tag:blogger.com,1999:blog-88129199769498725072012-02-11T00:43:13.712+03:00Day to day life of a kenyan Networker. <br> <b> CCIE#28352 </b>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.comBlogger1181100tag:blogger.com,1999:blog-8812919976949872507.post-78848764962176333932012-02-10T16:29:00.000+03:002012-02-10T16:29:58.145+03:00So after years of formal employment, all the books, all the advice, all my energy is soon going to be directed at something different. Im seeking a little chaos, a place to channel my brand of crazy.<br /><br />This blog is moving too (to its own domain nothing major) just to keep up with the 'times'. I'll be letting you in on my plans within the month since I obviously need your support.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7884876496217633393?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-48912468301955398692012-02-02T08:39:00.000+03:002012-02-02T08:39:20.620+03:00<a href="http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html">http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html</a><br /><br />I was happy to find that this is now available and as usual Shannon has done a great job writing up and referencing important material.<br /><br />Go have a look<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4891246830195539869?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-79459590420374939292011-11-22T19:28:00.005+03:002011-11-22T20:24:41.141+03:00<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-8y63lgFrs6A/TsvMGoz6SGI/AAAAAAAAAEo/ZerMZZEi42U/s1600/tree-roots-1atxr1p-300x199.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-8y63lgFrs6A/TsvMGoz6SGI/AAAAAAAAAEo/ZerMZZEi42U/s1600/tree-roots-1atxr1p-300x199.jpg" /></a></div>There was no noise, no pomp, no beer :-) just me and a few guys discussing what we felt group dynamics would help with. Our roots might not yet be firmly in the ground but the elements are definately cooperating with us.<br /><br />Some background: I was an idiot in the past. I broke more networks than I fixed (don't assume I don't anymore), I steadilly improved sometimes in different areas at the same time. I read, labbed, listened, watched, failed,passed, tcl'ed,perl'ed,cabled till my eyes teared, my fingers moaned but I carried on. Now I can even classify it as fun.<br /><br />Computer/Data Networking as a career has been very rewarding and along the way I picked up quite a number of good friends and memories.&nbsp; Im looking for more. more 'networking', more collaboration, more learning. <a href="http://www.youtube.com/watch?v=yURRmWtbTbo">Won't stop till I get enough ! </a><br /><br />It is not always easy to get information in this industry in a timely manner. But i know with certainty individuals in the industry know alot more than they let on. I also know that peer led training is more effective than anything your HR can ever manage. Plus wouldn't you wish for more meetups you have control of?<br /><br />I also know that we are in a growing economy and ensuring any one that calls themselves a networker in Kenya needs to up and modernize their game for the future is really up to us. Some of us are more exposed to others, some are 'sharper' - not me:-), some have access to 'hidden toys'...ahh...life<br /><br />Thats the bit I want to play in. I want to see proper policies, new protocols or contributions to them, white papers from our market written by us, I want RFC's with my name on them for all the fame and glory that brings (none), I want books I want all a lowly third world networking nerd can have before the bits (apparently my brain is a network)overpower him.<br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-BbhyKm7DBTQ/TsvYg3E1CMI/AAAAAAAAAEw/kOfP7YlAXI0/s1600/bad-boys-3-header.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="114" src="http://2.bp.blogspot.com/-BbhyKm7DBTQ/TsvYg3E1CMI/AAAAAAAAAEw/kOfP7YlAXI0/s320/bad-boys-3-header.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><a href="http://third-world-networker.blogspot.com/">Yep someone needs to watch my Effing back !</a></td></tr></tbody></table>&nbsp;So its great to have the mailing list up at <a href="http://orion.my.co.ke/cgi-bin/mailman/listinfo/eanog">http://orion.my.co.ke/cgi-bin/mailman/listinfo/eanog</a>. We'll grow as we age. There is a huge need for an online presence and we'll work on that, for now Im just happy the meeting happened....Special thanks to the folks at <a href="http://www.ihub.co.ke/">Ihub </a>and everyone that came and or offered support and advice. Same goes for Riyaz for the last minute push to have this started - Heck we had a guy from NASA - We'll be seeing you around when Im not on the moon:-) thank you!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7945959042037493929?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-10005223140278707492011-11-15T17:14:00.004+03:002011-11-15T17:29:17.258+03:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-yMwC5VWy_58/TsJ3JvSXC4I/AAAAAAAAAFY/P8YPcd2GDso/s1600/networks1.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 310px; height: 203px;" src="http://2.bp.blogspot.com/-yMwC5VWy_58/TsJ3JvSXC4I/AAAAAAAAAFY/P8YPcd2GDso/s320/networks1.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5675229489636248450" /></a><br />For a long time I have wanted to have meetings where the dominant discussions are around networking and networkers in general.<br /><br />The main objective would be educational, but at the same time would give vendors a chance to talk to engineers about newer technology they are playing with - like openflow, vxlan,nvgre and products on the sidelines. <br /><br />Engineers would get to talk and share their experiences.<br /><br />So today we fired the first shot in the dark. An invite to the IHUB (directly opposite uchumi ngong road) on saturday the 19th at 2pm. If we get even 10 people interested, this ball will start rolling. <br /><br />There will be obvious issues along the way. Top off my head is how much time can I/we (Riyaz and I) commit to this endeavor in the beginning before the group gains traction?<br /><br />How often do we meet? what do we discuss? (I expect what to discuss wont be an issue). What if we dont get sponsors? do we even need those? can we put together a community lab? community wi-fi? are we doing ok as networkers? how many ccie's are in Kenya? etc etc....see you there....<br /><br />So in a nutshell we're forming an educational collaborative forum for the coordination and dissemination of technical information related to networking. <br /><br />We'll leverage alot of what AFNOG is doing with more frequent meetings.<br /><br />Everything from broadband, data centers, security, mobile networks, IP, openflow,wi-fi and anything under the moon we deem important will be open to discussion.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1000522314027870749?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com5tag:blogger.com,1999:blog-8812919976949872507.post-78220382088100428712011-11-03T10:16:00.001+03:002011-11-03T10:17:31.941+03:00Ever since Cisco announced their <a href="http://blogs.cisco.com/news/cisco-joins-openstack-community/">support </a>for&nbsp; <a href="http://www.openstack.org/">openstack</a> and software defined networking; I was happy, happy that they won't be left out and happy that maybe just maybe this information would be digested by a company I am 'more invested in'. I cant wait for instance for the 'promised' support on the nexus.<br /><br />But cracks are appearing. The more the network gets closer to getting virtualized, I realize how silly it is of me to 'wait' and see instead of maybe getting in there and contributing something. Let me explain:<br /><br />What this will mean is new books have to be written. First to explain the concept, the technologies and in the future its support. looking at the old ones, updates will probably be written almost daily.<br /><br />And what happens to companies that invest alot of cash on lets say FCoE only to realize customers are not interested, or realize it wont scale, or wont matter squat in multivendor environments because other vendors have decided to go their way?<br /><br />The data center is still morphing. We still don't have important standards for lets say 'cloud' 2 'cloud' mobility. Again this have to be done. Heck down <a href="http://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=3&amp;ved=0CEsQFjAC&amp;url=https%3A%2F%2Fwww.cia.gov%2Flibrary%2Fpublications%2Fthe-world-factbook%2Fgeos%2Fke.html&amp;ei=Oj2yTqDyAtHE8QPfkZyWAQ&amp;usg=AFQjCNFaIPgHXXc2V1FDfV6wYGXLuhBYNA">here </a>using cloud is still hindered by access (say what you want 3G is not good enough, and broadband penetration is still sucky). So while some big companies benefit from companies like Safaricom shelling out some serious cash for several nexus, and going by how accounting tends to be done, expect it to be out of reach for most people.<br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-WrSNiUMDDLc/TrI6cR0NSDI/AAAAAAAAAEg/XRaJwLGysm4/s1600/openflow.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="144" src="http://4.bp.blogspot.com/-WrSNiUMDDLc/TrI6cR0NSDI/AAAAAAAAAEg/XRaJwLGysm4/s320/openflow.JPG" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">source: Juniper Networks</td></tr></tbody></table><br />So over and above everything else -and there's quite alot to be done - Im looking at how I can make direct contributions to openstack and a few other areas of interest to me even if its just simply learning and talking about it:<br /><br />We have huge gaps in Africa. It is very easy for technology to pass us by because:<br /><br /><br />1: the best discussions and forums and meetups happen in Europe or the in the US. When nice things happen around here, they almost always happen in SA, Kenya or Egypt (not much anymore). but travel within Africa is crazy expensive. A flight to senegal from kenya is costlier than a flight to Berlin for instance. However its harder getting the visa to visit berlin - its a friggin pain.<br />2: Most companies here consume products/technology and rarely innovate. So you won't for&nbsp; instance find a Kenyan writing RFC's because - well Im not sure why but personally the fact that I dont really get down to work with new technologies enough to be the 'go to guy' makes me feel like I am better off just waiting - until now:-)<br />3: Groups like afnog are like nanog focused on training.<br />4: Money and general social security - I have learnt first hand how difficult it is to focus on 'new' stuff while constantly worrying about how to make basic ends meet.&nbsp; Im stuck in this weird 'fear' loop at the moment thats driving me nuts. but more on this later and probably elsewhere.<br />5: Its really really hard to focus on a single area of interest (ok maybe Im speaking for me on this one). After 10+ years in service providers, getting excited in data center technologies was not easy - fun but not straight forward- upon realizing i could pick it up faster than most helped.