Author Archives: Ruben

Dell Networking OS10 using GNS3

Dell EMC Networking OS10 combines the best of Linux, open computing, and networking to advance open networking disaggregation. OS10 is a transformational software platform which provides networking hardware abstraction through a common set of APIs.
You can enable consistency across compute and network resources for your system operator (sysops) groups that require server-like manageability, as well as leverage your existing network con€guration.
You can simulate OS10 devices using OS10 VM appliances. The OS10 VM appliances execute the same software deployed on OS10-enabled hardware devices, with the exception of the hardware abstraction layer. The OS10 VM hardware abstraction layer simulates hardware devices in a VM environment.

All CLI commands as well as RESTCONF and SNMP interfaces are available in the OS10 simulation environment. You can build sandbox environments to learn open networking concepts, and prototype network operations and scripts risk-free.

Dell OS10

OS10 simulation features

All OS10 CLI commands and north-bound interfaces (RESTCONF, SNMP) are available including:

  • System management (SSH, AAA, DHCP, and so on)
  • Management port

L3 data plane and control plane (using Linux functionality)

Partial support for L2 data plane and control plane (using Linux functionality):

  • LACP
  • VLAN
  • LLDP
  • VLT

OS10 feature limitations

  • No ACL or QoS support (NPU is not available) — ACL and QoS CLI commands are available (but have no effect on trafc)
  • Limited L2 functionality (NPU is not available on simulator) — no spanning-tree control plane functionality
  • No breakout mode for simulated ports
  • Defaults to S6000-ON hardware platform simulation

Requirements

  • Workstation or laptop with 16 GB RAM or larger recommended
  • 64-bit x86 CPU with 2 GHz or faster core speed (dual-core or larger recommended)
  • SDD with 64 GB available space
  • Virtualization environment — you can use either Windows, Linux, or VMware ESXi as a host system for the GNS3 Server VM environment
  • VMware ESXi server recommended for large network simulation

Download

https://cld.pt/dl/download/fff9c764-59cb-4521-8bd9-e9eeb38519c8/os10_virtualization_10.4.1.0v.zip

https://cld.pt/dl/download/2f61626b-f1fe-4415-8825-4357823e5ed8/os10_virtualization_guide.pdf

 

 

Read it, then try it—with Juniper vLabs

Juniper vLabs is a web-based platform that lets you try out Juniper products and features at any time, in a no-risk environment. Leveraging the vMX, vQFX, and vSRX product lines, vLabs provide a variety of standalone devices and preset topologies. Reservable in advance or on-demand, vLabs are free to access and open to everyone.

Juniper vLabs takes a “read-it-then-try-it” approach to learning. This offering guides you from product and solutions documentation to a live environment where you can get hands-on experience.

Enter Juniper vLabs.

 

https://youtu.be/Zt5fiVhNgFQ

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure 2018

Based on Gartner by 2020, only 40% of network operations teams will use the command line interface (CLI) as their primary interface, down from 75% in 2018.

Cisco still evolving their Unified Vison across the Campus with DNA Center and SD-Access solutions giving the full capabilities in one single pane of glass simplying the day-to-day operations.

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure

References:

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure 2018

Fire Jumper Stage 5 Network Security Systems Engineer

Cisco Fire Jumper program is composed by different tracks, and each has a Sales, Systems Engineer and Field role with dedicated videos, training, POV, Labs and exams to be accomplished. After completed all four stages, you need to ask your Manager to endorse and send en email to fire jumper team. Once accepted you are going to receive an certificate. I’ve focused on the Network Security System Engineer role where i achieved the Stage 5. Looking for the Elite now.

Dissecting the Different Tracks

Network Security: Firepower, ASA and Meraki

Advanced Threat: AMP for Endpoints and Threat Grid

Visibility & Enforcement: ISE, Stealthwatch and SDA

Cloud, Web & Email Security: Cisco Umbrella, Cloudlock, WSA and Email Security

At the moment you can only be Stage 5 in one track and Stage 4 on all of them. Once you achieve this you become Fire Jumper Elite.

