Author Archives: networkchief

Cisco Live 2016

I’m very late in publishing this but since I had all of my notes handy, thought I’d put this together before posting my 2017 review. This is just a brief review of the conference as a whole and the sessions I attended.

This was my first visit to Las Vegas and I had to play the tourist, apparently 67 miles worth (according to Fitbit) during the week. Most of the mileage was accumulated on Sunday and Thursday, but commuting between the Luxor and Mandalay Bay Conference Center is no small feat.

Cisco Live Theme

Your time is now!

With the advancement of SDN (Software Defined Networking) there are infinite possibilities for network engineers to build intelligence into the network, and create great/new things. Problem is, you will need the newest hardware to exercise these ideas on.

 

DNA (Digital Network Architecture)

This is not about physical network topology, but their initiative to create better performing networks by:

Layering applications across the top, using APIs in the middle for Automation and Analytics, and virtualization of network functions

 

Session Reviews

13 Smart Ways to program your Cisco network

Covered a large part of the DNA by reviewing programming they are supporting (NetCONF/RestCONF, YANG). There was a review of their SDN controller (APIC-EM) and what it can do for existing networks, app virtualization within routers, monitoring hybrid networks, and a PNP agent for onboarding of new devices.

 

Advanced Cisco IOS Device Instrumentation

The advanced instrumentation picked up where the programming session stopped. Providing the how-to utilize TCL scripts, EEM, Embedded Packet Capture, and the APIs to obtain data and control devices.

 

The Blood and Guts and Gore of QoS

In a word, overwhelming. A full on deep dive into the inner workings of NBAR2 and its deep packet inspection capabilities, followed up by operation reviews of the new ASICs in the 3850 switches and ASR 1000. This is where the processing happens that powers AVC (Application Visibility Control), packet processing, and queueing happens. This was an impressive amount of information crammed into a fast paced 2-hour session.

Mobile Devices and BYOD Security

This was a review of ISE onboarding for mobile devices, and some popular methods to handle. Lots of content around certificates, and suggestions to use internal or public CA depending upon deployment.

 

Deploying Cisco Smart Software Licensed Products

The Licensing session reviewed the Smart Licensing portal, and offered valuable insights into their licensing strategy going forward. Overtime, they will begin permitting use of everything, and send notifications for insufficient licensing. They also covered Smart Call Home, which automates the opening of service requests.

 

7 Ways to Fail as a Wireless Expert / Analyzing and fixing Wifi issues /Advanced Troubleshooting of Wireless Networks

These wireless sessions were very good, with one taking a different approach of using failures as examples and following up on why you shouldn’t repeat them. Key take away from the first is to perform periodic site surveys to assess changes in the environment. Doing this effectively requires specific software (Ekahau was referenced) and multiple dedicated adapters (not using the onboard). In addition, Windows inhibits accessing the drivers, and the Mac platform is recommended for the level of access the application can have to the adapters(and as observed from the attendees, Mac is the preferred platform). Macs also has a good wireless survey tool built in as well.There was a slew of troubleshooting tips on understanding the technology, capturing traffic, and analyzing in a variety of ways to isolate problems.

 

Apple / Cisco Partnership

Announced last year is now beginning to provide some fruit. IOS 10, paired along with the latest WLC release (8.3) is supposed to be the sweet spot. IOS 10 is supposed to support some QoS, allowing for better mobile Jabber experiences. Sounds like they are moving to a model of deploying Jabber to mobile devices instead of selling handsets.

 

 

 

Minecraft PE server (pocketmine)

mcpe

Dad, can you make us a server?

 

At some point over the past few weeks our home was infiltrated by Minecraft. Since that time every conversation has included some reference to it, even bedtime stories are interrupted by “Did you know that in Minecraft…?”. Most recently I was commissioned to create a server so they could play against/with each other.

After exercising my google-fu I came up with a couple of solutions to run a Minecraft server on premises. The first was to install a plugin on FreeNAS, which was successful, but I soon discovered that there is a difference between a Minecraft server for PC clients (I suppose game consoles as well) and Minecraft Pocket Edition (PE) for mobile platforms.