<br /><br />So much that Im currently looking at <a href="http://h18004.www1.hp.com/products/blades/components/matrix/main.html">HP's solutions</a> for this area (between trying to get the cisco DC certification) and going Hmmm! They (HP) have a full inhouse stack that should make them very competitive in this market in direct competition to <a href="http://www.cisco.com/en/US/netsol/ns944/index.html">Cisco UCS</a>.<br /><br />I imagine cisco and Juniper at a classic 'innovators dilemma'. If they dont deal with this, companies like <a href="http://www.nicira.com/">Nicira </a>will have a really nice and easy time. It will take time to get market share but I can see them getting there if the incumbents dont innovate. well they will I suspect outright buy a startup out....we'll see...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7822038208810042871?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-64466744757047213692011-10-11T11:57:00.004+03:002011-10-11T12:14:22.337+03:00Greetings bloglings! <br /><br />Simplicity in design is often overlooked. We have done some really impressive networks over the last couple of years. The data center networks have evolved. VPN's are now IAAS and Im pretty sure marketing guys will keep churning buzzwords to confuse (and unlock customer wallets). <br /><br />RFC 3439 states in part:<br /><br /> 'The Simplicity Principle, which was perhaps first articulated by Mike<br /> O'Dell, former Chief Architect at UUNET, states that complexity is<br /> the primary mechanism which impedes efficient scaling, and as a<br /> result is the primary driver of increases in both capital<br /> expenditures (CAPEX) and operational expenditures (OPEX). The<br /> implication for carrier IP networks then, is that to be successful we<br /> must drive our architectures and designs toward the simplest possible<br /> solutions.'<br /><br />there Ive saved you money.<br /><br />Every once in a while after a design team is done and implemetation happens. Things start going wrong. a link here, a backdoor over there. statements like Oh I dont understand IS-IS can I use OSPF for this segment? are heard!<br /><br />recently/actually currently Im on leave for a month and it just so happens that a friend wanted me to help them re-design their network. Its a hospital (large hospital) big budget for gear, sadly not enough for 'people' to run/support the network.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-0uYhsWvzUK0/TpQIqCML6EI/AAAAAAAAAE0/kubUmfRDKy0/s1600/224687.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 310px; height: 320px;" src="http://2.bp.blogspot.com/-0uYhsWvzUK0/TpQIqCML6EI/AAAAAAAAAE0/kubUmfRDKy0/s320/224687.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5662160149747066946" /></a><br />Anyway. thinking about it, I dont see for instance why hospitals in Kenya cant come together like banks and do a common core. It would save them al lots of money. If a service provider like Safaricom were to be bold enough, nothing stops them from selling their core to the same hospitals. It would save everyone money and some serious future support issues (considering they dont want to hire people).<br /><br />the task of building a large scale packet network is not easy it can be done, but its not as easy as these guys tend to think. ok back to the drawings....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6446674475704721369?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-27896669549636418712011-10-04T09:55:00.004+03:002011-10-04T10:08:22.256+03:00its a rare month. I somehow had excess vacation/leave days and managed to take more than half the number in one go. How long - All of Otober andpart of November:-). My plans are simple:<br /><br />1: Reverse ccie laziness - As I type this, my sitting room is a mess of bike parts freshly imported to give it a fresh feel. I fully intend to add a minimum 500Km within the month on it.So if you see a nerd on a bike at 'kapchorua' please wave him on.<br />2: <a href="http://www.farmken.com/">Farmken</a> finally has a product, customer development is at advanced stages. Not a single negative feedback so far. But we have issues: packaging for retail consumers needs a rework. A kilo of fruits is around 15-20 fruits (don't get conned). sell by the dozen, use egg trays, wrap them up with a nice clear cling type paper with our logo - this also preserves the fruit? we'll see....<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-y8aVCP5Y3K4/ToqvpF6ZkCI/AAAAAAAAAEY/j-At96_FWeM/s1600/images.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-y8aVCP5Y3K4/ToqvpF6ZkCI/AAAAAAAAAEY/j-At96_FWeM/s1600/images.jpg" /></a></div><ul><li>The site will feature an online shop from next week - make it easier to cut out the middle men that come to the farm and make it more expensive to buy fruit for retailers.</li><li>We will work directly with some of the larger 'supermarkets' again in the hopes that our fruits reach the consumer faster and cheaper - need to sort out the packaging issue above. How to do that without charging more is the fun question right now. Im thinking we can swing 170 (Ksh) for 30 fruits which is around 1.5Kg. </li></ul><br />3: I was at the IGF and sat in two panels:<br /><ol><li> <span class="cf_text"></span><a href="http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=Workshops2011View&amp;wspid=63">63. SWOT analysis of the impact of Mobile Internet on Internet Governance in Africa</a></li><li><span class="cf_text"><a href="http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=Workshops2011View&amp;wspid=165">165. Understanding IPv6 Deployment and Transition</a>&nbsp;&nbsp;</span></li></ol><span class="cf_text">I had a lot of fun and intend to build up on the two. I also met some incredible people and can probably see a pivot to policy discussions when the tech ta;ks get a bit much.!:-)&nbsp;</span><br /><br /><span class="cf_text">For IPv6, Im working on some new training materials and validating lab output for the said slides. I'll be teaching IPv6 and advanced network related classes. I'll let you know where/when and how that works with my current job - Just FYI, most of the training is internal but hopefully - considering this are free, I'll check to see if we can include outsiders. I think that would be cool.</span><br /><br /><span class="cf_text">Im also looking at how we can bring together the network user&nbsp; group together more often. throw in some comments if you have any idea. I can probably help arrange a meeting venue, maybe some snacks or whatever if we can raise enough quorum to make it worth the time. We can pick on topics to discuss from trends in the local environment, some design issues you have at work, IPv6 whatever....or just catch up. East African Network User Group (EANUG) anyone?</span><br /><br />4: Catch up on technology. The data center excites me. So expect stuff around vxlan/nvgre etc etc etc.....<br /><br /><span class="cf_text">5: I'll relax alot, read - I paid for a full years subscription of<a href="http://www.ioshints.info/Webinar_roadmaps"> Ivan's webinars</a> that I have not really listened to. I expect alot from there....so there..thats my month...</span>oh I'll probably also blog alot....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2789666954963641871?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-34870663633544428482011-09-09T10:10:00.000+03:002011-09-09T10:10:40.055+03:00The coolest thing/site I just visited <a href="http://liquidr.com/">http://liquidr.com/</a> If only.....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-3487066363354442848?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-53665767508571849682011-09-07T20:12:00.000+03:002011-09-07T20:12:32.762+03:00its a simple school of thought. - you don't need things, as I don't. You are nothing, as I am. Now don't go preparing the firing squad yet. At least let me explain in two paragraphs.<br /><br />I spent the whole morning, the most productive time of my day filling and refilling RFP and justification documents to be read by people who won't understand them, who will then explain them to a tender committee that is even more clueless about my technical needs for a very critical tool; which eventually will be sent out; hopefully to clueful vendors.<br /><br />I felt like walking out right there and then. Out of sight hopefully to never see another word document, or pages, oe excel or numbers.<br /><br />My future definately won't look like the present. I felt divorced from the fruits of that labor. It was definately not worth it. And since I chose not to walk out or speak up, I am nothing, and so are you...if you've ever felt the same and done nothing !<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5366576750857184968?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-53071153901467038922011-09-05T19:04:00.002+03:002011-09-05T19:04:21.636+03:00seriously...nothing, its been busy. One cisco data center exam is throwing me around like a drunk packet. but it's all good fun.....its also coold...too cold to type lengthy posts...that and a couple of things (a few friends ecommerce stuff - i hope they pay me some day:-)) are taking up an already short day.....:-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5307115390146703892?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-23336847199973754612011-08-25T15:42:00.001+03:002011-08-25T15:45:17.530+03:00My buddy Kevo tried to show me/us how to play poker. He didn't get very far. We were all drunk by the time he started explaining texas hold'em. I hope some day he completes that lesson.<br /><br />But Im on a different set of cards. Life cards. See In the game thats life I started winning early.Lost some. But a win as seen by me was rarely seen by other people. We all had different cards dealt. I still have a great set of cards - I think. I lost some along the way. Big time.!!<br /><br />I saw all kinds, related to all manner of people. I did/do feel isolated, sometimes by choice - try the ccie-, a little lonely - maybe, want something better out of life than the cards that had been dealt to me.<br /><br />We all lose sometimes, I know I do. And so do you. We’re all in it together to try to be a little happier in a world that’s just a little too rough on us. I'd like to be kind against all struggles create art, friends, beauty, happiness.I want to grow things, see change I've created.<br /><br />It's weird I'm using a farm for life lessons. Weirder still is the amount of things learnt running a farm that are transferable to another startup. In tech this time - that explains the limited posts here.<br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><img border="0" height="240" src="http://www.farmken.com/images/farmken_images_Aug/IMG_0036.jpg" style="margin-left: auto; margin-right: auto;" width="320" /></td></tr> <tr><td class="tr-caption" style="text-align: center;"><a href="http://www.farmken.com/index.php/farmken-photos-2">farmken's crop</a></td></tr> </tbody></table><div class="separator" style="clear: both; text-align: center;"></div><br />Im happy the fruits are all <a href="http://www.farmken.com/index.php/farmken-photos-2">grown up.