Find below the relevant links for the program:

Fire Jumper Sales Engineer

Fire Jumper Systems Engineer

Fire Jumper Field Engineer

Tweak multicast on Cisco ASA without RP

This came as a customer request, where they required to send multicast for testing purposes to their own customers but without using a RP. A Cisco ASA is segregating the environment acting as Layer 3 between the multicast sender and receivers. The first step was disabling the snooping on the switching to let the traffic going through, and last but not least setup a static group on the ASA to flood the interface outwards to the receivers. The challenge was the PIM, which has to be enabled but can’t have a neighbourship otherwise the interface is not going to flood the multicast out, so how do we make this work?

I’m running code Cisco ASA 9.1(7) with multicast-routing enabled

Because i have the firewall connect to a DMZ switch i have to disable the IGMP snooping on the switch

no ip igmp snooping vlan 2201

Setup a Filter to not allow the neighbourship but having the PIM enabled, and the static group to force the ASA to join particular multicast address (224.0.1.129)
You have to Deny the host adjacent in this case was 10.101.201.43

access-list CSC_FILTER_PIM standard deny host 10.101.201.43

interface Ethernet0/0
description CSC
nameif CSC-LON9
security-level 55
ip address 10.111.201.41 255.255.255.248 standby 10.111.201.42
pim neighbor-filter CSC_FILTER_PIM
igmp static-group 224.0.1.129

If a PIM neighbourship was established, that needs to expire before the interface starts flooding the traffic, if you see Nbr Count=0 you are almost there

fw01/sec/act# show pim interface

Address Interface PIM Nbr Hello DR DR
Count Intvl Prior

10.101.201.41 CSC-LON9 on 0 30 1 this system

fw01/sec/act# sh igmp interface CSC-LON9
CSC-LON9 is up, line protocol is up
Internet address is 10.101.201.41/29
IGMP is enabled on interface
Current IGMP version is 2
IGMP query interval is 125 seconds
IGMP querier timeout is 255 seconds
IGMP max query response time is 10 seconds
Last member query response interval is 1 seconds
Inbound IGMP access group is:
IGMP limit is 500, currently active joins: 0
Cumulative IGMP activity: 1 joins, 0 leaves
IGMP querying router is 10.101.201.41 (this system)

Now the interface is forwarding the multicast, if you see Null you missed something

fw01/sec/act# sh mroute 10.101.100.13 224.0.1.129

Multicast Routing Table
Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group,
C – Connected, L – Local, I – Received Source Specific Host Report,
P – Pruned, R – RP-bit set, F – Register flag, T – SPT-bit set,
J – Join SPT
Timers: Uptime/Expires
Interface state: Interface, State

(10.101.100.13, 224.0.1.129), 3w3d/00:03:29, flags: SFJT
Incoming interface: INSIDE
RPF nbr: 10.101.100.13
Inherited Outgoing interface list:
CSC-LON9, Forward, 3w3d/never

Cisco CCNA Cyber Ops completed!

2 months in a rush was what i needed to finish my CCNA Cyber Ops, it’s composed by 2 exams:

  •  210-250 SECFND
  • 210-255 SECOPS

The e-learning was part of the Cisco scholarship, so i had all materials required to learn what was required for each exam. The SECOPS exam it was a bit more difficult due his nature of different language.

 

210-250 SECFND

This exam understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a “real-life” network infrastructure.

Course Objectives

Upon completing this course, students will be able to:

  • Describe, compare and identify various network concepts
  • Fundamentals of TCP/IP
  • Describe and compare fundamental security concepts
  • Describe network applications and the security challenges
  • Understand basic cryptography principles
  • Understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
  • Develop knowledge in security monitoring, including identifying sources and types of data and events
  • 210-250 SECFND

 

 210-255 SECOPS

This exam focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.

Course Objectives

Upon completion of this course, you will have the skills and knowledge to:

  • Define a SOC and the various job roles in a SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat-centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identify malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC metrics
  • Understand SOC workflow Management system and automation

CLEUR Barcelona 2018 Day 5

It was a quick intro to the portfolio, covering the Host Discovery, Traffic Flow Processing and SSL Decryption.

