While no one can control the internet, you can certainly degrade it for many people.

We have a major technological hub in Sweden. Their internet provider (like many others in Sweden and Europe) use Telia as their communications provider. Over the last couple of days, our outbound emails kept queueing up in our systems, and some websites wouldn’t work.

Come to find out, Cogent, a major communications company in US and Europe, have actually depeered Telia from it’s AS routing, making it impossible for Nordic customers (as well as some in Europe, I would imagine) to access systems on Cogent’s network. Even alternate routing was turned off.

Apparently, this is because Cogent got ticked off because of contract dispute about the size and locations of certain internet pipes. They feel it was:

“…for the good of the internet.”

Also, coming from Jeff Henrikson, spokesperson for Cogent:

“Some traffic flow was impeded and some traffic was redirected further than it needed to go.”

“[Telia] wasn’t responding to requests to comply with the contract….[Cogent] wasn’t left with much alternative but to terminate the contract.”

Wow. Can you believe that? See the below links for more information:

http://www2.meltedcube.com/blog/web-internet-telecom/isp-quarrel-partitions-internet/
http://gigaom.com/2008/03/14/the-telia-cogent-spat-could-ruin-web-for-many/

Technorati Tags: cogent, internet, telia

Being the Network Operations Manager, one of my duties is to decide on policies and standardization across the Desktop and Server infrastructure.  For the longest time, I’ve had to weigh and determine whether we should drop IE and move to Firefox.

Why the hard decisions?  Well, although Firefox is certainly more secure (and more productive to use in my opinion), the fact remains that many 3rd-party companies are still designing applications to the IE spec.  I won’t go into detail why that is wrong in around 100-different ways.  The fact is, we must keep IE.

However, I do encourage users to try Firefox, and use it if they can.  The only downside it has had, was the huge memory usage it would take.  The more tabs and windows you used, and the longer it sat, the more memory it would use.

Apparently, that has changed, according to some tests prominently displayed and explained on Pavlov.net’s blog.

They tested three different browsers.  IE7, Firefox2, and Firefox3-beta.  The results were shocking to me.  Basically, they opened 30 webpages, each using their own window, and did that 11 times.  Each window that was opened, closes the other window.  At the end, the last window remained opened, and they let the browser sit awhile.

Check out these results (blatently taken from Pavlov’s site):

This shows that not only has Firefox3 have BETTER memory management than it’s predecessor,  but check out IE7!!  It didn’t even reclaim the used space of all those windows after sitting!!

This is proof in the pudding!  Not only does IE SUCK at CSS, but it also SUCKS at memory usage.  No wonder why Vista has such steep memory requirements!  It’s not for the eye-candy, or advanced graphics and tools.  It’s to keep browsing the internet!!!

Here’s the link to the article, in case you missed it above:

Firefox 3 Memory Usage « pavlov.net

It is getting out-of-hand. Users are treating email as a file-transfer medium. Even if the other person is sitting 3 desks down. Rather than saving their files to the network, they "feel" it’s easier to just attach it, and send it to the other person’s mailbox.

It’s getting worse. Nowadays, Marketing files are getting overwhelmingly (is that a word?) large. We are now using email to transfer Marketing campaigns, video’s, and Magazine layout files. Where did we go wrong? And don’t get me started on the oversized 5MB photos of someone’s mom’s birthday with those 7 megapixel cameras.

I’m guessing it’s because everyone is so used to using email, it just became second nature. Now, of course I’ve implemented the size-restriction policy. Most of the medium/large-sized business have. BUT, you also can’t stop business processes either.  If they gotta have it, they gotta have it.

If Company A has a critical financial spreadsheet that Company B must have, and it is 25MB in size, do you just tell them they are out of luck? Unless you want to lose your job, you temporarily give them access.

Of course, you have the other alternative, which is setup an FTP server. That way, you can give your user’s access to their own "folder", and drop files in there for the "outside" user’s. But, what if an outside user shouldn’t see another outside user’s data, from the same internal user’s folder?

Now, you are back to heavy administration. You’ve alleviated the database size problem from email, and moved over to an administrative overhead of maintaining user accounts and permissions.