</a>...now on to another phase...get them consumed:-) yeah imagine thats what this was all about.<a href="http://www.farmken.com/index.php/farmken-photos-2">..fruits</a>:-) <div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2333684719997375461?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-84663961439513010022011-08-17T09:18:00.000+03:002011-08-17T09:18:07.223+03:00Locate your iTunesPrefs.xml file.<br /><br />It’s usually located in C:\Documents and Settings\username\Application Data\Apple Computer\iTunes or C:\Documents and Settings\username\Local Settings\Application Data\Apple Computer\iTunes.<br /><br />make sure that hidden files are visible in the Windows Explorer<br />&nbsp;&nbsp;<br />Backup your iTunesPrefs.xml file<br />&nbsp;&nbsp;&nbsp; Open iTunesPrefs.xml using a capable text-editor (e.g. Notepad++, Ultraedit, but not MS Notepad)<br />&nbsp;&nbsp;&nbsp; Search for a section called User Preferences and paste the following snippet into the User Preferences Section after the first <dict>:<br /><br />&nbsp;&nbsp;&nbsp; <key>DeviceBackupsDisabled</key><br />&nbsp;&nbsp;&nbsp; <data><br />&nbsp;&nbsp;&nbsp; dHJ1ZQ==<br />&nbsp;&nbsp;&nbsp; </data><br /><br />&nbsp;&nbsp;&nbsp;&nbsp; Save the file and restart iTunes. Backups should now be disabled.&nbsp;</dict><br />To enable backups again delete the XML Snippet from iTunesPrefs.xml file.<br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8466396143951301002?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-78822808387590174082011-08-10T16:55:00.000+03:002011-08-10T16:55:54.158+03:00So yesterday I wore a different hat for a few minutes. I was a scribe. I was requested to just sit in and later advice the business team after a meeting they were having with one of our bigger customers. The requirement was basic, they would like to move their applications to our cloud at some point. Cloud as its commonly known is an interesting service with an even more interesting support model. <br /><br />The desire for designers to avoid single points of failure for critical applications so that catastrophic errors don't occur runs deep. Such failures lead to huge financial losses and a diminished corporate brand for all parties involved.<br /><br />I hope their&nbsp; admins/cio has adviced the business accordingly. Since in this case I was on the provider side, I figured it might help someone if I gave a few tips on what to look out for if coming or going for critical hosting services from one of the cloud providers: Also note I am more interested in storge and networking issues in the data center for now - we just begun). If you buy some virtual machines and run applications well....so some tips follow:<br /><br />Test disaster recovery. It is probably the most difficult one but ensure that you have a solid disaster recovery plan. So lets assume you want to port/move 10 applications to the cloud:<br /><br />As a client; make a thorough analysis of each application before even engaging a provider. This analysis should give direction to the service provider on how to port and test the applications in the cloud, if you'll do it, the use it as a guide.<br /><br />Your plan when executed should test the basic applications in the cloud, the service provider's configuration (what is needed for all ten applications) and also the additional functionality needed for a successful disaster recovery of those applications. Sadly no one in Kenya will do this for you. Well no one that I know of.<br /><br />Use whatever you get from the tests above to build an SLA. Don't blindly walk into an SLA. And don't walk out without one. Confirm in any way you can that there is at minimum architectural reliability.<br /><br />Interrogate the person selling the solution, do they look clueful? Ask if you can get independent audits of the cloud infrastructure. Good providers will let you do it. What should be analyzed first? How do you gain confidence that the SLA you come up with covers all the various types of failure by the service provider?&nbsp; Performance metrics are still needed for each supported application. And please ensure you have before and after porting/migrating statistics to use for comparing whether things are better or worse off. <br /><br />I'll throw in some sample questions to ask and maybe just maybe someone will benefit from them:<br /><br />Storage:<br />How many vendors are used for all application storage?<br />Is de-duplication addressed?<br />How is the SAN switching done?<br />Is only one SAN switch vendor used for all of the applications?<br />How many vendors are used for data replication, encryption to encrypt data for all of the applications?<br />which encryption algorithm is in use, for which tool? <br />how many PKI vendors to manage certificates? <br />and lastly where are the damn certificates stored?<br /><br />You can go deeper (sorry I've been working overtime trying to figure out data centers of late so this will be lengthy)<br /><br />For the network find out what routers/switch are used within the data center? <br />are they redundant? <br />which firewall, IDS/IPS, load balancers, can they steer traffic between redundant data centers? <br />can you test this? <br />are the load balancers redundant? <br />who is/are the ISP's for internet connections, is it on redundant fiber?<br /><br />As a client you at least need to know something about your apps:<br />what is the application's best user response time?<br />response time under load at a certain number of concurrent users, what is the peak number of users expected?<br />How long does the application need to recover from a failure before it affects your operations and leads to loss in any form? at what point do you lose your&nbsp; job? get sued?:-)<br />Is there any component that could affect the application - eg an application tied to a mac-address?<br />etc etc....<br /><br />Finally for each application, throw in a grid of information, maybe a row per application into the SLA. So here you probably want to have functionality requirements, performance metrics and financial penalties for the various types of downtime errors per application.<br /><br />While cloud providers are not obligated to deploy identical architecture as the clients ie same products and software and models and releases as the client's, the provider must meet similar functionality and response times. Areas where this deviation is a risk needs to be documented and the risk of downtime calculated and documented. This also includes the risk of brand loss and potential for law suits.<br /><br />Some performance data for each application also needs to be collected to complete the SLA. Just so you can say - hey it used to be like this, now its worse off....or better off... <br /><br />This will be fun......<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7882280838759017408?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-88051022991299692702011-08-08T21:03:00.003+03:002011-08-08T21:05:35.998+03:00see I've had very interesting debates on QOS. Having recently put up a +10G core, I found it hard to understand why QOS was such a big deal. We did do it, we have a very kickass QOS policy. It is even implemented and documented and alot of guys using our network mark packets appropriately.<br /><br />While 'random surfing' today, turns out there's a weird phenomenon known as <a href="http://www.cisco.com/en/US/products/sw/cscowork/ps2064/products_case_study09186a00800911e4.shtml">instantaneous buffer utilization/congestion</a>. <br /><br />This instantaneous buffer utilization can lead to a difference in delay times between packets in the same voice stream. This difference - jitter, is the variation between when a packet is expected to arrive and when it actually is received. To compensate for these delay variations between voice packets in a conversation, VoIP endpoints use jitter buffers to turn the delay variations into a constant value so that voice can be played out smoothly. <br /><br />Hence the primary role of QoS in a network like ours is not to control latency or jitter but to manage packet loss. In 10GE campus networks, it takes only a few milliseconds of congestion to cause instantaneous buffer overruns resulting in packet drops. That single drop is what we take care of with QOS on a 10G core, its why we'll do it on the 40G core...it's why we'll keep doing QOS....I still suck abit at <a href="http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.html">QOS</a>....its just too nuanced for my attention span..<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8805102299129969270?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-61815168628283049962011-08-08T15:54:00.001+03:002011-08-08T15:57:16.628+03:00So I spent quite a bit of time last weekend with a girl I like - yes I occassionally 'hang out'. Unfortunately Im so me I ended up asking the usual 'does what you do every day bring you joy, satisfaction and happiness'.<br /><br />I get really scared when answers to that question are structured areound 'things'. A house, a car, a person. <a href="http://sivers.org/">Derek Siver</a> writes:<br /><br /><i>"Most people don’t know why they’re doing what they’re doing; they imitate others, go with the flow, and follow paths without making their own. &nbsp;But only you are responsible for making your perfect world. No matter which goal you choose, there will be lots of people telling you you’re wrong. But it’s your dream; you’re personal dream that you’re responsible for pursuing."</i><br /><br /><br />When I sit with people, I listen to what they do, maybe you listen to what I do ; no&nbsp; not for the 8-5 work. The discussions center around what we do after 'work' in pursuit of fulfillment. A few minutes into seating with me you realize how much I want to get into technical training. <br /><br />Most of you will throw in ideas around that for me. Those aiming at cunsultancy discuss how we can work that in. So for this particular conversation the issue seemed to be how many Ideas I tend to have that never actualize. Or that I don't own a car (it never made sense to me for a long while), or a mortgage. There was visible annoyance. The answer was 'discussing them doesn't mean I want to pursue them all'. It means for the ones (ideas) I discuss with you, I'm happy if you use some or all of them to better your business or life.<br /><br />This same thing happens alot when I look at someones configuration or design or code and offer improvements. It makes me happy. Having that conversation with this particular person made me yet again realize how different people are. And how much your way of thinking is shaped by school, media and well their personal fears/values.<br /><br />I for instance hold very interesting views on education and what makes for a good one, home ownership, religion, politics, relationships (human relations confuse the heck out of me) and pretty much everything else. It is on a very rare day I agree with people on most issues.