Featured
Cisco Express Forwarding (2023 Edition)

Cisco Express Forwarding (2023 Edition)

CEF Deep Dive (commands) for IOS-XE C9300 used as example Model: C9300L-24UXG-4X Control Plane (CP) = R0 Data Plane (DP) = F0, UADP/ASIC CEF Background:  Why Cisco Express Forwarding (CEF)?  “Necessity is the mother of invention” -proverb Let’s take a trip in the networking time machine back to simpler times (late 80s, early 90s). I’m going to start with the fundamentals of software-based forwarding and all the pipeline steps involved. We didn’t have fancy ASICs like we do today, so everything was done…

Read More Read More

Featured
Battle of the 16-bit Audio Processors

Battle of the 16-bit Audio Processors

Be Kind, Please REWIND I have fond memories of the late 80’s early 90’s, because it’s what got me so addicted to hardware and what I like to refer to as the “healing powers” of video games. As a kid with severe asthma, I spent many of childhood years in a hospital. Medicine was not where it is today for controlling asthma, and they really just treated the symptoms the best they could. In fact, the same thing someone would…

Read More Read More

Featured
FN-70489: PKI Self-Signed Certificate Expiration

FN-70489: PKI Self-Signed Certificate Expiration

With the release of Star Wars TRoS this past Friday, the only “FN” on most people’s minds was FN-2187 (Finn). However, another FN was released on December 17th and that’s the topic of our post today. FN-70489 Now this FN on the surface sounds VERY concerning, but let’s dive a little deeper to see if in fact, you may be impacted. The most important statement is in the “Note” of the Problem Description “To be impacted by this issue, a…

Read More Read More

Featured
It’s the Network…

It’s the Network…

“It’s the network…” The statement and all its derivatives are as timeless as STP and OSPF. I recently had an interesting experience in my personal life that I feel compelled to share with my fellow network engineers. There are MANY stories we can tell from the perspective of technology specialists that work in IT.  I have tons of stories from working in operations for 10 years to pre-sales with enterprise customers throughout my career. However, what if we were to…

Read More Read More

Featured
Cisco Switch Virtualization (Clustering)

Cisco Switch Virtualization (Clustering)

Network Virtualization vs Device Virtualization: Examples of Network Virtualization Virtual Port-channel (vPC) VLAN (L2) VRF (L3) VSAN Examples of Device Virtualization Security Context Virtual Device Context (VDC) Virtual Switch System (VSS) StackWise Virtual (SV) and Physical StackWise Virtual Machines (VMs) Why Use Switch/Device Virtualization? Eliminate STP blocked paths, FHRPs, and multiple device administration touch points Simplifies operations of campus access, distribution, and core topology Active/Active data plane path via Multi-chassis Etherchannel (MEC) = more bandwidth and lower latency Improve convergence…

Read More Read More

Featured
CCDE: “The Journey”

CCDE: “The Journey”

I promised an update on my CCDE journey last week on Twitter, so here we go… I’ve been preparing for the practical for about 4 months and finally took it for the first time on 5.30.18. So, here’s my story… In preparation for the practical, I attended a CCDE bootcamp by Jeremy Filliben and it was awesome. Several of my study buddies from Cisco also attended, so we were able to collaborate during and after the bootcamp which was cool….

Read More Read More

Featured
The Road to Network Engineering

The Road to Network Engineering

          I was inspired to document my career journey after reading a post by Packet Pushers @ecbanks. Circa 1997 I was working in a local computer shop called Circle Computer in Ephrata, PA. We were a Commodore Amiga shop, but Commodore went bankrupt and had to start pushing x86 PC’s. The Intel Pentium MMX processors were hot at this time and Duke Nukem 3D was the FPS of choice. I was mostly responsible for building PCs…

Read More Read More

Featured
Catalyst 9300: Hands-On Review

Catalyst 9300: Hands-On Review

Cisco Catalyst 9300 (First Impressions) I received an email from our awesome lobby ambassador about two packages that arrived in the Malvern office. I didn’t remember what I ordered and quickly forgot about the packages because, it was such a chaotic week. When I finally made my way to the office, I saw the boxes in the mail room and thought “NO! That can’t be them already…”. Upon closer inspection, they were in fact the Catalyst 9300’s I had ordered….

Read More Read More

Featured
The Network. Intuitive.

The Network. Intuitive.

