Tuesday, November 16, 2010

What Tracert is really used for...

I can't believe that I've had it wrong for all these years. Special thanks to NextGenHacker101 for setting me straight (although keeping a straight face is taking vast amounts of effort).



Tuesday, October 5, 2010

Oh how things change (My position on IPv6)

Almost exactly 2 years ago I wrote an article where I ranted about how IPv6 is still a long way out from widescale adoption. While I still think that we are at least another 5 years away from a point where IPv6 is the dominant protocol, we have to start getting there now. I have now worked for both Internet Service (ISP) and Managed Service (MSP) Providers and while they both have some things in common, they also both have their own unique challenges. While ISP's obviously need IPv6 to overcome the growing shortage of addresses to be able to assign to end users, MSP's require it to be able to effectively manage customer networks that use overlapping RFC1918 address space with common tools.

My personal opinion is that IPv6 is probably not the best answer that the Networking community could have come up with. I think IPv6 introduces its own set of problems and combats the numbering shortage with a nuclear weapon instead of a fly swatter. I say that because while we may have as many IP Addresses in a single subnet as there are atoms in my body, we will never be able to use them (just like we can't use land mass exposed to nuclear weapons).

With that said, the networking vendors have spoken and IPv6 is going to happen and we need to stop fighting it and adopt it. We have very good transition strategy's available with Dual Stack (DS) for the Enterprise and DS w/LSN or DS Lite for the Service providers so there is no reason not to start thinking about how you are going to get your organization ready. The people who start planning today will be leaps and bounds ahead of those who start in 2012 when IANA runs out of IPv4 addresses (hey, maybe the Mayans had it right after all)

Jeff Doyle has a really good article up about how Carrier Grade NAT (CGN) or Large Scale NAT (LSN) will probably not be as useful as we thought and how we really should just do everything we can to get away from any type of NAT and I whole heartedly agree with him. NAT is an abomination and needs to be a thing of distant memory (like 10BT Half Duplex coaxial networks). And before anyone asks about doing NAT with IPv6, here is my comment from that same article:

I think the biggest problem here is that NAT44 became as prevalent as it did and for the wrong reasons. I think that the idea of security through obscurity was a big reason why NAT is as popular as it is today (which I totally disagree with). I think the proof is in when people who are learning about IPv6 almost always ask about NAT66 because of the security concern of every device being addressable directly from the Internet. The answer is as you point out that NAT is a terrible, terrible thing and we have to get away from it as quickly as possible.

Everyone needs to get on board with IPv6 now, not later.

Everyone chant with me. "NO NAT, NO NAT, NO NAT...."

Monday, June 28, 2010

Cisco Live is ON!

Just sat down for my first session of Cisco Live which is FCoE for the IP Engineer. It's amazing how a few years ago I would have never thought I would need to know anything at all about Storage or Virtualization and now we need to understand it all...

Saturday, June 12, 2010

Cisco Live (Networkers) 2010

I am lucky to get to use my training budget this year to attend the Cisco Live Networkers conference in Las Vegas this year. It should be a lot of great training and fun (I'll be sure and post pictures of the backpack and hat). Drop me a line if you read my blog and are attending and maybe we can meet up.

Yes, you do need telnet...

One of the most critical things for a router/network admin is to have a telnet client available. I know that it is old and insecure, but you can do far worse not having it in your troubleshooting tool bag (and don't get me started how big of a security risk SSH is to your network).

I do still manage devices that don't support SSH or have a crypto image on them but that is not why I missed having it. If your on a network that absolutely despises ICMP like some of the networks I've worked on before, inevitably you will be looking into a *cough* "network" problem and you need to know if the box or service is "alive". In a lot of cases you can find out simply by telneting to a port on that server that the particular service is running on. Now you still need to make sure the device you are coming from would have its traffic allowed by firewall policy along the way.

For example, you may want to know if the SSH service is open on the box you are trying to connect to:


[cfugate@lab-host ~]$ telnet www.onlinerouterlab.com 22
Trying 174.143.157.205...
Connected to www.onlinerouterlab.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
^C
Connection closed by foreign host.


Now, if your running Windows Vista or Windows 7, you may have noticed you don't have the telnet client anymore. However, you can get it back simply by going to the Control Panel, Programs and look for "Turn Windows Features on or off" and check "Telnet Client" and now its back (Special thanks to LeatEDS.com)

Thursday, April 15, 2010

Adventures in Server routing tables (FAIL)

Problem description: We are unable to get to the server from the 192.168.1.0/24 subnet...

Routing table on the server (excerpt):

C:\Documents and Settings\administrator>route print
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.27 192.168.1.27 10
192.168.1.27 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.27 192.168.1.27 10
255.255.255.255 255.255.255.255 192.168.1.27 192.168.1.27 1

Wednesday, February 17, 2010

Ping Tool aka NOC Candy

Somehow I managed to score a 42" Plasma TV for my team bullpen area when the "project" that it was intended for was canceled. Besides the obvious use for displaying March Madness games, we had to come up with an official use for it. We had a client coming through on a tour one week so I spent some time looking for a tool that I could put on it to make it look like it was keeping track of the network when I stumbled across a tool called MetaPing. Now there isn't anything really special about this tool other than a) it looks cool and b) it runs from your desktop.


It's only purpose in life is to ping hosts and graph the RTT in realtime. This can be very useful if you are doing testing and need to see if devices go down when you make a change, or if you need a temporary monitoring tool.

You can download the tool here:
http://www.hammer-software.com/metaping.shtml