<br /><br /><br />The focus for me tends to be me being my best self, defining success and goals !for me, then being around people that challenge me, are better than me. They however do this after 'getting' where I'm headed. I hate arguments that feel 'text book' or main stream something like you should be married with two babies by this age, or you should own a house by now raely go down well with me. The same way you should have visited at least 10 countries by now, mastered a musical instrument, climbed at least one mountain, had a pilgrimage rarely gets understood.<br /><br />And if you ever have a wonder about my worst nightmare<i>: it is living your joyless of joyful dreams as mine goes unaccomplished.....I prefer failing at my own dreams....it makes me happy - yours suck:-) because they are not mine now are they..... </i><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6181516862828304996?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-86249873458362420142011-08-05T10:04:00.001+03:002011-08-05T10:04:28.923+03:00So I got an invite to participate in this years <a href="http://www.intgovforum.org/cms">IGF</a>.I heard of the IGF last year and going by the amount of heckling, noise and politics that goes with governance especially when Kenyans get in the mix, I was not really interested. After going through previous sessions just to know what I am getting into, I was wrong on that assesment. Completely wrong.<br /><br />This year it will be held in Kenya, at the UN headquarters Gigiri, this year I might just get a chance to steer debate, a chance to actually make a mark and interact with policy makers from all over the world, a chance to speak <a href="http://www.afnog.org/afnog2011/conference/">again</a>, this is a good year.<br /><br />Since an IGF is attended by a very diverse group of stakeholders, from different countries, you can expect alot of learning to happen.<br /><br />So what is internet governance:<br />According to the Tunis&nbsp; agenda:&nbsp; Internet&nbsp; governance is&nbsp;<i> “the&nbsp; development&nbsp; and <br />application&nbsp; by&nbsp; governments,&nbsp; the&nbsp; private&nbsp; sector&nbsp; and&nbsp; civil&nbsp; society,&nbsp; in&nbsp; their&nbsp; respective <br />roles,&nbsp; of&nbsp; shared&nbsp; principles,&nbsp; norms,&nbsp; rules,&nbsp; decision-making&nbsp; procedures,&nbsp; and <br />programmes&nbsp; that shape&nbsp; the evolution and use of&nbsp; the&nbsp; Internet.”</i><a href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">(Paragraph 34, Tunis Agenda).</a><br /><br />This year will focus alot on mobile devices and there is an IPv6 agenda. Thats probably where you'll find me making the most noise. I however am lucky in a very random aspect: I work at Safaricom and have access to data and people that analyze it. I see first hand the effect of our product in the market.<br /><br />Imagine raising more than 120Million shillings for the hunger striken from several Million subscribers selflesly giving (MPESA,shortcodes, tshirts), imagine how much the internet has penetrated society just by use of cheap mobile handsets, imagine mobilizing community/county development using these devices.<br /><br />At the rate we're going, we as a community can for instance vote using the internet, using our handsets, using sms for what development we want to see, we can then partner with local councils and actually use the same medium to raise money (shortcodes, mpesa etc)....<br /><br />on IPv6 I have ideas on how this is likely to change things, make it more effective to use the internet, break application barriers that IPv4 imposes on application writers. Since the management of critical Internet resources is at the core of these discussions, IP obviously comes top on the list of things to be discussed. Is electricity a critical internet resource?<br /><br /><br />The internet operates in a global&nbsp; space&nbsp; without&nbsp; a&nbsp; formal&nbsp; constitution&nbsp; and&nbsp; established&nbsp; procedures, changes in the governance arrangements or the introduction of new resources almost always require experiments. Today we have had successful experiments (arpanet), silicon valley. With this in mind each&nbsp; new&nbsp; task&nbsp; in&nbsp; the&nbsp; area&nbsp; of&nbsp; critical&nbsp; Internet&nbsp; resources&nbsp; turns&nbsp; out&nbsp; to&nbsp; be pioneering work with uncertain outcomes.<br /><br /><br />On IPv6, I believe the way forward is to just get on with it; all of us together. The teachers should teach it, networks should provide it to users, policy makers should ensure IPv6 is embeded in their decision making. We all need to jump together then deal with the issues as they come along. Thats how the internet grew, thats how we should move it forward. <br /><br /><br />So why is why is&nbsp; the&nbsp; uptake&nbsp; of&nbsp; IPv6&nbsp; is&nbsp; so&nbsp; slow&nbsp; and&nbsp; what&nbsp; are&nbsp; the obstacles&nbsp; that&nbsp; prevent&nbsp; vendors&nbsp; and&nbsp; operators&nbsp; from&nbsp; offering&nbsp; IPv6? I work for an operator, I work with vendors. Apart from ignorance, the other obstacle as far as I can tell is fear.I think one of the things I hope to bring in is that:<br />- IPv6 works, the transition can be painless - I have some experience with this and don't mind working with whoever requires the know how.<br /><br />Ref:<br /><a href="http://www.intgovforum.org/cms/images/2010/book/igf.sharm.book.final.pdf">http://www.intgovforum.org/cms/images/2010/book/igf.sharm.book.final.pdf</a><br /><a href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">Tunis agenda</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8624987345836242014?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-53997413187210503272011-08-03T10:02:00.001+03:002011-08-03T10:03:30.595+03:00well the key to a good party is to ensure one of your closest friends, preferably a <a href="http://www.jackrooster.com/">ccie </a>is a <a href="http://www.jackrooster.com/">DJ</a>/musician/in marketing so you get free VIP tickets and the right to go goofy infront of a camera:-) Occassionally we do work....like right now Im working.....zzzzzzzzzzzz<br /><br /><div class="separator" style="clear: both; text-align: center;"><img border="0" height="214" src="http://2.bp.blogspot.com/-S2beo54WJjQ/TjjyMOzQUtI/AAAAAAAAAEU/JDEpSm29hhM/s320/Gitau+%2526+Jack+Rooster+%2540+BoomJinx+July2011.jpg" width="320" /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5399741318721050327?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-13577966521192133822011-07-19T20:39:00.002+03:002011-07-19T20:43:03.666+03:00So i have been spending alot of time trying to get some light through the data center darkness in my head. I'm proud to say I can guide myself through that maze for about 3 meters before the evil dark lords show up. Every time I open the Data center stuff, I feel like I know nothing, there's vmware that I've used for ages but now has far too many fancy facelifts, storage is a pain I'm wishing would go away everytime I open a book on it -they are all different.<br /><br />I have concerns, some small some huge. That the entire DC network model is 'flat' worries me. I've spent years learning to get as much as possible to layer 3 as possible. All of a sudden I have to deal with all this layer 2 mishmash competing for space in a single data center. I also get the sense that standards bodies especially for storage are way way behind or playing politics or waiting to see what techology and or vendor most customers adopt. needless to say Im quite silly in this area.<br /><br />Lastly when I look at all the capacity - processing, memory, bandwidth etc going in there (think several cisco VBlocks - add a multiplier of more than 10) you suddenly realize the sales strategy to sell this has to be solid. I also decided tha t electicity costs more than bandwidth and storage combined.<br /><br />Cloud computing success relies heavily on high-speed bandwidth. Whether streaming movies, backing up your data or running applications from the cloud, the ability to get data quickly from the cloud to the computer , phone or&nbsp; <insert fancy="" gadget=""><insert fancy="" gadget="">(Insert fancy gadget name) is a key requirement for rapid adoption.&nbsp;</insert></insert><br /><br />Our access is primarily 3G, followed by 'others'. Bandwidth to the home has absolutely not kept up with another key ingredient for cloud storage/backup success: hard drive prices (depending on where you buy the drives), It is still way cheaper for most users to store backups at home. Obviously you can tell I'm thinking about mass adoption for cloud destined backups. <br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="http://www.storagenewsletter.com/images/public/sites/StorageNewsletter.com/articles/icono7/ibm_ramac_5.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="243" src="http://www.storagenewsletter.com/images/public/sites/StorageNewsletter.com/articles/icono7/ibm_ramac_5.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><a href="http://www.storagenewsletter.com/news/disk/history-first-hdd-ibm-ramac-350"><b>The Ramac weighed over a ton and was delivered via cargo airplanes.&nbsp;</b></a></td><td class="tr-caption" style="text-align: center;"></td></tr></tbody></table>If bandwidth prices were to drop at the same rate as storage prices, I'd probaby have 800Mbps for less than KSH.10000 today a month. If someone were to then sell me a diskless<br />&nbsp;workstation, who knows, I would probably consider it.<br /><br /><b>The hard drive IBM shipped in 1956:</b><br /><br />* Stored 5 megabytes (MB)<br />* Cost $11,000 per megabyte<br />* Was 60 inches long x 68 inches high x 29 inches deep<br />* Weighed about 1 ton<br /><br />In today’s dollars that would mean:<br /><b>A $179 16 GB iPod Nano:</b><br />* Stores 3,200 times more data<br />* Would cost: $1,429,176,320<br />* Requires 8 semi-truck shipping containers to hold the data<br /><br /><b>A petabyte of storage would:</b><br />* Cost: $93,662,499,307,520<br />* Require a building the size of 10,814 football fields to hold the drives<br />* Require 472 of the <a href="http://www.datacenterknowledge.com/special-report-the-worlds-largest-data-centers/worlds-largest-data-center-350-e-cermak/">world’s largest data centers</a> to hold the drives<br /><br /><br /><span style="background-color: #351c75; font-size: x-small;"><i>Source: http://blog.backblaze.com/2011/06/21/94-trillion-petabyte/</i></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1357796652119213382?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-11262467270639051992011-07-17T12:12:00.005+03:002011-07-17T19:03:10.631+03:00<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://www.totalmotorcycle.com/photos/2011models/2011-Ducati-Monster696d.