has taken a unique approach with their antenna technology. That shows in these presentations, as Ruckus will be the first to tell you that their superior transmitting technology means that the signal will be cleaner between client and AP. I want to see a real 802.11ac from every wireless company put together in a room with various noise producers to see what happens. Maybe something for Wireless Field Day 5?
After we shut off the cameras, we got to take tour of the Ruckus testing facilities. Since Ruckus had moved buildings since Wireless Field Day 2 it was a brand new room. There was a lot more room than the previous testing area that we’d seen before. They still had a lot of the same strange containers and rooms designed to subject access point radios to the strangest RF environments imaginable. In the new building, there was just a lot more elbow room to walk around along with more tables to spread out and get down to the nuts and bolts of testing.
While the Ruckus presentation was geared more toward people who weren’t that familiar with the wireless space, I loved it nonetheless. GT Hill related to a group of non-wireless people in the best way I could imagine. Sandip brought a lot of info about 802.11ac to the table now that the vendors are starting to ramp up towards putting out enterprise APs. Ruckus wanted to show everyone that wireless is an important part of the conversation when it comes to the larger networking story. While we spend a lot of time at NFD talking about SDN or data centers or other lofty things, it’s important to remember that our tweets and discussion and even our video coverage is coming over a wireless network of some kind. Going to a vendor without some form of wireless access is a demerit in their case. I’ve always made a point of paying attention once I see that something is everywhere I go. Thankfully, Ruckus made the right kind of noise to make the delegates sit up and pay attention.
Tech Field Day Disclaimer
Ruckus was a sponsor of Network Field Day 5. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 5. In addition, Ruckus provided me with lunch at their offices. They also provided a custom nameplate and a gift package containing a wireless access point and controller. At no time did they ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
The first presentation of Networking Field Day 5 day 2 was from our old friends at Solarwinds. We heard from them before at NFD3, but the nice thing about Solarwinds is that they’ve always got new tools coming out. I’ve also served as a Thwack Ambassador on their forums and been featured as an IT Spotlight Blogger. I wanted to see what Solarwinds would bring to the table at NFD5.
The geeks from Solarwinds started out with a quick overview of the tool portfolio. One thing to take note of: most of the tools that you use a standalone products are actually integrated into the larger Orion platform. Solarwinds makes some of them available as free downloads for trials or point solutions. You can get all of them together in one big toolbox, provided you have the horsepower to run it all. It tend to lean more toward the “right tool, right job” mentality rather than getting the whole box. For every IP SLA monitor crescent wrench I use regularly, there are a multitude of metric socket sets and emergency break tools that I may never even touch. That’s why it’s great when Solarwinds makes their software available to all for only the investment of a registration.
You’ll also notice in the video around 20 minutes in, I mention something about Solarwinds and SDN. Colin McNamara (@colinmacnamara) chided me a bit about “SDN washing” of their technology. Colin does have a point about overuse of SDN to describe everything under the sun. Sanjay Castelino even made a post to the effect that what Solarwinds is doing isn’t SDN. In a sense, he’s right. These tools aren’t network programmability or overlay networking or even automation. To me though, a part of what Solarwinds is doing falls under the SDN spectrum in that they can program different devices from a single interface. Sure, it’s not the sexy sports car idea of network slicing and service instantiation that others are looking at. Even the ability to quickly configure devices and pull pertinent info from them is better than some of what we’ve got going on right now. This software allows you to define parameters and configuration in your network. That’s SDN of some flavor to me. Maybe not mocha SDN with sprinkles but something a bit different.
This led to a bit of a derailment of the conversation. The delegates seized on the Solarwinds development model of “giving the customers what they want.” I’d heard this many times before, so it wasn’t necessarily new to me. What’s key to me in that message is that you’re going to have a lot of content customers. Not necessarily happy, but content. The key difference to me comes from the model. If you give the customers what they want, they will be pacified. All their desires are met and the can do their jobs. However, if you can break outside of the demand-based model and show them something they never knew they needed, you have a real chance to make them deliriously happy. Think about something like the iPad. Did we know we needed it before it was released? Not likely. Now think about how many people have jumped at the chance to own a tablet device. If those companies had simply been giving their customers what they asked for think about the market that would have been missed. I’m not saying that Solarwinds is doing a bad job by any means. I just think they need to get a geek in the house working on crazy stuff that will make people say “holy cow!!!”
Solarwinds talked to us about their newest network monitoring pieces. They’ve got some very interesting tools, including Network Performance Monitor. There was also some discussion around their IP Address Managment (IPAM) tool, which is what I wrote about during my Thwack Ambassadorship. Thankfully, we had Terry Slattery in the room. Terry loves the network monitoring discussions, having founded Netcordia and release NetMRI for that purpose before it was purchased by Infoblox. Terry has seen a lot, and he’s not afraid to tell you what he thinks. When we discussed the features of User Device Tracker (UDT), he asked if it can do a time-based report on unused switch ports. When the answer wasn’t clear, he told the geeks, “If you can’t do that, you need to write that down.” We all had a couple of good jokes at their expense, but that fact is that when Terry tells you something is important, especially when it comes to network monitoring the chances are it’s really important.
Solarwinds is also getting into the API game with SWIS – Solarwinds Information Service. This SOAP interface (soon to be REST) gives you the ability to write programs to pull data from the network and insert/update the same in many devices. See what I’m talking about with SDN and the ability to pull info from the network and push it back again? I think Solarwinds really needs to focus their efforts in this area and drive some more programmability from their tools rather than the old methods of just hiding CLI command pushes and things of that nature. By allowing users to code to an API, you’ve just abstracted all of the icky parts of the backend away and focused the conversation where it needs to be – on getting problems solved.
Solarwinds has awesome tools. They’re going to have awesome tools in the future. But they’ve hit on some pieces of the puzzle that are going to do much more than that. Beyond giving us a toolbox with fancy handles and shiny stickers, they’ve started to do what a lot of other people have done and give us designs for what we should build with the tools they’ve given us. By expanding into that area of allowing us to program to APIs and put the pieces into a bigger context, they have the ability to transcend being a point product vendor releasing neat toys. When you can be a meaningful discussion point in any monitoring and management meeting without being dismissed as just a niche player, that’s handy indeed.
