I’d better step it up a notch! I could be replaced by a younger, more energetic network manager!

http://www.networkworld.com/news/2008/032708-netkid.html?fsrc=rss-security

But, we all knew this was happening. It’s not so much the intelligence that impresses me about him…. but rather, the responsibility that he possessed.

While no one can control the internet, you can certainly degrade it for many people.

We have a major technological hub in Sweden. Their internet provider (like many others in Sweden and Europe) use Telia as their communications provider. Over the last couple of days, our outbound emails kept queueing up in our systems, and some websites wouldn’t work.

Come to find out, Cogent, a major communications company in US and Europe, have actually depeered Telia from it’s AS routing, making it impossible for Nordic customers (as well as some in Europe, I would imagine) to access systems on Cogent’s network. Even alternate routing was turned off.

Apparently, this is because Cogent got ticked off because of contract dispute about the size and locations of certain internet pipes. They feel it was:

“…for the good of the internet.”

Also, coming from Jeff Henrikson, spokesperson for Cogent:

“Some traffic flow was impeded and some traffic was redirected further than it needed to go.”

“[Telia] wasn’t responding to requests to comply with the contract….[Cogent] wasn’t left with much alternative but to terminate the contract.”

Wow. Can you believe that? See the below links for more information:

http://www2.meltedcube.com/blog/web-internet-telecom/isp-quarrel-partitions-internet/
http://gigaom.com/2008/03/14/the-telia-cogent-spat-could-ruin-web-for-many/

Technorati Tags: cogent, internet, telia

Okay, so I tried to build a site-to-site VPN to our factory in Brazil. Sounds easy enough, right? They are using some kind of Aker Firewall. Since I’m not familiar with that firewall, I sent them a checklist of all the IPSec configurations I support. They sent it back, and we went to configuring.

Well, the VPN tunnel came up, but none of the traffic was coming through. Usually, when this happens, I’m thinking of an improper access-list or NAT issue. Since it looked good on my end, I started inquiring about the far end.

Turns out, they didn’t know what was wrong. So, a little frustrated, I figured I would try to figure it out. I asked them if I could gain control of their computer, and take a look at their firewall. Even though I don’t know the Aker, I hoped I could figure it out, since IPSec is IPSec.

Well, like an idiot… as soon as I get access to the computer, and look at the screen…. my mouth dropped. I’m not in Kansas anymore, Toto! It’s all in Portuguese. I’m such an idiot. Duhh…Aaron

Well, to make a long story short, I purchased a cheap ASA5505, configured it, and sent it to them for a quick turn-key solution.

I just can’t believe I assumed everything to be in English! I felt so ashamed to be so arrogant.

Technorati Tags: Brazil, foreign, Language, ipsec, vpn

Well, I attended my first user-group meeting here in Tennessee. It’s about time too. I’ve been here for 18 months, and haven’t once looked up or attended any user groups.

Well, March’s User Group went well. It was held at AT&T’s Mobility Office. Pretty large office in Brentwood. The topic was, of course, Cisco and AT&T’s 3G technology.

3G = 3rd Generation.

From AT&T’s website:

The AT&T 3G network uses HSDPA/UMTS technology (High Speed Downlink Packet Access/Universal Mobile Telephone System), which makes it possible to enjoy a variety of feature-rich wireless services. It also gives AT&T the advantage of offering simultaneous voice and data services. That means you can talk and use the Internet at the same time. How’s that for multitasking?

Now, Cisco offers the HWIC cards that SIM cards plug in. In a good area, you can expect 1400Kbps down and approx 700-800Kbps up. Outstanding! You just plugin your SIM card, and configure the card in the IOS. Most modern IOS will accept it, though, the Rep couldn’t recall the minimum version.

Well, as you can imagine, there are some downsides to using wireless. Also, 3G isn’t necessarily available everywhere, though AT&T claims to have 260 metro cities across US so far, with another 80 by the end of the year.

It is interesting technology, to say the least. These HWIC cards will only work in Cisco’s 3800 series routers and below (the 800-series will be avail in the next month). The routers MUST be ISR’s and they MUST have an HWIC slot.

Some of the applications that can be used are:

OOB management
Kiosks, ATM’s, temp systems (such as concert events or those small kiosk stores in a Mall’s walkway)
Construction Trailers, Retail Stores and Outlets
Replacement for ISDN dial
Used for Dial-backup

They fed us with Pizza, so of course we stayed!

Technorati Tags: 3g, att, cisco, hwic, ncug, wireless

Being the Network Operations Manager, one of my duties is to decide on policies and standardization across the Desktop and Server infrastructure.  For the longest time, I’ve had to weigh and determine whether we should drop IE and move to Firefox.