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="149" src="http://www.totalmotorcycle.com/photos/2011models/2011-Ducati-Monster696d.jpg" width="200" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The Monster 696 - 'my dream-mobil'</td></tr></tbody></table>For a couple of months now I have depended on a neighbor /workmate for my daily commute to work - being without a car and all. One of the advantages/disadvantages is inadvertently work makes it into our 'in car' conversation.<br /><br />I worked the last project with him, his expertise being in transmission. I learnt a lot from this guy. He ran circles around most of us when it came to DWDM and was highly instrumental in our CRS-1/7609-s DWDM 10G core transmission strategy and its success. Some of our sites have well over 50G(bps) in capacity.<br /><br />So anyway, the guy goes like - hey after all this work we have done, how come we still can't work from home. Being one not to lie about stuff like that, I outright mentioned that I do at least 30% of my work at home.<br /><br />While I was indisciplined before, working on the CCIE ensured that I have a comfortable office at home, and a very well set routine. Infact were it not for meetings and factors that I outline next, I can easilly do 90% from home, probably deliver more while at it. <br /><br />Now my work requires bursts of concentration, just 2 hrs a day is enough to come up with draft technical documents, another 2 hours to read through team submissions if any and the rest of the time is ideally spent critiquing design points with the team or alone. (white boarding and discussing various points is the best part and it ensures we're on the same page). This by the way can and should be offsite. It should also be done often and probably be mandatory for a design team to meet at least once a week to brainstorm ideas.<br /><br />Good planning includes setting commitments, responsibilities, measurable goals, objective metrics for tracking, and following up on all of this with an actual review. Tracking and reviewing measurable performance factors leads to accountability. With clear guidelines and expectations documented (probably signed off too), and the right technologies, anyone in a technical field especially the creative end of things - programming/design can pretty much work from anywhere.<br /><br />So in conclusion that conversation had us come up with draft task lists, proper deliverables and ways of dealing with requests as they come to the team for instance someone has to take ownership of all meeting requests, email requests support escalations etc. There might also be need to have a 'weekly mandatory must be in office person'.<br /><br />Most of this is still an ongoing process and we have also realized how much actually goes un-done even when guys come to 'work'.<br /><br />In summary -<br /><ol><li>Set very clear goals and tasks. (run everything like a project no matter how minute).</li><li>Measure them with clear deadlines - throw in a a line like, if you miss any deadline, YOU HAVE to WORK from the OFFICE daily for a month.</li><li>Set up a team mailing list or portal (preferred), you need a tool to track things.</li><li>Ensure someone is responsible for adhoc requests.&nbsp;</li><li>All meeting requests should go to the team not individuals, The team should have a way of ensuring attendance and post meeting sharing. Some meetings should really go unattended, having an evaluation criteria shared with everyone would help ensure you're only invited to meetings relevant to your team.</li><li>Let everyone know that 'the team' works together and share your plans.</li><li>Set up a collaborative portal or method of remote sharing stuff. <a href="http://www.safaricom.co.ke/">We</a> for instance have or are in the process of launching some serious teleworking solutions designed by us, I say we eat our own dog food on this one.</li></ol>Refine the plan as you move along....either way I hope in the end to have the culture that I must be at my desk slowly change.<br /><br />In planning, the annoying bit is our processes always have an 'input', that which triggers a design change, it is on a rare day that we get accurate inputs. With that in mind, our/your planning is about the interdependencies,linkages and coordination of the different parts of the network/business such that having a plan makes dealing with the unexpected much easier, not harder.<br /><br />Good planning reviews results - a stable easy to manage network and assumptions regularly, If you feel like things are too quiet, maybe ask to see customer's every once in a while. Their crappy networks should keep your juices flowing. (please note doing a good job here can get you fired since at some point people start wondering what the heck you do, tell them the networks stability is your KPI:-), tell them they owe you.<br /><br />Trust me! reacting to the unexpected when there is no planning for each and every command run on the network, documentation and anything that goes hand in hand with a well designed network is harder than doing it right the first time. That and an idiot can reverse all your work in a second - literally (for instance lock all Route reflector configs change control should be much stricter there).<br /><br />If you succeed to even get 50% time approved to work remotely, please share with me how you went about it.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1126246727063905199?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-58923123556175503292011-07-15T09:55:00.000+03:002011-07-15T09:55:11.405+03:00There is also a rumour of a ccie data center that if confirmed will definately get done.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5892312355617550329?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-1447404106670774162011-07-06T20:50:00.000+03:002011-07-06T20:50:16.819+03:00Life is hard, margins are shrinking<br /><br />Oh well ... I'm seated here having done some kick ass projects. Some were/are fun, others not so much. If we were a factory producing raw material, we have produced it in excess. The capacity is there but hmm where are the damn users. <br /><br />Let me re-tell this with an analogy of sorts. Most of our parents by the time they could afford to build or buy houses went out and bought huge/built 7 bedroom maisonettes hoping you and your siblings would live there forever.<br /><br />Unfortunately for them you moved out/on , so did your siblings. Now they have all this idle rooms. A few entrepreneurial types converted the houses into guest houses and are making steady income from the house, others need someone like me- a true mugikuyu to talk to them about how to maybe get a return on that investment.<br /><br />When you build a network or a data center and for some weird reason the dimensioning data came from somewhere other than actual customer requirements ie you make some assumptions, look at the budget and buy the biggest boxes, you risk having lots of idle capacity.<br /><br />But what if you have a marketing dept. that looks at this capacity, adds value, packages it and sells it?&nbsp; I think a really good marketing department should help planning and engineering teams figure out how to deliver product(s) that customers need and want. They should be directly involved in service definitions.<br /><br />It starts with a deep understanding of what customers need and making sure the planning and engineering is getting continuous customer feedback and interaction data.&nbsp; They also need an understanding of what we are building, how much it cost, how to maximize revenue off it maybe be by branding or product extensions (branding extension is for instance giving two customers 1Mbps links but throttling one link to 128kbps and selling it cheaper).<br /><br />Thats the kind of marketing department (in whatever form) I'd like to work with in a technology company. In most such companies, engineers produce raw materials, marketers should take those and sell products. If you are in marketing, head over to engineering and look at the raw materials.<br /><br />What I know from running a few businesses or seeing them run is in the end it is always about sales. The money. You can bullshit all you want but that is the bottom line.<br /><br />So if for instance you outsource marketing end to end including product creation, packaging etc without having the expertise to judge or manage the results, you are pretty much screwed, learn the metrics to keep track of, your engineering team knows and can help. Be 'with it'. (My opinion has always been - outsource what you are an expert in unless you want to get conned').<br /><br />Now what brought on this post????????????<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-144740410667077416?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-56080921184289563992011-07-06T19:57:00.001+03:002011-07-06T19:59:10.455+03:00So there is a huge debate over at skunkworks mailing list home of an elite technical group. Someone raised a storm with some statements about cloud computing.<br /><br />Now the term cloud has been <a href="http://www.thirdworldnetworkers.com/2011/06/third-world-networkers-inflight-diary.html">abused</a> several times. Over and over people keep bringing it up in contexts that I don't feel fit the word. Im not trying to clear that. Not today. In fact this post has nothing to do with cloud. More on that some other day.<br /><br />I love the entire idea behind cloud. Public cloud from the likes of Amazon have been a huge game changer in the startup arena. I use the AWS for some services.<br /><br />Private clouds will definately make a huge difference in our lives in Kenya if well priced and positioned otherwise I might very well use a public cloud elsewhere. I doubt a public cloud platform will happen soon here. I also believe cloud is not the main issue at the moment. Awareness is.<br /><br />Security is of huge concern for me. I am especially scared of handing my data to a service provider that 'exports' my data to some 'cloud' hoping someone over there will keep it safe.I get scared if said person doesn't even ask me before handing the data over.<br /><br />Another challenge is changing how managers and project managers think about processes.Cloud computing breaks most of the models in use today for a service portfolio. I can already see some confusion in meetings I attend. So for instance if you came from the ITIL Prince2 school of thought, the vertical blocks (cost analysis, business plan, service overview, technical plan, implement,operate) can't/won't scale.<br /><br />Cloud computing gives you layered portfolios. Visualizing this can be a pain to comprehend for even experienced users. So for that mailing list the question really is how exactly is a novice regular user supposed to comprehend it and take advantage of it. How do you show value?<br /><br />Start small, start by creating value services, created demand for a service, be open to audits, to discussions, let your technical people talk to the customers (note I said technical not your sales drones).