Tech Field Day Disclaimer
Solarwinds was a sponsor of Network Field Day 5. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 5. In addition, Solarwinds provided me with breakfast at the hotel. They also gave the delegates a t-shirt and a messenger bag, along with all the stickers and buttons we could fit into our carry ons. At no time did they ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
Day one of Network Field Day 5 (NFD5) included presentations from the Cisco Borderless team. You probably remember their “speed dating” approach at NFD4 which gave us a wealth of information in 15 minute snippets. The only drawback to that lineup is when you find a product or a technology that interests you there really isn’t any time to quiz the presenter before they are ushered off stage. Someone must have listened when I said that before, because this time they brought us 20 minute segments – 10 minutes of presentation, 10 minutes of demo. With the switching team, we even got to vote on our favorite to bring the back for the next round (hence the title of the post). More on that in a bit.
6500 Quad Supervisor Redundancy
First up on the block was the Catalyst 6500 team. I swear this switch is the Clint Howard of networking, because I see it everywhere. The team wanted to tell us about a new feature available in the ((verify code release)) code on the Supervisor 2T (Sup2T). Previously, the supervisor was capable of performing a couple of very unique functions. The first of these was Stateful Switch Over (SSO). During SSO, the redundant supervisor in the chassis can pick up where the primary left off in the event of a failure. All of the traffic sessions can keep on trucking even if the active sup module is rebooting. This gives the switch a tremendous uptime, as well as allowing for things like hitless upgrades in production. The other existing feature of the Sup2T is Virtual Switching System (VSS). VSS allows two Sup2Ts to appear as one giant switch. This is helpful for applications where you don’t want to trust your traffic to just one chassis. VSS allows for two different chassis to terminate Multi-Chassis EtherChannel (MLAG) connections so that distribution layer switches don’t have a single point of failure. Traffic looks like it’s flowing to one switch when in actuality it may be flowing to one or the other. In the event that a Supervisor goes down, the other one can keep forwarding traffic.
Enter the Quad Sup SSO ability. Now, instead of having an RPR-only failover on the members of a VSS cluster, you can setup the redundant Sup2T modules to be ready and waiting in the event of a failure. This is great because you can lose up to three Sup2Ts at once and still keep forwarding while they reboot or get replaced. Granted, anything that can take out 3 Sup2Ts at once is probably going to take down the fourth (like power failure or power surge), but it’s still nice to know that you have a fair amount of redundancy now. This only works on the Sup2T, so you can’t get this if you are still running the older Sup720. You also need to make sure that your linecards support the newer Distributed Forwarding Card 3 (DFC3), which means you aren’t going to want to do this with anything less than a 6700-series line card. In fact, you really want to be using the 6800 series or better just to be on the safe side. As Josh O’brien (@joshobrien77) commented, this is a great feature to have. But it should have been there already. I know that there are a lot of technical reasons why this wasn’t available earlier, and I’m sure the increase fabric speeds in the Sup2T, not to mention the increased capability of the DFC3, are the necessary component for the solution. Still, I think this is something that probably should have shipped in the Sup2T on the first day. I suppose that given the long road the Sup2T took to get to us that “better late than never” is applicable here.
Next up was the Cisco UCS-E series server for the ISR G2 platform. This was something that we saw at NFD4 as well. The demo was a bit different this time, but for the most part this is similar info to what we saw previously.
Catalyst 3850 Unified Access Switch
The Catalyst 3800 is Cisco’s new entry into the fixed-configuration switch arena. They are touting this a “Unified Access” solution for clients. That’s because the 3850 is capable of terminating up to 50 access points (APs) per stack of four. This think can basically function as a wiring closet wireless controller. That’s because it’s using the new IOS wireless controller functionality that’s also featured in the new 5760 controller. This gets away from the old Airespace-like CLI that was so prominent on the 2100, 2500, 4400, and 5500 series controllers. The 3850, which is based on the 3750X, also sports a new 480Gbps Stackwise connector, appropriately called Stackwise480. This means that a stack of 3850s can move some serious bits. All that power does come at a cost – Stackwise480 isn’t backwards compatible with the older Stackwise v1 and v2 from the 3750 line. This is only an issue if you are trying to deploy 3850s into existing 3750X stacks, because Cisco has announced the End of Sale (EOS) and End of Life (EOL) information for those older 3750s. I’m sure the idea is that when you go to rip them out, you’ll be more than happy to replace them with 3850s.
The 3850 wireless setup is a bit different from the old 3750 Access Controller that had a 4400 controller bolted on to it. The 3850 uses Cisco’s IOS-XE model of virtualizing IOS into a sort of VM state that can run on one core of a dual-core processor, leaving the second core available to do other things. Previously at NFD4, we’d seen the Catalyst 4500 team using that other processor core for doing inline Wireshark captures. Here, the 3850 team is using it to run the wireless controller. That’s a pretty awesome idea when you think about it. Since I no longer have to worry about IOS taking up all my processor and I know that I have another one to use, I can start thinking about some interesting ideas.
The 3850 does have a couple of drawbacks. Aside from the above Stackwise limitations, you have to terminate the APs on the 3850 stack itself. Unlike the CAPWAP connections that tunnel all the way back to the Airespace-style controllers, the 3850 needs to have the APs directly connected in order to decapsulate the tunnel. That does provide for some interesting QoS implications and applications, but it doesn’t provide much flexibility from a wiring standpoint. I think the primary use case is to have one 3850 switch (or stack) per wiring closet, which would be supported by the current 50 AP limitation. the othe drawback is that the 3850 is currently limited to a stack of four switches, as opposed to the increased six switch limit on the 3750X. Aside from that, it’s a switch that you probably want to take a look at in your wiring closets now. You can buy it with an IP Base license today and then add on the AP licenses down the road as you want to bring them online. You can even use the 3850s to terminate CAPWAP connections and manage the APs from a central controller without adding the AP license.
Here is the deep dive video that covers a lot of what Cisco is trying to do from a unified wired and wireless access policy standpoint. Also, keep an eye out for the cute Unifed Access video in the middle.
Private Data Center Mobility
I found it interesting this this demo was in the Borderless section and not the Data Center presentation. This presentation dives into the world of Overlay Transport Virtualization (OTV). Think of OTV like an extra layer of 802.1 q-in-q tunneling with some IS-IS routing mixed in. OTV is Cisco’s answer to extending the layer 2 boundary between data centers to allow VMs to be moved to other sites without breaking their networking. Layer 2 everywhere isn’t the most optimal solution, but it’s the best thing we’ve got to work with the current state of VM networking (until Nicira figures out what they’re going to do).
We loved this session so much that we asked Mostafa to come back and talk about it more in depth.
The most exciting part of this deep dive to me was the introduction of LISP. To be honest, I haven’t really been able to wrap my head around LISP the first couple of times that I saw it. Now, thanks to the Borderless team and Omar Sultan (@omarsultan), I’m going to dig into a lot more in the coming months. I think there are some very interesting issues that LISP can solve, including my IPv6 Gordian Knot.