Why the hard decisions?  Well, although Firefox is certainly more secure (and more productive to use in my opinion), the fact remains that many 3rd-party companies are still designing applications to the IE spec.  I won’t go into detail why that is wrong in around 100-different ways.  The fact is, we must keep IE.

However, I do encourage users to try Firefox, and use it if they can.  The only downside it has had, was the huge memory usage it would take.  The more tabs and windows you used, and the longer it sat, the more memory it would use.

Apparently, that has changed, according to some tests prominently displayed and explained on Pavlov.net’s blog.

They tested three different browsers.  IE7, Firefox2, and Firefox3-beta.  The results were shocking to me.  Basically, they opened 30 webpages, each using their own window, and did that 11 times.  Each window that was opened, closes the other window.  At the end, the last window remained opened, and they let the browser sit awhile.

Check out these results (blatently taken from Pavlov’s site):

This shows that not only has Firefox3 have BETTER memory management than it’s predecessor,  but check out IE7!!  It didn’t even reclaim the used space of all those windows after sitting!!

This is proof in the pudding!  Not only does IE SUCK at CSS, but it also SUCKS at memory usage.  No wonder why Vista has such steep memory requirements!  It’s not for the eye-candy, or advanced graphics and tools.  It’s to keep browsing the internet!!!

Here’s the link to the article, in case you missed it above:

Firefox 3 Memory Usage « pavlov.net

Jim Heid has a way with words.  In his post a couple of weeks ago, he says…

Microsoft Office 2008 is the closest thing to a malicious virus yet to hit the Macintosh platform.

The end.

I love it.  As I said… he has a way with words.  Stick to NeoOffice, guys.

Tags: office, mac, 2008

Okay, my last post was about using email as a File Transfer Medium, and what alternatives were out there.  This post was in response to a Sales Person at Utechsoft.com (I suppose the makers of File Catalyst).  So, first, a little background:

I contacted Unlimi-Tech Software as I was interested in their File Catalyst product.  The File Catalyst product does quite a few things that I wanted, such as LDAP Authentication, file upload, and receipient emails.  The only thing it didn’t do, that I wanted, was an Address Book Lookup, which, I’m told by the developers, that it’s in the works.

However, when demo’ing the product, I ran into an error where my end-recipients couldn’t access the file.  There was an error message.  No problem, these things happen.  I requested a "walk-through" which entailed a software developer troubleshooting the problem.  It turns out, that it was a programming error on their end, and they had to fix it.

1 week later, the sales person emails me back asking me to test using the new software.  At that point, I really didn’t want to keep testing.  I was done.  It did some things I wanted, not others, and for a price of between $10,000USD and $18,000USD, I was actually expecting more.  Now, before you start complaining about price, let me just say, I work for a large company, and I spend lots of money where I think it needs to be.  So, if it was worth it, I would spend that money.  I just don’t believe File Catalyst is worth it yet.  Especially after the fact that the technician had to debug their own problem on my machine.

Here is the email I received after the technician worked with me:

Okay, so moving on, I simply told the sales person that for the price, I felt that I shouldn’t be testing their software, and that I was no longer interested. I still feel I was professional, but I really didn’t want to continue. It was too expensive for what I received from it. Plus, I was a little disappointed that I had to help the technician debug their own problem. This was a pretty big problem, if the recipients couldn’t get the files. I mean…isn’t that the point?

My response was fair, I believe:

I mean, I don’t think anyone can blame me for that, right?  I was disappointed in how it was handled, and I really do not feel I should continue.  Here is the response I received today, and the reason for this post:

Okay, maybe it’s just me, but this really ticked me off. It sounds like the salesman was going through a chronological timeline, to justify what he did, and then proceed to (and I’m paraphrasing here) tell me that I’m too stupid to test their product because I, "….proceeded to test independantly prior to a thorough overview of their solution.".

Let me tell you something… when an engineer has to get on my laptop, to test and troubleshoot the problem, then have the salesman send me the "latest version" to continue testing… it is NOT BECAUSE I proceeded to test independantly prior to a thorough overview.

At this point, my professionalism is leaving me, and I’m starting to get upset.  Here is my final email:

Now, I’m not saying that their product is bad.  But, I did have a bad experience.  If you choose File Catalyst as your FileTransfer server, just be cautious.  And if you happen to have a salesman like this, just drop the product all together.  It’s not worth it.  I have better things to do.

What’s the most humerous piece of this??  Well, I received a comment from ANOTHER sales-person about the same product.  I’m done….