<br /><br />Personally I'd start from small communities like an estate of lets say 50 houses,Ensure each and every house has access to a 'community network either cable or wifi or whatever, show them how voip between your home and a sentry gate with a few IP camera's and community wifi can secure the 'estate'.Let kids have online multiplayer games, host a local movie database, or music, or photos, install a microphone, record your amateur guitar, stream it to your neighbor....<br /><br />Have an estate site where users and home owners can access and check on their houses. host community bulletins online, maybe a 'for sale' board online, start engaging locally....and on and on and on....thats the kind of activism I want to be involved in...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5608092118428956399?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-85275151932840638052011-07-05T16:17:00.001+03:002011-07-05T16:17:08.572+03:00<div style="width:425px" id="__ss_1798664"><strong style="display:block;margin:12px 0 4px"><a href="http://www.slideshare.net/reed2001/culture-1798664" title="Culture" target="_blank">Culture</a></strong> <iframe src="http://www.slideshare.net/slideshow/embed_code/1798664" width="425" height="355" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe> <div style="padding:5px 0 12px">View more <a href="http://www.slideshare.net/" target="_blank">presentations</a> from <a href="http://www.slideshare.net/reed2001" target="_blank">Reed Hastings</a> </div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8527515193284063805?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-62447649440429572022011-07-05T12:27:00.000+03:002011-07-05T12:27:29.332+03:00Everyone In Kenya tends to be involved in one form of business or another. Whether you know it or not, all those 'trials' are startups. Most never make it. Sad.<br /><br />I have no illusions. A startup is not yet really a business. it's more like checking out the market, getting customers, working towards structures trying to figure out a repeatable business model that when finally found should be able to replicate and keep growing ideally without much of the founders day to day baby sitting.<br /><br />Since I work for a <a href="http://www.safaricom.co.ke/">tech. company </a>and really didnt feel like muddling the 'disclosure' waters, our first startup was a farm:-), because I love being in one. We've done some really crazy experiments, figured out how the local vs export market works for passion fruits, tomatoes and green beans (michiri:-)).<br /><br />I know what a charcoal cooler is, I know how irrigation works, we have customers. Things look good <a href="http://www.farmken.com/">over there.</a> But how do you start transitioning this to a 'business'. It's two years down the line, the structures and processes are in place and you'll be surprised at how much a farming business is alot like umm a tech business (those lessons are coming in handy at another forum right now).<br /><br />So anyway, we 'the founders/shareholders' had to come up with roles for each of us, remember this is a farm so one of us had to pretty much 'live there', I did the financials and other tech stuff - like arranging for irrigation, automating it where possible, we had one other partner dealing with our 'partners' and labor. It's worked well. We tried to 'follow a typical business' cycle - heck we even filled a <a href="http://ingenia.files.wordpress.com/2010/12/business-model-generation_9canvas1.jpg">business model canvas </a>- more on this later ( and I'll never do any business again without fully going through the process).<br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="http://ingenia.files.wordpress.com/2010/12/business-model-generation_9canvas1.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="197" src="http://ingenia.files.wordpress.com/2010/12/business-model-generation_9canvas1.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Business model canvas - work with it!</td></tr></tbody></table>Why this, why now - well, there's alot of hooha on startups and entrepreneurship in Kenya today. It's really awesome. Alot of it is noise and people hoping to make things work. Since there's a really high chance I'll be going 'that' way this time for a tech company, It is interesting to try and co-relate the tech and farm.<br /><br />This will also form a guide on what I finally settle and decide to do academically! - don't ask....:-)The basics are the same.<br /><br />They are both businesses, they both call on leadership skills - so the leaders ability to articulate the vision,The right kind of ambition and an ability to achieve the said vision. I'm still putting together a proper story (I like stories and believe if I cant tell a nice clear story about my plans, agenda then my vision and strategy are blurred and there's probably going to be a misunderstanding).<br /><br />I just love the idea of creating a culture, setting clear objectives, manage expectations - all things I have been learning but can't really exercise where I work .... and Im also scared and worried - the usual....<br /><br />Oh well...i guess just a filler post today....and not quite a guide now is it:-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6244764944042957202?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-38105170024428893752011-07-01T11:10:00.003+03:002011-07-01T11:14:46.700+03:00So lets take a typical user on the Safaricom network. He has a mid range phone, lets say a Nokia E72, or an IDEOS from Huawei.<br /><br />He clicks on the you his 'buy this' Icon, selects a video somewhere on the internet, pays via MPESA, the processor screams and cycles around calls up a couple of routines, fires up the video player or browser, creates a moving object on his screen, he's happy. Now lets take a look at exactly what goes on in the background from the moment he 'clicks'.<br /><br />For a network operator to offer really great service, they need to have full end to end control of the network, the enduser device and the content. The End 2 End view of the mobile service in this case the 'video' is best premised from the perspective of the user. His/Her ability to watch their movie in a frictionless manner after paying for it is the goal.<br /><br />From an implementation perspective, severalservice providers are involved:<br /><ul><li>- The Mobile network operator - lets say Safaricom.</li><li>- The guy providing video,</li><li>- The guys pocessing the payment</li></ul>Does the consumer in most cases know of the multiple 'service providers' involved? nope! most don't, in most cases they shouldn't.<br /><br />For most of us users, the mobile view we hold is that the operator is responsible for the access and content. Unfortunately the Operators 'span-of-control' is often limited to internal content or external content endorsed by the operator eg content served by Mobile network operators like bernsoft for Safaricom. Other than that there are multiple considerations involved in optimizing E2E service delivery.<br /><br />While&nbsp; a network operator will undertake alot of effort to ensure a memorable experience to the end user; maybe by using agreements sometimes commercial and standards, or sometimes co-operation with content providers, it is not always the case. Guys like Google and Facebook make alot of effort to co-operate with network operators. Others like CNN; not so much.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-wMqbpwEHn9Q/Tg1-uAU-_EI/AAAAAAAAAEQ/FsuW5jWS6Pc/s1600/mobile-broadband.bmp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="http://1.bp.blogspot.com/-wMqbpwEHn9Q/Tg1-uAU-_EI/AAAAAAAAAEQ/FsuW5jWS6Pc/s320/mobile-broadband.bmp" width="320" /></a></div>Components to consider if you want to have E2E QOS:<br /><ol><li>The UE - aka handset - Unless its a certified unmodified device, the operator can't claim control here.</li><li>RAN - Radio Access Network: On the one hand, the mobile service provider has full control over the nodes that make up the RAN. We now have QOS and standards defined to take care of this area.&nbsp; On the other hand, there is another aspect of the RAN over which the mobile service operator has only very limited control: the literal, over‐the‐air portion.</li><li>Backhaul : If you own it, you control it.</li><li>Core Network: mechanisms can be implemented here that participate in network<br />management and optimize the QoS since the operator almost always has control.</li><li>Operator Owned content like the safaricom portal content: Content includes both the applications as well as any digital media that are part of the customer’s service subscription. For this there is full control by the mobile operator and it is almost always optimized to as close to the user as possible.</li><li>Internet and other external content: Only at the point of Ingress/Egress. So if Facebook suddelny goes offline, don't expect the mobile/network operator to know or even care. Poorly written applications can introduce QoS issues not only for the user of the application,but for other users as well. I've seen and had to mitigate this several times on our network.</li><li>Branded content: It sometimes happens that external entities offer branded content. For this the operator has limited control.</li></ol>Also consider mobility,viruses and general end user demand variations. All this add up to the complexities involved in running and optimizing a network.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-3810517002442889375?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-69313656429603486972011-06-24T16:07:00.001+03:002011-06-24T16:08:28.995+03:00*Overdone networks are hard to recover cash from, design wisely....<br /><br />‘overbuild-at-all-cost’, We need more, we'll sell more, this is not enough! are terms I get to hear often. You build a network, someone decides the nodes look too 'small', you buy bigger for more money of course. No business driver at all. No plan on how to sell the capacity nothing!. well nothing that seems to make sense to me.....<br /><br />I've read alot on economic decline, how a society doing so well slowly goes down, how it slowly atrophies and dies. It's rarely obvious or in your face, its like a cancer creeping up on you. Again so slowly.<br /><br />Denial!, fight off competition, fight new technologies that you don't understand, get rid of people showing some initiative....die die die...<br /><br />Lets do AMR (Automated Meter reading) - no, its too complex, oh actually no it's not I say, Hey I said no- says the boss. Oh how about wifi offload? No! it's a bad idea ; no actually It's not, its perfect...haha you're on thin ice. Well guess what, I foresee wi-fi taking over alot of data in the future - not very far off future....we'll see....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6931365642960348697?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-6926115444540724952011-06-23T15:13:00.004+03:002011-06-23T17:27:03.141+03:00So i'm on 'fire' today. Just got from a lengthy workshop where some security questions were raised. Back at my desk, I couldn't wipe security off my head. I had to commit something to <strike>paper </strike>this blog, just so I can read it in the future and reflect on this moment.