I have to say that I liked Cisco’s approach to the presentations this time. Giving us discussion time along with a demo allowed us to understand things before we saw them in action. The extra five minutes did help quite a bit, as it felt like the presenters weren’t as rushed this time. The “Borderless Idol” style of voting for a presentation to get more info out of was brilliant. We got to hear about something we wanted to go into depth about, and I even learned something that I plan on blogging about later down the line. Sure, there was a bit of repetition in a couple of areas, most notably UCS-E, but I can understand how those product managers have invested time and effort into their wares and want to give them as much exposure as possible. Borderless hits all over the spectrum, so keeping the discussion focused in a specific area can be difficult. Overall, I would say that Cisco did a good job, even without Ryan Secrest hosting.
Tech Field Day Disclaimer
Cisco was a sponsor of Network Field Day 5. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 5. In addition, Cisco provided me with a breakfast and lunch at their offices. They also provided a Moleskine notebook, a t-shirt, and a flashlight toy. At no time did they ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
Network Field Day 5 started off with a full day at Cisco. The Data Center group opened and closed the day, with the Borderless team sandwiched in between. Omar Sultan (@omarsultan) greeted us as we settled in for a continental breakfast before getting started.
The opening was a discussion of onePK, a popular topic as of late from Cisco. While the topic du jour in the networking world is software-defined networking (SDN), Cisco steers the conversation toward onePK. This, at its core, is API access to all the flavors of the Internetwork Operating System (IOS). While other vendors discuss how to implement protocols like OpenFlow or how to expose pieces of their underlying systems to developers, Cisco has built a platform to allow access into pieces and parts of the OS. You can write applications in Java or Python to pull data from the system or push configurations to it. The process is slowly being rolled out to the major Cisco platforms. The support for the majority of the Nexus switching line should give the reader a good idea of where Cisco thinks this technology will be of best use.
One of the specific applications that Cisco showed off to us using onePK is the use of Puppet to provision switches from bare metal to functioning with a minimum of human effor. Puppet integration was a big underlying topic at both Cisco and Juniper (more on that in the Juniper NFD5 post). Puppet is gaining steam in the netowrking industry as a way to get hardware up and running quickly with the least amount of fuss. Server admins have enjoyed the flexibility of Puppet for a some time. It’s good to see well-tested and approved software like this being repurposed for similar functionality in the world of routing and switching.
Next up was a discussion about the Cisco ONE network controller. Controllers are a very hot topic in the network world today. OpenFlow allows a central management and policy server to push information and flow data into switches. This allows network admins to get a “big picture” of the network and how the packets are flowing across it. Having the ability to view the network in its entirity also allows admins to start partitioning it in a process called “slicing.” This was one of the first applications that the Stanford wiz kids used OpenFlow to accomplish. It makes sense when you think about how universities wanted to partition off their test networks to prevent this radical OpenFlow idea from crashing the production hardware. Now, we’re looking at using slicing for things like multi-tenancy and security. The building blocks are there to make some pretty interesting leaps. The real key is that the central controller have the ability to keep up with the flows being pushed through the network. Cisco’s ONE controller not only speaks OpenFlow, but onePK as well. This means that while the ONE controller can talk to disparate networking devices running OpenFlow, it will be able to speak much more clearly to any Cisco devices you have lying around. That’s a pretty calculated play from Cisco, given that the initial target for their controller will be networks populated primarily by Cisco equipment. The use case that was given to us for the Cisco ONE controller was replacing large network taps with SDN options. Fans of NFD may remember our trip to Gigamon. Cisco hadn’t forgotten, as the network tap they used as an example in their slide looked just like the orange Gigamon switch we saw at a previous NFD.
After the presentations from the Borderless team, we ended the day with an open discussion around a few topics. This is where the real fun started. Here’s the video:
The first hour or so is a discussion around hybrid switching. I had some points in here about the standoff between hardware and software people not really wanting to get along right now. I termed it a Mexican Standoff because no one really wants to flinch and go down the wrong path. The software people just want to write overlays and things like and make it run on everything. The entrenched hardware vendors, like Cisco, want to make sure their hardware is providing better performance than anyone else (because that’s where their edge is). Until someone decides to take a chance and push things in different directions, we’re not going to see much movement. Also, around 1:09:00 is where we talked a bit about Cisco jumping into the game with a pure OpenFlow switch without much more on top of it. This concept seemed a bit foreign to some of the Cisco folks, as they can’t understand why people wouldn’t want IOS and onePK. That’s where I chimed in with my “If I want a pickup truck, I don’t take a chainsaw to a school bus.” You shouldn’t have to shed all the extra stuff to get the performance you want. Start with a smaller platform and work your way up instead of starting with the kitchen sink and stripping things away.
Shortly after this is where the fireworks started. One of Cisco’s people started arguing that OpenFlow isn’t the answer. He said that the customer he was talking to didn’t want OpenFlow. He even went so far as to say that “OpenFlow is a fantasy because it promises everything and there’s nothing in production.” (about 1:17:00) Folks, this was one of the most amazing conversations I’ve ever seen at a Network Field Day event. The tension in the room was palpable. Brent and Greg were on this guy the entire time about how OpenFlow was solving real problems for customers today, and in Brent’s case he’s running it in production. I really wonder how the results of this are going to play out. If Cisco hears that their customers don’t care that much about OpenFlow and just want their gear to do SDN like in onePK then that’s what they are going to deliver. The question then becomes whether or not network engineers that believe that OpenFlow has a big place in the networks of tomorrow can convince Cisco to change their ways.
Cisco’s Data Center group has a lot of interesting things to say about programmability in the network. From discussions about APIs to controllers to knock down, drag out aruguments about what role OpenFlow is going to play, Cisco has the gamut covered. I think that their position at the top of the network heap gives them a lot of insight into what’s going on. I’m just worried that they are going to use that to push a specific agenda and not embrace useful technologies down the road that solve customer problems. You’re going to hear a lot more from Cisco on software defined networking in the near future as they begin to roll out more and more features to their hardware in the coming months.
Tech Field Day Disclaimer
Cisco was a sponsor of Network Field Day 5. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 5. In addition, Cisco provided me with a breakfast and lunch at their offices. They also provided a Moleskine notebook, a t-shirt, and a flashlight toy. At no time did they ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
It’s time again for more zany fun in San Jose with the Tech Field Day crew! I will be attending Network Field Day 5 in San Jose March 6-8. This time, I was honored to be included as a member of the organizing committee for the event. There were lots of discussions about timing of the event, sessions that would be interesting to the delegates and the viewers, and even a big long list of delegates to evaluate. That last part is never fun. There are so many great people out there that would be a great fit at any Field Day event. Sadly, there are only so many people that can attend. The list for Network Field Day 5 includes the following wonderful people:
Ethan Banks, CCIE #20655, is a hands-on networking practitioner who has designed, built and maintained networks for higher education, state government, financial institutions, and technology corporations.