Tags: filecatalyst, file catalyst, email, attachment, transfer

Powered by Qumana

It is getting out-of-hand. Users are treating email as a file-transfer medium. Even if the other person is sitting 3 desks down. Rather than saving their files to the network, they "feel" it’s easier to just attach it, and send it to the other person’s mailbox.

It’s getting worse. Nowadays, Marketing files are getting overwhelmingly (is that a word?) large. We are now using email to transfer Marketing campaigns, video’s, and Magazine layout files. Where did we go wrong? And don’t get me started on the oversized 5MB photos of someone’s mom’s birthday with those 7 megapixel cameras.

I’m guessing it’s because everyone is so used to using email, it just became second nature. Now, of course I’ve implemented the size-restriction policy. Most of the medium/large-sized business have. BUT, you also can’t stop business processes either.  If they gotta have it, they gotta have it.

If Company A has a critical financial spreadsheet that Company B must have, and it is 25MB in size, do you just tell them they are out of luck? Unless you want to lose your job, you temporarily give them access.

Of course, you have the other alternative, which is setup an FTP server. That way, you can give your user’s access to their own "folder", and drop files in there for the "outside" user’s. But, what if an outside user shouldn’t see another outside user’s data, from the same internal user’s folder?

Now, you are back to heavy administration. You’ve alleviated the database size problem from email, and moved over to an administrative overhead of maintaining user accounts and permissions.

Really, the best option is to setup a web-enabled file transfer application. This type of application allows end-users to "upload" the files they want to transmit, and type in the recipient’s email address. An email is then submitted, on the user’s behalf, with a link to download the file. Now, you’ve moved from a push (synchronous) technology, to a pull (asynchronous) technology. AND, if the user doesn’t want it, you are not forced to use up the bandwidth.

A perfect solution. I haven’t found many products to do what I want, though. Either, they are too expensive, or they don’t do what I want. So, I’m half-way thinking just making our own web application. Jeez, it can’t be that hard?

Anyone have any suggestions on products they use, to alleviate using email to transfer files, but still use email to notify users of the files?

Technorati Tags: email, ftp, transfer, server, web, size

So, I purchased a Cisco ASA 5505 to build a VPN Tunnel from a remote office to my main office. Really simple to do, when you are using Easy VPN . Anyway, I wanted to turn on SSH. So, I enabled SSH on the ASA, and tried to access it:

 

[apaxson@netutil ~]$ ssh -l username 1.2.3.4
ssh_exchange_identification: Connection closed by remote host 

 

Hmmmm….. let’s do a debug, and see what happens:

 

asa# debug ssh
Device ssh opened successfully.
SSH0: SSH client: IP = '1.2.3.10' interface # = 1
SSH: unable to retrieve default host public key. Please create a defauth RSA key pair before using SSH
SSH0: Session disconnected by SSH server - error 0x00 "Internal error"

 

Ahhhh….. we have to create a default RSA key pair. Let’s do that.

 

asa(config)# ca generate rsa key 1024
WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command.

 

Okaaaay…… looks like we have to change our ways again.

 

asa(config)# crypto key generate rsa

INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
asa(config)#

 

Okay, so far so good. Let’s try to connect again:

 

[apaxson@netutil ~]$ ssh -l username 1.2.3.4
RSA key fingerprint is 9b:99:12:45:6f:7a:bb:37:f4:25:19:1d:d9:0d:62:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘1.2.3.4′ (RSA) to the list of known hosts.

 

Outstanding!

Technorati Tags: ASA, cisco, ssh

Well, I finally did it.  I bought a PowerBook for myself off of EBay a couple of nights ago.  Up till now, I’ve only had G4 Desktops at my house (and a broken down G3 and iBook).  Well, I finally convinced my wife to allow me the small pleasure of bidding for a PowerBook G4.

Well, I won the bid, but I think it was a bit high.  I didn’t care, though.  I could have gotten a 13″ MacBook from Apple for $950 (with tax).  I decided to get a 17″ PowerBook (1.6GHz) for almost the same price.  It has a 17″ screen rather than the 13″ screen on the MacBook,120GB hard drive, and 1.5GB memory.  I didn’t think I did too bad, though, I probably could have done better.

It can run Leopard, when I’m ready to buy it, but it comes with Tiger.  But no iSight :-(  oh well.

If you think I could have done better, don’t tell me.  I’d rather not know. 
So, now I’m waiting for it to ship.  I’m like a 7-year-old, sitting in an ice cream shop for that huge chocolate and fudge sundae in 110-degree weather.

Technorati Tags: Apple, Macintosh, PowerBook