BRKSEC-3455 Dissecting Firepower – FTD & Firepower- Services “Design & Troubleshooting”

How to rock a Firepower installation and troubleshooting it like a Rock star, presented by one TAC Engineer Leader. Learned some best practices and corner cases made my last session at Cisco Live.

Pack up everything and go back to London sadly, i would make another week of CLEUR easily!

See you next year at CLEUR Barcelona 2019!!!

CLEUR Barcelona 2018 Day 4

I’ve been learning about BNG for a while, and this was interesting to see how Cisco is evolving the Product and Market on this area.  Met  the Marketing Engineer and the Product Manager, lovely guys by the way.

BRKCLD-2280 MultiCloud Deployment of Self Operating Applications Using Cisco CloudCenter and AppDynamics APM

I’ve been playing for a while with CloudCenter (CC) and done some cool demos with F5 integration using API’s called callout scripts in CC. Bundling CC and AppDynamics have a lot to offer, and there is no dependency between them.

Cisco Live’s Walk-in Self-Paced (WISP)

This area is a must for all the attendees, you will be able to have hands-on at some demos which are not available at Cisco dCloud, don’t lose this opportunity to learn more and have fun.

Cisco Certified Design Expert (CCDE) Exam

Yes, i did a go on the Written exam. Oh boy….i was really close to it, got 785 of 860
It was was a really good assessment, now i know what i have to cover for my next attempt.

Party time

Cisco Live is not only sessions , networking and geeks!

We know how to do an Epic Party!

https://www.youtube.com/watch?v=TrVz-ESsr44

CLEUR Barcelona 2018 Day 3

BRKDCN-2489 Cisco SD-Access – Integration with Data Center Architectures

SD-Access is primarily Campus focused, an overlay technology which allow the user to have the same user experience anywhere but the exciting part is the ball is moving to the Data Center edge exchanging policies with the Cisco ACI. It seems going to cover the gap we have these days not replicating the Policies between Campus and Data Center but ultimately i hope across the entire state.

PSOSEC-2559 The Integrated Cisco Security Portfolio for a more effective security posture

A different view how we should see the security, embracing it, adopting new paradigms, simplify it, do less for more. Everyone is protecting the perimeter, that is the actual plan. Do you have a plan after got hit? Isn’t also important?

CLEUR Barcelona 2018 Day 2

Configit was quite challenging for me specially the config on the IOS-XR, because i do not touch on this for a long time. To me it looks much more structured in a sense of the config than the IOS family

Special tank you to Lizabete Cacic, Lukasz Bromirski and team

I If you want the LAB/docs let me know

CLEUR Barcelona 2018 Day 1

A very exciting first day with swags, Cisco Champion giffs, and do networking with really nice people about new trends and challenges in the industry.

TECCCDE-3005 CCDE:The Cisco Certified Design Expert

I was really looking forward to have the session CCDE: The Cisco Certified Design Expert [TECCCDE-3005], and start move from a “How to do it” to “Why to do it” mindset shift. We covered the basic foundations for an Architect to take in consideration and Technologies on the written/lab exam.

We finished the session with a small demo about how the exam is built, and graded.

It was awesome to meet all the team and have some chat. I would like to say thank you to Russ White, Architect, Elaine Lopes,Yuri Lukin,Tom Whaley

If you are looking to start your CCDE journey here are some of the suggested study materials:

Cisco Live Barcelona 2018 here i GO!

This is going to be my 2nd Cisco Live, and i’m very excited because i’ve learned a lot over the past 8 years and i’m in a different professional stage at the moment that 8 years ago it was just a dream. I’m a strong believer that these events are important to grow your “networking” and keep you updated on new trends/technology.

So how my calendar looks like so far?

  • CCDE Techtorial and Exam
  • Firepower
  • ISE
  • Multi-Cloud
  • SD-X
  • DevOps

If you are are around, lets grab a beer and crack some of the topics above

A Flashback and a New Busy Year!

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.