Over the last twenty odd years, Greg has worked Sales, Technical and IT Management but mostly he delivers Network Architecture and Design. Today he works as a Freelance Consultant for F100 companies in the UK & Europe focussing on Data Centres, Security and Operational Automation.
Terry Slattery, CCIE #1026, is a senior network engineer with decades of experience in the internetworking industry.
There’s likely to be a couple more people on that list before all is said and done. I really wish that we could have an event with all the potential delegates. Maybe one day after I finally buy my own 747 we’ll have enough airline seats to fly everyone to Silicon Valley.
Network Field Day 5 Sponsors
There will be an extra full lineup of sponsors this time around. A few of the details are still being finalized, but here’s the lineup so far:
That “secret company” sounds nice and mysterious, doesn’t it? I can’t wait until they’re revealed. I am always pleased with the lineup of sponsors at each Field Day event. The leadership and vision provided by these vendors gives us all a great idea of where technology is headed.
What’s Field Day Like?
Network Field Day is not a vacation. This event will involve starting a day early first thing Wednesday morning and running full steam for two and a half days. We get up early and retire late. Wall-to-wall meetings and transportation to and from vendors fill the days. When you consider that most of the time we’re discussing vendors and presentations on the car ride to the next building, there’s very little downtime. We’ve been known to have late night discussions about OpenFlow and automation until well after midnight. If that’s your idea of a “vacation” then Tech Field Day is a paradise.
Tech Field Day – Join In Now!
Everyone at home is as much a participant in Tech Field Day as the delegates on site. At the last event we premiered the ability to watch the streaming video from the presentations on mobile devices. This means that you can tune in from just about anywhere now. There’s no need to stay glued to your computer screen. If you want to tune out to our last presentations of the day from the comfort of your couch with your favorite tablet device then feel free by all means. Don’t forget that you can also use Twitter to ask questions and make comments about what you’re seeing and hearing. Some of the best questions I’ve seen came from the home audience. Use the hashtag #NFD5 during the event. Note that I’ll be tagging the majority of my tweets that week with #NFD5, so if the chatter is getting overwhelming you can always mute or filter that tag.
Standard Tech Field Day Sponsor Disclaimer
Tech Field Day is a massive undertaking that involves the coordination of many moving parts. It’s not unlike trying to herd cats with a helicopter. One of the most important pieces is the sponsors. Each of the presenting companies is responsible for paying a portion of the travel and lodging costs for the delegates. This means they have some skin in the game. What this does NOT mean is that they get to have a say in what we do. No Tech Field Day delegate is every forced to write about the event due to sponsor demands. If a delegate chooses to write about anything they see at Tech Field Day, there are no restrictions about what can be said. Sometimes this does lead to negative discussion. That is entirely up to the delegate. Independence means no restrictions. At times, some Tech Field Day sponsors have provided no-cost evaluation equipment to the delegates. This is provided solely at the discretion of the sponsor and is never a requirement. This evaluation equipment is also not a contingency of writing a review, be it positive or negative. The delegates are in this for the truth, the whole truth, and nothing but the truth.
The final Network Field Day 4 (NFD4) presentation was from Juniper. Juniper has been a big supporter of Tech Field Day so getting to see some of their newest technology and advances was just another step in the the wonderful partnership. We arrived Friday afternoon to a very delicious lunch before settling in for the four hour session.
We were introduced to one of our own, Derick Winkworth (@cloudtoad). Derick was a delegate and NFD2 and has recently come to Juniper as the PM of Automation. It’s always nice to see someone from Tech Field Day in front of us for the vendor. Some have said that the vendors are stealing away members of the Field Day community, but I see it more as the vendors realizing the unique opportunity to bring someone on board the “gets it.” However, I couldn’t let Derick off the hook quite that easily. At Cisco Live, Derick proved his love for Dave Ward of Cisco by jumping up during Dave’s OnePK panel and throwing a pair of men’s briefs at him with “I ❤ Dave” written on the back. Lots of laughs were had by all, and Dave seemed appreciative of his gift. Once I learned the Derick was presenting first for NFD4, I hatched my own fan boy plot. When Derick walked up front to face the NFD delegates as “the enemy,” I too proved my love for the Cloud Toad by jumping up and tossing him a pair of underwear as well. These were adorned with “I ❤ @cloudtoad” to show Derick that he too has groupies out there.
Derick then proceeded to give us a small overview of the decision he made to join Juniper and the things that he wanted to improve to make everyone’s life a bit better. I can tell the Derick is genuinely pumped about his job and really wants to make a difference. If someone is that excited about going to work every day, it really doesn’t matter if it’s for a vendor or a VAR or even a garbageman. I only wish that half the people I work with had the same passion for their jobs as Derick.
Our first presentation was a bit of a surprise. We got a first hand look at storage from Simon Gordon. Yes, Juniper shook things up by making their first peek all about hard drives. Okay, so maybe it was more about showing how technologies like QFabric can help accelerate data transfers back and forth across your network. The two storage people in the room seemed fascinated by the peek into how Juniper handled these kinds of things. I was a bit lost with all the terminology and tried to keep up as best I could, but that’s what the recorded video archive is for, right? It’s no surprise that Juniper is pitching QFabric as a solution for the converged data center, just like their competitors are pitching their own fabric solutions. It just reminds me that I need to spend some more time studying these fabric systems. Also, you can see here where the demo gremlins bit the Juniper folks. It seemed to happen to everyone this time around. The discussion, especially from Colin McNamara (@colinmcnamara) did a great job of filling the time where the demo gremlins were having their fun.