A New Network for a New Era Well, the cat is finally out the bag… I’ve been biting my lips for the last several months working on campus designs with customers. That’s because internally at Cisco, all the buzz was around bringing SDN and most importantly intent driven networking to the campus in a BIG way. This is very much akin to how Cisco transformed the data center with ACI. In fact, I’ve heard verbatim from customers “why doesn’t Cisco…

Read More Read More

Featured
Cisco Nexus 9500 I/O Module Matrix

Cisco Nexus 9500 I/O Module Matrix

#ConfigBytes Updated 02.17.2017 Full PDF: Cisco Nexus 9500 IO Module Matrix This is a work in progress, so if there are fields you’d like to see added, please tweet me @Cisco_East or post in the comments section below.  

Featured
ConfigBytes: ASA 5506x w/ FirePOWER Services

ConfigBytes: ASA 5506x w/ FirePOWER Services

#ConfigBytes Getting Started with the ASA5506x & FirePOWER Services   Official Quick Start Guide: http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html FirePOWER User Guide: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541.html FirePOWER Services for ASA Data Sheet: http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html   TL:DR Key Points Since the ASA5506x doesn’t have built-in switch capabilities (yet), you will need a L2 switch to connect the management interface which is used for firepower services module and your inside ASA interface for management. If you have an L3 switch the FirePOWER management interface can be on a different subnet from your inside…

Read More Read More

Featured
ConfigBytes: Nexus 6000/5600 Latency & Buffer Monitor

ConfigBytes: Nexus 6000/5600 Latency & Buffer Monitor

#CONFIGBYTES Episode 2 Platforms: Nexus 6000 & 5600 (UPC based ASIC)   Latency Monitor: Full Documentation The switch latency monitoring feature marks each ingress and egress packet with a timestamp value. To calculate the latency for each packet in the system the switch compares the ingress with the egress timestamp. The feature allows you to display historical latency averages between all pairs of ports, as well as real-time latency data. You can use the latency measurements to identify which flows…

Read More Read More

Featured
Cisco Modeling Labs 1.0: First Impressions & Getting Started

Cisco Modeling Labs 1.0: First Impressions & Getting Started

When a Legend becomes Real I’m still pinching myself. Last week I delivered my very first Cisco Modeling Labs (CML) 1.0 demo to a customer. Overall, they were pretty darn excited, however there are some things that we need to address to make it a GREAT fit for their specific testing/validation environment. Let’s take a step back and talk high level about CML for a moment. CML is the Cisco TAC supported variant of VIRL. The FCS date for CML 1.0…

Read More Read More

Featured
VIRL/CML Update

VIRL/CML Update

Virtual Internet Routing Lab/Cisco Modeling Lab: UPDATE (08.07.2014): Cisco Modeling Labs 1.0 Corporate Edition Available August 11, 2014 This is an excerpt from an email one of my colleagues received today. “We are very excited to announce that Cisco Modeling Labs 1.0 Corporate Edition is expected to ship on Monday, August 11th (if this changes we’ll let you know). As you know, Cisco Modeling Labs 1.0 Corporate Edition is a game changing product with powerful virtualization features that provide corporations…

Read More Read More

Featured
CCIE R/S v5: Everything’s Gonna be Alright

CCIE R/S v5: Everything’s Gonna be Alright

It’s been roughly five months since I passed the v4 CCIE R/S and I’m starting to hear potential CCIE R/S candidates freaking out about the upcoming changes. I know this feeling all too well, because like many of you I started on v3 and passed on v4. I will never sugar coat this, it’s a royal pain in the arse when the blueprint gets revised, especially if you have been studying (really studying) the current blueprint. That being said, I…

Read More Read More

Featured
CCIE Studies: Performance Routing PfR/OER

CCIE Studies: Performance Routing PfR/OER

Prologue Hey fellow CCIE’s candidates and networking geeks. Today I want to step deep into the realm of PfR or Performance Routing. First let’s go back in time to the predecessor, Optimized Edge Routing or OER. As crazy as this sounds, OER came out in 2006 with IOS 12.3 . So, technically before all this SDN fanfare, Cisco actually decoupled the control (part of it at least) and data plane with OER/PfR back in the dizay. DID THAT JUST BLOW…

Read More Read More

KRACK

KRACK

  (K)ey (R)einstallation (A)tta(C)(K) Breaking WPA2 by forcing nonce reuse It’s been a long day and I wanted to have some fun with this post. I was onsite with several customers today when the news broke publicly. I only knew about it at a high-level in the morning and didn’t have time to digest the magnitude nor details of the vulnerability until this evening. You see, for me this feels somewhat like Deja Vu. I remember the day when it…

Read More Read More