Really, the best option is to setup a web-enabled file transfer application. This type of application allows end-users to "upload" the files they want to transmit, and type in the recipient’s email address. An email is then submitted, on the user’s behalf, with a link to download the file. Now, you’ve moved from a push (synchronous) technology, to a pull (asynchronous) technology. AND, if the user doesn’t want it, you are not forced to use up the bandwidth.

A perfect solution. I haven’t found many products to do what I want, though. Either, they are too expensive, or they don’t do what I want. So, I’m half-way thinking just making our own web application. Jeez, it can’t be that hard?

Anyone have any suggestions on products they use, to alleviate using email to transfer files, but still use email to notify users of the files?

Technorati Tags: email, ftp, transfer, server, web, size

I am incredibly frustrated, and I’m hoping this post will save countless others from yelling out loud, after finding out you wasted money and hours of troubleshooting for no reason.

First off, a bit of history. Back in my historical posts, I mentioned my thoughts on the 3750-metro series switches. At first, I wasn’t all that impressed with the metro-series. I mean, it seems to be more for the service provider than for the customer. But, if Cisco recommends it for a customer, I should listen, right?

Well, Cisco sales reps are more interested in selling products, than in giving the best answers, and this is a perfect example. So, make sure to listen up, and pay attention.

In building our metro network, we have a fiber line, provided by AT&T. On the customer side, AT&T installed a Cisco switch to terminate the fiber, and hand-off copper. I then, take the copper into my network. But, after connecting my 3750-metro interface (The ES port, for “Enhanced Services”), I never saw a link. Hmmm… did AT&T enable their interface? I asked…. yep. Do I need a cross-over, or did they build the cross-over in their patchpanel? Nope. Straight-through. So, I must provide the cross-over
(And for those that will ask… no I do not trust the auto-sensing MDIX).

Still no luck.

Then, I asked AT&T the interface characteristics: (100Mbit - Full Duplex). Hmmmm…. shouldn’t be a problem. I’ll set my interface to that. What?? I can’t. It only accepts 1000? Let’s look at the docs:

Now, I consider myself a respectful and considerate human being (at times). However, I must say, when I realized that, I was glad I was in an isolated room with no one around. Because I yelled and cussed as I used to when I was a sailor in the Navy. At this point, I realized I have spent between $6k to $8k more than I needed to (I bought 2 metro switches, one for each side of the link), and I just wasted 3 to 4 hours of troubleshooting. I should have gone with my initial feelings about the 3750-metro.

So, what is the difference between the 3750 and the 3750-metro? From Cisco’s website:

And what is this “ES Port” thing. What does it do for me?

So, to summarize, pretty much every enhancement the metro-line offers, is in the ES ports. Other than the redundant power-supplies, this is a wash. The regular Cisco 3750 still has a powerful QoS engine, and the same IOS commands. Now, I’m sure there is more in the metro software image than the standard 3750, but without the ES Ports, what’s the point??? The provider will provide the Q-in-Q tunneling, the heirarchical QoS, etc. What good does it do??

I’m still a little bitter, but by the time you post your comments, maybe I’ll feel better, and listen more. So feel free to let me know what you think. Right now, I’m disappointed, and frankly, quite pi$$ed, because I feel like I was taken advantage of.

My only advice is…. if you get the Cisco 3750-metro, please make sure the provider will hand off a 1000 Gigabit connection. Otherwise, you are sitting on an expensive 3750.

The only thing I can think of, is to place a media-converter in the middle, so I can use the 100Mbit ES interface. But, that just adds another point-of-failure, and this metro network was supposed to alleviate the failures… not add to them…..

((Sigh))

Well, I’m off to Cleveland this week. I’ll be bringing up our first MAN to a new co-located datacenter at Expedient.  We currently have one cabinet there, but look to getting a second cabinet in a few more months, depending on how great it works out.

The only thing I do not like about the 3750-metro switches is that they don’t have a netflow export option.  Personally, I think they should.  Being a multi-layer switch, and intended to be on each side of a MAN, the netflow export would be perfect to analyze the traffic across the MAN link.

What do you all think?  Agree to disagree?

For me, it will be a learning experience.  This will be my first time using the Cisco 3750-metro series switches (I’ve used the 3750’s before but the metro’s allow more fine-grained control on QoS and packet-shaping, though, I lose the Gb interfaces).