The second presentation was over Virtual Chassis, Juniper’s method of stacking switches together to unify control planes and create managment simplicity. The idea is to take a group of switches and interconnect the backplanes to create high throughput while maintaining the ability to program them quickly. The technology is kind of interesting, especially when you extend it toward something like QFabric to create a miniature version of the large fabric deployment. However, here is where I get to the bad guy a bit… Juniper, while this technology is quite compelling, the presentation fell a bit flat. I know that Tech Field Day has a reputation for chewing up presenters. I know that some sponsors are afraid that if they don’t have someone technical in front of the group that bedlam and chaos will erupt. That being said, make sure that the presenter is engaging as well as technical. I have nothing but respect for the presenter and I’m sure he’s doing amazing things with the technology. I just don’t think he felt all the comfortable in front of our group talking about it. I know how nervous you can be during a presentation. Little things like demo failures can throw you off your game. But in the end, a bad presentation can be saved by a good presenter. A good presentation can take a hit from a less-than-ideal presenter. Virtual chassis is a huge talking point for me. Not only because it’s the way that the majority of my customers will interconnect their devices. Not because it’s a non-proprietary connector way to interconnect switches. It’s because Virtual Chassis is the foundation for some exciting things (that may or may not be public knowledge) around fabrics that I can’t wait to see.
Up next was Kyle Adams with Mykonos. They are a new acquistion by Juniper in the security arena. They have developed a software platform that provides a solution to the problem of web application security. Mykonos acts like a reverse proxy in front of your web servers. When it’s installed, it intercepts all of the traffic traveling to your Internet-facing servers and injects a bit of forbidden fruit to catch hackers. Things like fake debug codes, hidden text fields, and even phantom configuration files. Mykonos calls these “tar pits” and they are designed to fool the bad guys into a trail of red herrings. Becauase all of the tar pit data is generated on the fly and injected into the HTTP session, no modification of the existing servers is necessary. That is the piece that had eluded my understanding up until this point. I always thought Mykonos integrated into your infrastructure and sprayed fake data all over your web servers in the hope of catching people trying to footprint your network. Realizing now that it does this instead from the network level, it interesting to see the approaches that Mykonos can take. The tar pit data is practically invisible to the end user. Only those that are snooping for less-than-honorable intentions may even notice it. But once they take the bait and start digging a bit deeper, that’s when Mykonos has them. The software then creates a “super cookie” on the system as a method of identifying the attacker. These super coookes are suprisingly resilient, using combinations of Java and Flash and other stuff to stay persistent even if the original cookie is deleted. Services like Hulu and Netflix use them to better identify customers. Mykonos uses them to tie attacker sessions together and collect data. There are some privacy concerns naturally, but that is a discussion for a different day. Once Mykonos has tagged you, that’s when the countermeasures can start getting implemented.
I loved watching this in demo form. Mykonos randomly selects a response based on threat level and deploys it in an effort to prevent the attacker from compromising things. Using methods such as escalting network latency back to the attacker or creating fake .htacess files with convincingly encrypted usernames and passwords, Mykonos sets the hook to reel in the big fish. While the attacker is churning through data and trying to compromise what he thinks is a legitimate security hole, Mykonos is collecting data the whole time to later identify the user. That way, they can either be blocked from accessing your site or perhaps even prosecuted if desired. I loved the peek at Mykonos. I can see why Christofer Hoff (@beaker) was so excited to bring them on board. This refreshing approach to web application firewalls is just crazy enough to work well. As I said on the video, Mykonos is the ultimate way to troll attackers.
The final presentation at Juniper once again starred Derick Winkworth along with Dan Backman. Dan had presented over workflow automation at NFD2. Today, they wanted to talk about the same topic from a slightly different perspective. Derick took the helm this time and started off with a hilarious description of the land of milk and honey and unicorns, which according to him was representitive of what happens when you can have a comfortable level of workflow automation. It’s also where the title of this post came from. As you can tell from the video, this was the best part of having a former delegate presenting to us. He knew just how to keep us in stitches with all his whiteboarding and descriptions. After I was done almost spitting my refreshments all over my laptop, he moved on to his only “slide”, which was actually a Visio diagram. I suppose this means that Derick has entered the Hall Of Slideless TFD Presenters. His approach to workflow automation actually got me a bit excited. He talked less about scripting commands or automating configuration tasks and instead talked about all the disparate systems out there and how the lack of communication between them can cause the silo effect present in many organizations to amplify. I like Derick’s approach to using Junos to pull information in from various different sources to help expedite things like troubleshooting or process execution. Leveraging other utilities like curl helps standardize the whole shooing match without reinventing the wheel. If I can use the same utilities that I’ve always used, all my existing knowledge doesn’t become invalidated or replaced. That really speaks to me. Don’t make me unlearn everything. Give me the ability to take your product and use additional tools to do amazing things. That, to me, is the essence of SDN.
If you’d like to learn more about the various Juniper products listed above, be sure to visit their website at http://www.juniper.net. You can also follow their main Twitter account as @JuniperNetworks.
Juniper’s doing some neat things from what they showed us at NFD4. They appear to be focusing on fabric technology, both from the QFabric converged networking overview and even the Virtual Chassis discussion. Of course, protecting things is of the utmost importance, so Mykonos can prevent the bad guys from getting the goods in a very novel way. Uniting all of this is Junos, the single OS that has all kinds of capabilities around SDN and now OpenFlow 1.3. Sure, the demo gremlins hit them a couple of times, but they were able to keep the conversation going for the most part and present some really compelling use cases for their plans. The key for Juniper is to get the word out about all their technology and quit putting up walls that try and “hide” the inner workings of things. Geeks really like seeing all the parts and pieces work. Geeks feel a lot more comfortable knowing the ins and outs of a process. That will end up winning more converts in the long run than anything else.
Tech Field Day Disclaimer
Juniper was a sponsor of Network Field Day 4. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 4. In addition, Juniper provided me with a hooded sweatshirt with the Juniper logo and some “I Wish This Ran Junos” stickers. They did not ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
The first presentation of the final day of Network Field Day 4 brought us to the mothership on Tasman Drive. The Cisco Borderless team had a lineup of eleven different presenters ready to show us everything they had. For those of you not familar with the term, Borderless Networks inside Cisco essentially means “everything that isn’t data center or voice.” Yeah, that means routing and switching and security and wireless and everything else. That also meant that we got a very diverse group of people presenting to us and a lot of short twenty minute videos of their products. In a way, it’s very much like speed dating. With little time to get the point across, you tend to shed the unnecessary pleasantries and get right to the important stuff.
First up was the UCS team with new E-series servers. These are blades that are designed to slide into a ISR G2 router and provide a full-featured x86 platform. It’s a great idea in search of an application. I can still remember the AxP modules and how they were going to change my life. That never really materialized. The payoff use case that you are looking for is the second video above. Cisco is starting to push for the idea that you can contain a whole branch office in a single router and run not only the phone system and networking routing and VPN, but now a light-duty server as well. I’m not sure how many people will be looking to do that with virtualized server resources residing in the data center, but there was some discussion of using this a temporary failover type of environment to push the branch server to the edge in the event of some kind of disaster or outage. That might work better to me that running the entire branch on the router. Of course, as you can tell, the demo gremlins found Cisco as well.