<br /><br />So what does the internet have to do with drugs,food,sex,water,a roof over my head? Well to put it simply; I just can't do without it. It's become a basic need. Infact I posit that any country above third world would hyperventilate and die immediately if the 'internet' were to go off. Internet here being relative. I am so sure there would be social unrest in Kenya if <a href="http://www.facebook.com/">facebook</a>, <a href="http://www.google.co.ke/">google </a>and <a href="http://www.twitter.com/">twitter </a>were suddenly unreachable.<br /><br />We'd have mass walkouts. The impact of those outages would be felt more on the Kenyan streets than on wall street. We are so dependent on the internet in everything we do, it's just unthinkable to imagine a life without it. Sort of like asking me what life was like without without a cellphone - I have absolutely no idea.<br /><br />The wizardly that goes on to make this work would make <a href="http://lotr.wikia.com/wiki/Gandalf">gandalf </a>wince. There must be another set of <a href="http://harrypotter.wikia.com/wiki/Dark_Wizards">wizards</a> working in the heads of people trusting their key data to some of these networks. If an airline for instance hosts their reservation system with a cloud solution provider without an audit, or some very detailed due dilligence, they deserve whats coming to them at some point in the future.<br /><br />The internet is an asset. Soon we'll be controlling our homes, security, spouses over the 'net'. We use it to control infrastructure, we network our armies with it, our financial institutions, governments; everyone. Now we're willing to throw sensitive data to a<a href="http://www.cloudcomputingzone.com/2010/09/u-s-army-takes-cloud-computing-to-afghanistan/"> 'cloud</a>'. Im telling you this just couldn't be made up.<br /><br />If Ugandan's encroach,camp and fish at <a href="http://en.wikipedia.org/wiki/Migingo_Island#Uganda-Kenya_dispute">Migingo</a>, everybody yells and accuses the government of laxity for not going to our borders defence. What if a Kenyan hacks into the Ugandan central bank? is that an act of <a href="http://www.langner.com/en/2011/06/03/a-declaration-of-bankruptcy-for-us-critical-infrastructure-protection/">war </a>or just a crime?&nbsp; Imagine if a tanzanian obfusicated an attack on a kenyan network, a major attack like on <a href="http://www.kplc.co.ke/">KPLC</a>'s main power facilities took it down but made it look like a Ugandan? think thats hard? start the thought process over again. Now would that be an act of war? against who?<br /><br />We have <a href="http://news.cnet.com/8301-1009_3-20070988-83/lulzsec-hackers-attack-senate-site/">Lulz </a>and <a href="http://en.wikipedia.org/wiki/Anonymous_%28group%29">Anonymous </a>wrecking havoc on very key facilities/sites world wide. Imagine what would happen if they set their sights on us. <a href="http://www.wired.com/threatlevel/2011/05/l-3/">RSA </a>was compromised, <a href="http://itknowledgeexchange.techtarget.com/security-assessment/tag/security-compromise/">HID</a> (Do you have any idea how many users/organizations use HID, if you have a key card, just have a look at the back, 90% are from HID) has been exposed, how many Kenyan companies use them without even knowing of these exploits.<br /><br />Security is hard, rarely userfriendly, annoying and often ignored. This stuff is real, I could make it up but my imagination can't scale. Plus to some extent the internet scares me. I for instance only know how much I'm worth through some electronic data; bits, ones and zeroes, what if my bank lost it? where do they even keep it?, Imagine if we all went to ATM's later today and can't withdraw money, or clear cheques? How would we treat our girlfriends?<br /><br />It could be anywhere this threat I perceive. Users for example can be total idiots me included. Perimeter security is totally impotent in the face of a failure of endpoint security – if your attacker is indistinguishable from a legitimate user&nbsp; maybe because they have access or compromised the real user’s computer and can impersonate them digitally), your goose is cooked.<br /><br />There is no amount of education or training or cajoling that can defeat a well-executed <a href="http://en.wikipedia.org/wiki/Logic_bomb">con</a> (e-mail from a trusted coworker containing an Office attachment, drive-by malware hosted on a major website or ad network, etc.).&nbsp; Your users have to have access to the network, so in this case the key to the gates of heaven, is also the key to the gates of hell. go figure.<br /><br />What we need&nbsp; are solid systems operating securely and reliably. Crippling <a href="http://www.langner.com/en/2011/06/03/a-declaration-of-bankruptcy-for-us-critical-infrastructure-protection/">cyber attacks </a>can be directed at economic,transport, military,key infrastructure. Protect them, don't connect them to the internet, if you must, ensure you have a solid plan for security.<br /><br />Trust me, worry or don't worry - anyone can be taken out....literary<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-692611544454072495?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-27092240948982104822011-06-22T20:36:00.002+03:002011-06-22T20:48:37.335+03:00<div class="separator" style="clear: both; text-align: center;"><object class="BLOGGER-youtube-video" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" data-thumbnail-src="http://3.gvt0.com/vi/u6XAPnuFjJc/0.jpg" height="266" width="320"><param name="movie" value="http://www.youtube.com/v/u6XAPnuFjJc&fs=1&source=uds" /><param name="bgcolor" value="#FFFFFF" /><embed width="320" height="266" src="http://www.youtube.com/v/u6XAPnuFjJc&fs=1&source=uds" type="application/x-shockwave-flash"></embed></object></div>Make sure they make sense:-) I enjoyed the video on motivation......skip to minute 6 to see where it really gets me!...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2709224094898210482?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-48178738697195818582011-06-19T14:31:00.000+03:002011-06-19T14:31:12.214+03:00Im trying to figure out where to go for lunch. A friend is at <a href="http://kenyabuzz.com/biz-directory/entertainment/restaurants/osteria-del-chianti-karen">Osteria</a> (Karen) and its tempting, but a family event will probably get in the way.<br /><br />So obviously since my brain refuses to rest, I kept asking whether my profession currently really makes a difference in the world. It's silly really considering what the networks we've build over time have done.<br /><br />951 was a revolutionary service, people in extremely remote places didn't have to drive for miles and miles looking for a cyber. I design/ed networks that carry more than 50% of all voice traffic in Kenya, more than 70% of data.<br /><br />My grandmother uses these things, I know a <a href="http://www.farmken.com/">farm</a> planning on using sms to trigger irrigation systems (Automation is too much and its hard to automate the rain), I have cycled to Mombasa for charity...so yes I feel pretty good about myself today and its a beautiful day...too beautiful to keep reading up on datacenter 3.0.....Im heading out...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4817873869719581858?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com2tag:blogger.com,1999:blog-8812919976949872507.post-28211378420424713402011-06-18T11:57:00.001+03:002011-06-18T12:00:58.486+03:00Every single day I get up, go work come home, routinely in the past, I would take my bike out for a spin in the dark in the morning, on the weekends after long work weeks,and ccie study <a href="http://www.jackrooster.com/">Jack</a> and I would fortnightly head out for<a href="http://connect.garmin.com/player/65685286"> a hike </a>and just marvel at nature.<br /><br />I had huge 'fears' of losing my job. Didn't know why, still don't. Casual conversations with friends and relatives about how much I really hate/hated feeling that way always ended up with 'so what you gonna do?'. They still do. trying to tell them to stop projecting their fears on me does'nt work.<br /><br />I have been jumping off cliffs, bungees, riding <a href="http://www.youtube.com/watch?v=nwm0gbTbkJw">downhill</a> (yeah if you look very very very closely on the attached video you get to see me)..and generally being very mavericky with my life a lot. had fun at it too.<br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-4AOD21ZF1_w/TfxnBrkfzGI/AAAAAAAAAEM/637h7Wl86c0/s1600/18062011207.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="240" src="http://3.bp.blogspot.com/-4AOD21ZF1_w/TfxnBrkfzGI/AAAAAAAAAEM/637h7Wl86c0/s320/18062011207.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">trusty old bike</td></tr></tbody></table>Well of late, I find myself dragging my feet to work. Probably need a lengthy holiday to recharge.<br /><br />this year probably with <a href="http://www.wildfitness.com/">wildfitness</a> or if all goes well a <a href="http://www.google.com/url?sa=t&amp;source=web&amp;cd=4&amp;ved=0CFAQFjAD&amp;url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FIbiza&amp;rct=j&amp;q=ibiza%20&amp;ei=uGf8Ta-DMJHNswbKh_3yDQ&amp;usg=AFQjCNFdpPSiEZuZNtNr-zGvjjFzCXcmVg&amp;cad=rja">destination far far away. </a><br /><br />I'm not bored - i think, still love it, but arghhh....the <a href="http://www.farmken.com/">farm</a> is much more fun now, great stuff going on there, and I haven't gone for a single biking event this year. I have to wonder why I'm even working right? I mean thats the normal rational thing to ask yes? what is it all for?<br /><br />oh well the pancakes today were awesome, and I'm taking the old bike out damn it....and tomorrow if weather permits, I hit <a href="http://en.wikipedia.org/wiki/Mount_Longonot">longonot</a> for a hike....so no not having a 'job' is not a major nightmare, not enjoying it is, not doing and enjoying things you used to sucks, feeling lethalgic, almost sick is a nightmare....go recharge....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2821137842042471340?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-76246257838781411912011-06-11T09:35:00.001+03:002011-06-11T09:36:49.659+03:00I l<strike>ike it</strike> love it when the chickens come home to roost.<br /><br />I was looking over<a href="http://www.ripe.net/"> ripe</a> (for those who don't know, RIPE used to be the African RIR before AFRINIC was formed, my first LIR training was with RIPE so I tend and like to follow their proceedings). Anyway so I was going through RIPE <a href="http://ripe62.ripe.net/presentations/presentation-archive">62's</a> IPv6 sessions (that is all they discussed it seems) and realized how some 'operators' might get a very interesting edge over other players just by showing a readiness and willingness to work with key stakeholders in their respective markets.