I’ll need that QoS and packet-shaping skils, since we only have a 20M fiber link between the two locations, and we’ll be sending voice and video through it, on top of regular data traffic.

To be honest, I’m not that confident in my QoS knowledge.  Yes, I know the fundamentals (at least I think I do…. uh oh), but I’m always nervous I’ll forget one tiny little thing, which will cause disastrous results.  Ah well…. I feel that way everytime I touch a keyboard key.

Wish me luck!

Technorati Tags: cisco, 3750, metro, expedient

Powered by ScribeFire.

Cisco has created a new certification called CCDE (Cisco Certified Design Expert).  So, what’s so different between a Design Professional (CCDP) and a Design Expert (CCDE)?

Seniority and includes Business strategies, says Cisco:

“There’s not going to be a lot of CCDEs walking the street,” said David
Bump, a portfolio manager with Cisco. “It’s a very senior credential;
it’s a very exclusive credential.”

Basically, you will take the technical knowledge of the CCDP (and other certifications), but rather than design a technical network around specific requirements, you would be the one to create those requirements, maintain budgets, and make sure those requirements fits the business needs, not just the technical needs.

The 2-hour qualification exam is released today at Pearson VUE centers.  Once you have qualified, you will be able to take the 8-hour long Proctored exam, made available this fall.

No doubt, many CCIE’s will try to get this “higher” status.  Me?  Well, I’ve been using and building Cisco networks for almost 7 years now.  I still don’t have my CCNA!!  No time for the weary, I guess.  Yeah yeah… I know I should…..

For those of you, who didn’t know that, I probably just knocked my credibility down by 2 notches or so.  Sorry to let you down.

Link to Referenced work:

Cisco announces Design Expert Certification for network engineers

Cool…

Technorati Tags: cisco, certification, ccde

Powered by ScribeFire.

This was so freaking confusing for me! In Java, I would convert my timestamps one way, but then, if I needed to convert them in Excel, I was 70 years off?!? WTF.

Well, here’s how you convert those timestamps to something meaningful, and why you are getting different results with different systems.

First, some terms:

Unix Epoch: number of seconds elapsed since Jan 1, 1970

NTP Epoch: number of seconds elapsed since Jan 1, 1900

I have no idea why the different Epochs, but did you notice that the difference is 70 years? YEP!!!

Okay, so Microsoft Products use the NTP Epoch (i.e. SQL Server, Excel, Access, etc) as a reference to build it’s Date objects. Unix, Macintosh, Java, and C / C++ uses the Unix Epoch as a reference for it’s date objects. Cisco uses Unix Epoch to export its timestamps.

So, basically, we have to add 25,569 days (70 years, approx) to the NTP Epoch, in order to get valid results in NTP Epoch-type systems (Excel, SQL Server, etc).

Convert a timestamp in JAVA:

public static void main(String[] args){

// declare our timestamp in seconds

long timestamp = 1198167416;

// Since timestamp is in seconds, but Java Date works in milliseconds,

// convert to milliseconds
Date mydate = new Date(timestamp*1000);

// Format how the date is displayed to us

SimpleDateFormat formatter = new SimpleDateFormat(”dd MMM yyyy HH:mm:ss”);

// Print the date to standard out.

System.out.println(formatter.format(mydate));
}

Convert a timestamp in Excel (Assuming your timestamp to convert is in column A1):

A1/86400+25569

Then, just format the cells as “Date”. So, to explain the Excel formula:

1). Divide the timestamp by the number of seconds in a day. This will give you the number of days

2). Add 25569 days to the already converted days, to take into account the difference between Unix Epoch and NTP Epoch shift.

So, for the first time, I had to NAT an IPSec tunnel for a vendor, due to overlapping networks.  I know the fundamentals, but have never actually done it.

First, define the vpn traffic…. check

Next, define the  nat traffic…. check

Map the traffic to the cryptomap….check

Create the access-list to filter the VPN Traffic…..no check…. ummm…. okay.. so here is where I needed some help.  Does the ACL get hit first, and THEN NAT?  If so, I’ll need to use the NAT address in the ACL.  But, what if NAT gets hit first?  Then I’ll have to use my private address in the ACL.