The next presentation was the new darling Cloud Services Router (CSR) 1000v. This little gem got some face time on stage with John Chambers at Cisco Live this year. It’s a totally virtualized router (hence the “v”) that can move workloads into the cloud when needed. I’m really curious as to why this is included with Borderless, as this is a very data center specific play right now. I know that Cisco is pushing this device currently as a VPN concentrator or MPLS endpoint for WAN aggregation. It makes more sense from some of their diagrams to have it running inside a cloud provider network carving up user space. I’m going to keep an eye on this one to see where the development goes.
Now, we get to something fun. Cisco FlexVPN is what happens when someone finally took a look at all the different methods for configuring VPNs on the various Cisco devices and said “WTF?!?” FlexVPN utilizes IKEv2 to help speed configuration. You can watch the short video and see all the stuff that we have to deal with to configure a VPN today. Cisco finally took our complaints to heart and made things a lot more simple. Of course there are drawbacks, and with FlexVPN that means it only works with IKEv2. There’s no backwards compatibility. Of course, if you’re going to have to be migrating everything anyway, you might as well make a clean break and rebuild it right. That’s going to make things like hub-and-spoke VPN configuration a whole lot less painful in the near future. Props to Cisco for fixing a pain point for us.
Okay, so maybe a I lied just a bit. Since Cisco Unified Border Element runs on a router (even though it’s technically voice), we got a presentation about it! I was in hog heaven here. If you are looking at deploying a SIP trunk, you had better be looking at a CUBE box to handle the handoff. Don’t think, just do it. Listen to the voice of Amy Arnold (@amyengineer) and Erik Peterson (@ucgod). You need this. You just don’t know how much until you start banging your head against a wall.
More Voice!!! By this point, I was practically crying tears of joy. Two voice presentations in one day. At a networking event no less! This presentation on enhanced SRST shows how big of kludge SRST really is. I’m not a huge fan of it, but I have to configure it to be sure that the phone systems work correctly in the event of a WAN outage. It’s all still CLI and very annoying to configure and keep in sync. Thankfully, with the ESRST manager highlighted in the video above, we can keep those configurations in sync and even have it automagically pull the necessary configurations out of CUCM. This software runs on a Service Engine right now in the router, but I can’t wait to see if Cisco ports it to a virtual setup to run under a CUCMBE 6000 server or even on a UCS-E blade down the road. Anything that I can do to make SRST less painful is a welcome change.
Okay, this had to be one of the more interesting presentations I’ve been involved in at an NFD event. We got our AppNav presentation over Webex from a remote resource. I know this a hot thing to do at Cisco offices to make sure we have the most talented people giving us the most up-to-date info about a particular subject. However, I expect this when I’m in the middle of nowhere Oklahoma, not at the mothership in San Jose. The Webex cut out now and then and there were times when we had to strain to hear what was being said in the room. Looking back at the video, I marvel that the room mikes picked up as much as they did. As for AppNav itself, it’s a virtual DC version of the Wide Area Application Services (WAAS). My grasp of WAN acceleration isn’t as good as it should be, even from Infineta back at NFD3. There’s some good info in here I’m sure. I’m just going to have to go back and digest it to see where it fits into my needs.
Now it’s time for some switching talk. We got a roadmap on the Catalyst line. There are some interesting tidbits in the slides, such as a monster 9000W power supply for the 4500 to support UPoE (more on that in a minute). The 4500 is also going to get VSS support and ISSU support. Those two things alone are going to make me start considering the use of the 4500 in the core of most of my smaller networks. The fixed configuration Catalyst switches also have some nice roadmaps, including UPoE support and lots of IPv6 enhancements. As I move forward in 2013, I’m planning on doing a lot with IPv6, so knowing that I’m going to have switching support behind me is a nice comfort. Of all the updates, the most talked about one was probably the Catalyst 6500. A switch that has been rumored to be on the chopping block for many years now, the venerable Cat6K is getting more updates, including FabricPath support and 100Gig module support. I think this switch may outlast my networking career at this rate. There are lots of rumors as to why Cisco is renovating this campus core stalwart once more, but it’s clear that they are attempting to squeeze as much life out of it as they can right now. To me, the idea of stretching FabricPath down into the campus presents some very tantalizing opportunities to finally get rid of spanning tree on all but the user-facing links. Let’s hope that the Cat6k sticks around long enough to get a gold watch and a nice pension for all the work it’s given us over the years.
Our next discussion was around security and using Cisco TrustSec to do things a little differently that we’re used to. By now, I think everyone has talked your ear off about BYOD. Even I’ve done it a couple of times. It’s a real issue for people in the dark security caves because our traditional methods of access lists and so forth don’t work the same way when you’ve got employees bringing their own laptops or asking you to give them access to data from tablets or phones. What this has morphed into is a need to do more role-based authorization. That’s what TrustSec means to me. Of course, a lot of previous attempts to do this, like NAC, haven’t really hit the mark or have been so convoluted that it was almost impossible to get them working correctly. Today, Cisco has rolled all the functionality of NAC and ACS into the Identity Services Engine (ISE). I’ve had a very brief encounter with ISE, so I know it has a lot of potential. I want to see how Cisco will incorporate it into the bigger TrustSec picture to make everything work across my various platforms.
Time to turn up the juice. Cisco brought out Universal Power over Ethernet (UPoE), which is their solution to pump up to 60 watts of power across a standard Ethernet cable to power…well, whatever it is that eats 60w of power. Cisco’s doing this by taking 802.3at PoE+, which can pump 30w down the cable, and pushing an additional 30w of power down the other unused pairs. Interestingly, Cisco talked to the people behind the ISO and EIA/TIA standards and found that when you have a bunch of unstructured cables running about around 50 watts (which is the 60w number above minus cable loss), you get a temperature in the cable bundle about 8-10 degrees above the ambient room temperature. In reality, this means that 60w is the max amount of power you’re likely to ever get out of a Cat5e cable unless you chill it or have some kind of new material that can reduce the heating effect. Cisco seems to be targeting UPoE to drive things like monitors, thin client desktops, and even those crazy command center touch pads that you see littered across the floor of a trading house or stock exchange. This last item really makes me believe that UPoE is going to be positioned in the same vein as the ultra-low latency Nexus 3548 – financial markets. Thin clients and command center touch panels are likely to be the kind of mission-critical devices these companies are willing to pay big buck to power. With the above-mentioned 9000w PS for the Catalyst 4500, you can see why we’re going to soon need to put a nuclear reactor in to drive these things.