The second option I pursued centered around using a linux distro, and running an application on it. The list of requirements was short, support MCPE clients running version 0.14.0. First up to bat was ImagicalMine, chosen because it allegedly had better support for the version of the app. Installation seemed easy enough, startup wizard was fine, but it would not bind to the IP. After minimal troubleshooting I deleted the VM and started over. Next up to bat was PocketMine, which was second choice since our client version was only supported on the developmental version. However, the install was equally as easy as ImagicalMine, but with the advantage of working for me.

So, here’s what I did:

Download CentOS7 Minimal Install

After install, you need to run the following command to install the base components

yum groupinstall base

I’d also recommend creating a dedicated user for the server application you are running

sudo useradd <username>

Login as your new user

Now you are ready to install PocketMine (consult instructions here: http://pocketmine-mp.readthedocs.org/en/latest/installation.html)

I simply ran the wget command:

wget -q -O - https://raw.githubusercontent.com/PocketMine/php-build-scripts/master/installer.sh | bash -s -

After this, you will need to open the port on your server.

sudo firewall-cmd --zone=public --add-port=19132/udp --permanent 
sudo firewall-cmd --reload

I found this excellent write-up of firewalld

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7

I also found this Reddit post that included a lot of the same information.

https://www.reddit.com/r/MCPE/comments/3yxts6/how_to_install_and_run_pocketmine_server_on/

Should you forget to set/need to change the hostname/IP during install, here are instructions

http://www.cyberciti.biz/faq/rhel-redhat-centos-7-change-hostname-command/

You’ll need to update the OS as well.

su -c 'yum update'

If you are running this as a VM, VMware now recommends open-vm-tools

# yum install open-vm-tools

At this point, you should be ready to start pocketmine

sudo su - <username created earlier>
./start.sh

I had written this a year ago, but had abandoned it in my drafts. I’m attempting to keep up with the blog and thought I would post this. If it is incomplete or needs an update please let me know.

Firefox connections to CCMAdmin fail

Over the past few weeks I have been plagued with having to modify Firefox to permit connectivity to sites using SSLv3. It appears that Mozilla is trying to limit access to vulnerable sites, but that creates some issues for those of us that haven’t updated large components of our infrastructure. Even more troublesome, I am now having to modify these settings for users since they need to run reports…

In case you haven’t seen the errors, copies follow:

Capture

Capture(1)

The workaround, is simply enabling Firefox to connect to sites with SSLv3 vulnerabilities.

  1. Within Firefox, enter “about:config” in the address bar
  2. Read the warning, I do not accept any responsibility for what happens within. If you accept the responsibiltiy, select the optino “I’ll be careful, I promise!”
  3. Enter “ssl3” into the search field
  4. Ensure the preferences “security.ssl.dhe_rsa_aes_128_sha” & “security.ssl.dhe_rsa_aes_256_sha” are set to false.

Now, we just need to update some servers, phones, more servers, clients….

Call Signaling – It’s for POTS too

This last week I had an annoying experience while trying to get two POTS lines tested prior to connecting to the voice gateway. At the end of the day I thought it would be worthwhile to whip this up into a blog post as a reminder that call signaling is important to understand, regardless of the technology.

After the service provider fully displayed their inefficiencies I had my lines installed about 4 hours later than planned. While I had the service provider engineer there, I wanted to verify the lines were working as anticipated. After placing outbound test calls I connected them to the voice gateway and attempted to test inbound calls, where I discovered one line would ring in, and the other wouldn’t. Back at the demarc with a test set, I was able to confirm that the incoming call was indeed coming in. After some back and forth with the service provider engineer, it dawned on me what was happening, I wasn’t receiving any ring-down voltage for the call. After convincing him to get his meter, I was able to prove my theory. On the line that worked we would see the voltage spike for every ring cadence.

For those not familiar, your phone rings when it detects the 90 volts AC (normal voltage is 48 DC) being sent from the service provider.  In older equipment, this voltage was used to actuate the ringer, nowadays our electronic equipment simply senses the voltage change. For more information, please visit the wiki page. https://en.wikipedia.org/wiki/Tip_and_ring

As I write this, the issue still wasn’t resolved. The engineer didn’t know how to correct the issue, and his support had left for the day. Hopefully they can resolve the issue this week.