What to do?  Well, visit the irc chat room #cisco, that’s what.  They sent me to an incredible post which details the operations of both ingress and egress in a Cisco IOS system.

Very handy!  ….. <Aaron is printing>….

Rightfax, a Captaris product that centralizes Desktop Faxing and Electronic Document Delivery. I purchased Rightfax to help my company integrating Fax solutions, and save on maintenance and labor costs associated with manual faxing.

I purchased Rightfax with a digital PRI Brooktrout board (specifically a TR1034+E4H+T1+1N). Now, this board also supports T.38. So, why did I choose to use the digital PRI? Well, up till now, I haven’t had alot of luck using the T.38 protocol (probably due to my ignorance), and my users are starting to get very frustrated. So, for the time being, I chose to use PRI.

It took some soft massaging on both the Brooktrout, as well as on the Serial interface on my Cisco 3845, but I have it working. I will start with an overview of my design, before the implementation.

Here is the corresponding configuration on my Cisco 3845:

controller T1 0/0/0
  framing esf
  clock source internal
  linecode b8zs
  pri-group timeslots 1-4,24
  description RIGHTFAX
!
! Config Snipped
!
interface Serial0/0/0:23
  no ip address
  encapsulation hdlc
  isdn switch-type primary-dms100
  isdn protocol-emulate network
  isdn incoming-voice voice
  no cdp enable
!
! Config snipped
!
dial-peer voice 6799 pots
  destination-pattern 6799
  no digit-strip
  port 0/0/0:23

Okay, so here is some specifics:

CONTROLLER T1 0/0/0

• clock source internal - I am receiving my clock source from one of my T1’s from the Telco side.  This command passes the clock source internally on the backplane, for this controller
• pri-group timeslots 1-4,24 - I only have 4 channels licensed on the PRI card for RightFax.  Thus, I only want to allocate those channels.  Channel 24 is required for the D-channel.

INTERFACE SERIAL 0/0/0:23

• isdn switch-type primary-dms100 - This will change based on your configuration.  I am only using it, since I’m using it on my other PRI’s from the telco.  Whatever you choose, you must make sure it’s matched on the Brooktrout card.
• isdn protocol-emulate network - THIS IS INCREDIBLY IMPORTANT!!  Rightfax expects to be talking to the telco, not another device.

DIAL-PEER VOICE 6799 POTS

• destination-pattern 6799 - This will change based on your dialplan.  I chose to use a specific number for testing.  Generally, you will create a pattern for your fax numbers.
• no digit-strip - If you will be using DID numbers (you probably are), then you’ll need to send the number along to RightFax.  In order to do that, we need to send the digits on, so RightFax can use them to sort out the correct Fax mailbox.
• port 0/0/0:23 - This just directs the call to the Serial interface for Rightfax.

That’s really it.  I kept the default configuration on the Brooktrout card, except for the ISDN config (Protocol Options under the Port A tab).  For the ISDN config, I just chose what I’ve configured here (i.e. B8ZS, DMS-100 switch, etc).  Oh, and you need to modify the max. DID digits.  By default, it is set to ‘0′, so I assumed that meant no limit.  No, that means 0 digits.  Change it.
Good LUCK!!!

Hasn’t everyone received this reason for practically every problem that exists in business? My computer won’t open Outlook…. It’s the Network! My system is running slow… It’s the Network! My chair won’t swivel… It’s the Network! It’s getting ridiculous.

Quite a frustrating incident today. One of our database servers was running incredibly slow. A user calls me up informing me about it. Upon looking at the server, their process was pegging the CPU at 100%.

I merely told them there wasn’t much I can do. The server is giving them everything it’s got (Quoting Scotty with a scottish accent). I was then told, “Well, we do this every month, and it’s never done this before”. I merely said (paraphrasing, of course), “I don’t know what to tell you. Maybe you have more calculations, data, etc etc”.

I then realized, that this user was attempting to train me in the ways of Net-Fu, and why it is the Wireless network that was causing the slow down. I must have been trained well in the Net-Fu skills, as that was a VERY enlightening experience for me. What level of ascension allows CPU cycles to be affected by Wireless RF signals? I need more training………..

Powered by ScribeFire.