Cisco Smart Operations dropped by to talk to us about Cisco Smart Install. This is the feature that I tend to turn off when I see it by the telltale sign of “Error opening tftp://255.255.255.255/network-config.” The Smart Operations team is doing its best to create an environment where an IT department that doesn’t have the headcount to send technicians to deploy remote site switches can leverage software tools to have those devices auto-provision themselves. You can also configure them to automatically configure things like Smartport roles, which has never really been one of my favorite switch features. Overall, I can appreciate where Cisco is wanting to go with this technology. But, as a CLI jockey, I’m still a bit jaded when it comes to having part of my job replaced by a TFTP script.
The final Cisco NFD4 presentation was about application visibility and control. This is a lot of the intelligence that is built into the Cisco Prime monitoring software that was demoed for us back at NFD3. If you can identify the particular fingerprints of a given application, such as Telepresence, you can better determine when those fingerprints are out of whack. I’m also excited because fingerprinting apps is going to be a huge part of security in the near future, as evidenced by Palo Alto’s app-based firewall and the others like Sonicwall and Watchguard that have followed along. Even the Cisco ASA-CX is starting to come around to the idea of stopping apps and not protocols.
There you have it. Lots of presenters. Hours of video. A couple of thousand words from me on all of it. It’s almost exhausting to see that much information in a short span of time. Some of the things that Cisco did with this presentation were great. There were technologies that only needed a bit of time. There were others that we could have spent an hour or more on. I think that the next NFD presenters that want to try something along these lines should setup the first three hours with rapid fire presentations and reserve the last hour for us to call back to earlier presenters and hit them with additional questions. That way, we don’t run out of time and we get to talk about the things that interest us the most. Bravo overall to the Cisco Borderless team for breaking out of the mold and trying something new to keep the NFD delegates hooked in.
Tech Field Day Disclaimer
Cisco was a sponsor of Network Field Day 4. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 4. In addition, they provided me with an 8GB USB drive with marketing collateral and data sheets. They did not ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
Day two of Network Field Day 4 kicked off with a visit to Spirent. I was fairly impressed with their testing setup the last time and I wanted to see what new tricks they had in store for us this time around. After a quick breakfast, we settled in for our first session. Although this one wasn’t broadcast, we did get permission to talk about what they were showing us. One of the issues that Spirent has with their setup is that it’s just so…huge. While it is very accurate and can take just about everything you can throw at it, it’s not exactly the most convenient thing to haul around when you need to test something. To that end, Spirent is looking a releasing a more compact unit that’s more in line with the needs of an enterprise testing setup. The unit we saw was about the size of a desktop computer case, but Spirent says the final goal is to have a unit that’s about 1U in size and can be placed in a rack. That way, you can grab the tester when you need to prove beyond the shadow of a doubt that it’s not the network (or the WAN connection or anything else Spirent can test). Do remember that having a smaller version of the until does come with a compromise or two. The most apparent one is the reduction in testing resolution from the nanseconds of the big Spirent setup down to a few milliseconds on the enterprise version. Truth be told, you probably don’t need the nanosecond resolution of something like a QFabric test when you’re just trying to test an enterprise network. If a few milliseconds really does matter, then maybe you need to look into the bigger unit. One of the other things that interested me about their new unit was the interface of the software itself. Spirent has gone all out to make sure that it’s easy to start a test and set the parameters. The metaphor that they are using is that of a media player. You can drag sliders to vary the size and number of packets as well as setting other parameters. When you’re ready to go, just press the oversized Play button and your test kicks off and runs until completion. You’ll see a bit of this interface in a bit.
When we picked up the stream again, I got a bit excited. Spirent has taken everything they know about testing and applied it to some interesting use cases. No one can deny that we’ve entered a new phase of cyber warfare. First, it was the kids doing thing for fun and reputation. Then it was the career bad guys doing it for money. Now we find ourselves dealing with advanced malware threats and state-sposored cyberterrorism. After some discussion about social engineering and other topics, we started talking about Spirent applying their testing methodologies to find vulnerabilities and alert you to them before they can be exploited. Spirent has a huge library of thousands of tests that can be run against a multitude of applications on just about any OS platform, from Windows to iOS.
It’s demo time again! Spirent fired up a demo environment running Linux and exploited a Jabber server with a bunch of attack traffic. You can tell that this was a fairly thorough attack, as they went through several iterations before they finally found a vector. Other tools that I’ve used just attack known holes and give up after one or two iterations. Spirent has created a tool that can not only iterate on different surfaces, but you can also craft your own tests to take advantage of zero-day exploits in the wild. That makes me a little more confident with their results, as they don’t quit until the test is finished.
Last up was Ameya Barvé with an overview of the new iTest Lab Optimizer. According to Ameya, one of pains of lab operations involves the lack of automation. You never know who’s in the lab or who’s reconfigured it to support some wacky sidebar case. iTest Lab Optimizer takes care of many of these problems by creating a system for lab reservation and topology creation. By utilizing a layer 1 switch to interconnect the devices in the lab, you can use iTest to overlay the lab topology on top of it on the fly. I can see the allure of having this kind of capability in a larger lab environment, and should my lab ever grow to the point where it’s not a collection of cables assembled on a side table in my office, I’m sure having a software program like this would be a great boon to speed test setup and execution.
Spirent has some amazing testing gear. I’ve said as much previously. What they’ve done since our last meeting is take what they have and shrink it down to the point where it makes cost-effective sense to the rest of the world not needing to test high-end network gear day in and day out. The newer portable testing suite should appeal those people in the data center or service provider area that have SLAs that need to be met or constantly find themselves getting into arguments over performance numbers. The rest of their presentation seemed to be an outgrowth of their testing strategies. For instance, the zero-day cyberwarfare testing suite shows that they can apply the methodology of executing in-depth tests to a different market that requires a specific kind of results. That shows me that someone inside Spirent is thinking outside the small little niche. The new iTest software shows me that Spirent is trying to recognize a pain point that many of us weren’t sure could even be addressed. It also tells me that Spirent isn’t just a one-trick pony and that we should expect to see more good things from them in the near future.
Tech Field Day Disclaimer
Spirent was a sponsor of Network Field Day 4. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 4. In addition, they provided me with a gift bag containing a coffee mug, a pen, and a golfing tool of some sort. They did not ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
Presenter number two at Network Field Day 4 was Opengear. This was a company that I hadn’t heard much about. A cursory glance at their website reveals that they make console servers among other interesting management devices. Further searching turned up a post by Jeremy Stretch over at Packetlife about using one of the devices as the core of his free community lab. If it’s good enough for Stretch, it’s good enough to pique my interest.
As you can see from the short opening, Opengear is dedicated to making network infrastructure management equipment like console servers as well as PDU management and environmental sensors. Most interesting to me was the ACM5004-G unit the delegates received, which is a 4-port model with a 3G radio uplink. They also make much more dense devices like the one in Stretch’s lab for those that are wanting something with a few more ports. Most of the people I know that are looking at something like this for the CCIE lab use an old 2511 router with octal cables. Those are fairly cheap on eBay but you are taking a risk with the hardware finally wearing out and being out of warranty. As well, there are a ton of features that you can configure in the Opengear software (we’ll get to that in a minute.
Up next…is a caution for Opengear and other would-be Tech Field Day presenters. Yes, I understand you are proud of your customer base and want to tell the world about all the cool people that use your product. That being said, a single slide crammed full of logos, which I affectionately call “The NASCAR Slide” may be a better idea that slide after slide of each company broken down by industry vertical. You have to think to yourself that filling 8-10 slides of your deck with other people’s logos is not only wasting time and space, but not doing a very good job of telling us what your product does. All of the companies on that list probably use toilet paper as well, but we don’t see that on your slides. Better to focus on your product.
Okay, now for awesome time. Opengear’s management software has a bunch of bells and whistles to suit your fancy. You can configure all manner things like multiple authentication methods for your users to prevent them from accessing consoles they aren’t supposed to see. As the underpinnings of the whole Opengear system run on Linux, it’s no surprise that their monitoring software is built on top of Nagios. This allows you to use their VCMS product to manage multiple disparate units. Think about that. You’re using the Opengear boxes to manage your equipment. Now you can use their software to manage your Opengear boxes. Those units can also be configured to “call home” over secured VPNs to ensure that your traffic isn’t flying across the Internet unencrypted. VCMS can also use vendor-neutral commands to manage connected UPSes. I can’t tell you the number of times having a device that could power cycle a UPS or PDU would have saved my bacon or prevented a trip across the state. The VCMS can even script responses to events, such as triggering a power cycle if the system is hung or stops responding.
Next up is a demo of the software. Worth a look if your interested in the gory details of the interface:
We finished off the day with a talk about some of the new and interesting things that Opengear is doing with their devices. I think the story about configuring them to use a webcam to take pictures of people opening roadside boxes then upload the pictures to an FTP server running on the Opengear box that then sends the picture over 3G back to central location was the most interesting. Of course, everyone immediately seized on the salmon farm as the strangest use case. It’s clear that Opengear has a great solution that is only really limited by your imagination.
If you’d like to learn more about Opengear and their variety of products, you can check out their website at http://opengear.com. You can also follow them on Twitter as @Opengear.
I can’t count the number of times that I’ve needed a console server. Just that functionality alone would save me a lot of pain in some remote deployments I’ve had. Opengear seems to have taken this idea and ran with it by adding on some great additional functionality, whether it be cellular uplinks or software controls for all manner of third party UPSes. I think the fact that you can do so much with their boxes with a little imagination and some elbow grease means that we’re going to be hearing stories like the fish farm for a while to come.
Tech Field Day Disclaimer
Opengear was a sponsor of Network Field Day 4. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 4. In addition, Opengear provided me with an ACM5004-G console server and a polo shirt. They did not ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.
The first presenter at Network Field Day 4 came to us from another time and place. Stewart Reed came to us all the way from Brisbane, Australia to talk to us about his network monitoring software from Statseeker. I’ve seen Statseeker before at Cisco Live and you likely have too if you been. They’re the group that always gives away a Statseeker-themed Mini on the show floor. They’ve also recently done a podcast with the Packet Pushers.
We got into the room with Stewart and he gave us a great overview of who Statseeker is and what they do:
He’s a great presenter and really hits on the points that differentiates Statseeker. I was amazed by the fact that they said they can keep historical data for a very long period of time. I’ve managed to crash a network monitoring system years ago by trying to monitor too many switch ports. Keeping up with all that information was like drinking from a firehose. Trying to keep that data for long periods of time was a fantasy. Statseeker, on the other hand, has managed to find a way to not only keep up with all that information but keep it around for later use. Stewart said one of my new favorite quotes during the presentation, “Whoever has the best notes wins.” Not only do they have notes that go back for a long time, but their notes don’t suffer from averaging abstraction. When most systems say that they keep data for long periods of time, what they really mean is that they keep the 15 or 30 minute average data for a while. I’ve even seen some go to day or week data points in order to reduce the amount of stored data. Statseeker takes one minute data polls and keeps those one minute data polls for the life of the data. I can drill into the interface specs at 8:37 on June 10th, 2008 if I want. Do you think anyone really wants to argue with someone that keeps notes like that?
Of course, what would Network Field Day be without questions:
One of the big things that comes right out in this discussion is the idea that Statseeker doesn’t allow for customer SNMP monitoring. By restricting the number of OIDs that can be monitored to a smaller subset, this allows for the large-scale port monitoring and long term data storage that Statseeker can provide. I mean, when you get right down to it, how many times have you had to write your own custom SNMP query for an odd OID? The majority of the customers that Statseeker are likely going to have something like 90% overlap in what they want to look at. Restricting the ability to get crazy with monitoring makes this product simple to install and easy to manage. At the risk of overusing a cliche, this is more in line with Apple model of restriction with focus on ease of use. Of course, if Statseeker wants to start referring to themselves as the Apple of Network Monitoring, by all means go right ahead.
The other piece from this second video that I liked was the mention that the minimum Statseeker license is 1000 units. Stewart admits that below that price point, it argument for Statseeker begins to break down somewhat. This kind of admission is refreshing in the networking world. You can’t be everything to everyone. By focusing on long term data storage and quick polling intervals, you obviously have to scale your system to hit a specific port count target. If you really want to push that same product down into an environment that only monitors around 200 ports, you are going to have to make some concessions. You also have to compete with smaller, cheaper tools like MRTG and Cacti. I love that they know where they compete best and don’t worry about trying to sell to everyone.
Statseeker has some amazing data gathering capabilities. I personally have never needed to go back three years to win an argument about network performance, but knowing that I can is always nice. Add in the fact that I can monitor every port on the network and you can see the appeal. I don’t know if Statseeker really fits into the size of environment that I typically work in, but it’s nice to know that it’s there in case I need it. I expect to see some great things from them in the future and I might even put my name in the hat for the car at Cisco Live next year.
Statseeker was a sponsor of Network Field Day 4. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Network Field Day 4. They did not ask for, nor where they promised any kind of consideration in the writing of this review. The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.