<br /><br />Remember if you have done nothing up to now about IPv6, you stand to lose out quite a bit. you miss out on getting cheap experience for your engineers, you miss out on working out the kinks in pricing, application modelling and a host of other issues. In my case I imagine DPI and billing will be a pain in a tender area. You will lose customers. <br /><br />Also most of what is being done now is pure experimentation, which is fine. The entire internet model is an experiment, try this, do that, tweak here; it's constantly improving and morphing. I never expected, ever to deploy a site with 30Gbps of bandwidth in Kenya, ever. But it's been done.<br /><br />The present value of IPv6 and associated technologies is very very discounted. It will cost you more in the future to train, to migrate, to work with IPv6. You'll also probably lose alot of staff if you don't give them an opportunity to participate, an outlet for the enthusiasm we feel when dealing with new technologies and toys. <strike>I</strike> we love toys.<br /><br />So it was no wonder that transition mechanisms are at the top of the list of issues for content providers too. Will tunnels work? I doubt it, not for everything anyway. what about NAT? we all know what that does. Content providers obviously want end to end IPv6 (native IPv6). This clears a path for their content from the user to the content. It's perfect for them.<br /><br />It was rightly pointed out to me at Afnog that waiting for user demand is really not a wise idea. Users don't care much how they get their content, why would they start now? because you have a new buzz word? for bragging rights? 'heyy duuuude, check out my IPv6!'...Ha!<br /><br />Anyway, to break this loop; waiting for user demand by carriers/ISP's and waiting for ISP's/Telcos to deploy IPv6 by content providers before deploying IPv6 on their systems, we all need to jump together. We learn together. Content providers need to dual stack or at least start running audits. ISP's pretty much know they need to have IPv6 on their core network, they should be peering with IPv6. Most have done that. Most are working on the access side now. <br /><br />If you are a content provider, you're probably right in fearing that ISP's and other carriers will hide their traffic, their users, your customers behind NAT's (NAT can break your billing for instance) and other content gateways when IPv4 is finally trully completely depleted. They'll create walls around their users.<br /><br />It's a risky situation and ISP's can exploit it; If I introduce NAT and hide the users, you have to come to me and negotiate for some sort of 'cdr'/customer data to effectively bill, also forget any lawful intercepts or proper logging - hence the need for regulator intervention if IPv6 uptake is slow by all parties. I don't think this is a major risk in Kenya. We don't have that many content providers or neutral data centers - sad but true.<br /><br />There is no excuse for an ISP to not have basic IPv6 set up. It on the same note is irresponsible for a content provider or datacenter owner to not start playing around with content provision over IPv6, and requesting for IPv6 connectivity upstream. Datacenter and other content owners need neutral networks to sell their services. To help things along, it is imperative that content owners turn on dual-stack at the content level.<br /><br />Don't get me wrong, there will be issues. But isn't it better to deal with them with everyone? Isn't it better to train your noc now? you want a situation where if a customer calls in the future with IPv6 related issues, it's handled just like any other call because your staff are so 'with it'.<br /><br />Note customers get connectivity from an ISP or ('insert favorite name for a guy offering connectivity services here'). Customers know them as 'internet providers'. They call them if they have a problem. No customer I know in Kenya calls facebook when that page is unreachable. Most call Safaricom, or whoever connects them. Nothing will necessarily change their thinking in a post IPv4 world.<br /><br />Which means if content providers don't do their transition properly the service providers helpdesk gets congested with calls from angry consumers. That creates unnecessary tension. I hope you now begin to see why this effort has to be end to end.<br /><br />It is a good time as disruptive times tend to be to try and exploit the opportunity and improve your relative position and control of the market. Kenya doesn't have many content providers, I hate that fact, looking at those statistics can be very disheartening and I hope in the future to get involved in content generation, or just fund or help build platforms.<br /><br />There is a huge untapped potential. However if we move fast and show the world and ourselves that we can offer native IPv6 to a popular content provider and you are a network with many many users with native IPv6, then you stand a higher chance of nailing that business.<br /><br />Look in the end customers want content. ISP's are unfortunately just pipes for now unless you are very creative. You can work now and partner with content providers or wait for your demise.<br /><br />It's a good time for re-invention. As a guy that designs networks and sometimes applications to get by, and have done it for a while now. I know this will probably be one of the most interesting periods for me. I also know this transition can't be wished away. Soon there will be real market forces driving it.<br /><br />Either way we have far bigger issues to deal with. Lets just get this IPv6 done. Its easy, its fun, life can get much much more complicated than a few extra bits.....<br /><br />ps*<br />I am going back to more deployment like technical implementation scenarios and writing, the focus is on processes and documentation, IPv6, data center technologies and multicast.... so if you'd like something tested out - let me know.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7624625783878141191?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-25479499262782641242011-06-09T09:23:00.002+03:002011-06-11T10:47:26.958+03:00If you know where I work then you know the entire company underwent massive <a href="http://www.businessdailyafrica.com/Corporate+News/-/539550/1124522/-/view/printVersion/-/11hx5rxz/-/index.html">reorganization</a>. It just happened that at around the same time I was busy 'gaming' Cisco into giving me a <a href="http://www.cisco.com/web/learning/le3/ccie/index.html">CCIE</a>. So sleepless nights. Being re-organized was not helping. I needed the <a href="http://www.cisco.com/web/learning/le3/ccie/index.html">CCIE</a> as a credible '<a href="http://www.ccieflyer.com/2011-05-Larry_Hadrava.php">credibility indicator</a>'. Just in case shit hit the fan while facing me. Unlikely but not far fetched.<br /><br />I imagined being in a box, one of many, with our new CEO moving them around not even knowing I'm inside. Would he hear me if I let out a scream, I wondered? Haha don't be silly Gitau, you've never even bumped into him on the corridor; Your sister that doesn't work here met him before you. Scream away! sigh...<br /><br />What if he got tired before the game ended. I like his vision and plans.Our customers could use that kind of thinking. I didn't believe in the team entrusted with the change at the time. It can't be change if you don't change the people right? They had a lot to prove to me. My jury is still sitting.<br /><br />Would whoever he'd trust with the final 'execution' move around the boxes in a manner that lets me work better. I am very trusting, but I doubted it. So first things first:<br /><br />I updated my resume, and passed the <a href="http://www.cisco.com/web/learning/le3/ccie/index.html">CCIE</a>. In this day and age, it is irresponsible to not take measures that ensure you are on top of things. I had two job offers within a week. I was on solid ground. I had a new bounce. Life was good. <br /><br />I promised to give myself lots of time to work through things I decided on two whole months of 'no moves' just to take some time to think and plan. I plan a lot. Passing ended a two year journey so two months was nothing.<br /><br />I also started touching base with old friends in the industry. I have good friends, they believe in me. I got a slot to speak at <a href="http://www.afnog.org/afnog2011/conference/">AFNOG (Africa Network Operators Group)</a>, and an offer to speak at ISOC (Internet Society), they would have paid for my trip - I did AFNOG, never did ISOC, i should have done both and saved some money. Stupid me!. I learnt something, moving on. <br /><br />I also got asked by one other friend through another <a href="http://www.jackrooster.com/">friend</a> if I would teach at their school. I agreed to do one class,very short notice, lots of pressure, just my kind of fun and just to get some classroom experience. First class - IP/ethernet backhaul, it went very well. They even paid me. Awesome.<br /><br />So now i knew I could at least teach over and above my current skills. I spoke to about 200 technical people about a technology I'm passionate about in <a href="http://www.afnog.org/afnog2011/conference/">Dar on the 7th June.</a><br /><br />I intend to do alot of these presentation/teaching gigs. It is a very engaging process and I have learnt during this process very different things from those in my technical background. I imagine each speaking engagement will teach me something new, each set of trainees will bring new experience and I will take all the criticism and advice in my stride, I can see myself improving with each new opportunity. <br /><br />I recognized there were some lessons here that other third world networkers' could use. <br /><br />First of all each reorg brings forth a disequilibrium, complexities and confusion. For a while it was hard to get things done. I actually took two weeks off because I couldn't stand wasting my time waiting, and i could use it for other things, thats all it seemed we were doing; waiting for the process to end. Imagine if someone came to your house and rearranged your socks, every day for two weeks. Your morning routine would definitely change.<br /><br />If you are in charge of change, please do it swiftly, communicate clearly.<br /><br />Secondly realize there will be new characters to deal with. Probably a new boss in your work life. Brush up on interpersonal skills in case you had forgotten.<br /><br />Thirdly reorganizations create great opportunities to grow. If you design networks or software, then you are already accustomed to change. Take it in your stride. Keep walking.<br /><br />Its also a great time to make changes you always wanted. For instance a lot of projects tended to be driven by time. 'do this fast, we need it now', it promoted a lot of shoddy work in the past. Careful design, tests and all the other best practices be damned. change that now. I was very impressed with the opportunity to steer processes and ensure best practices get followed.<br /><br />If you can't and it still pisses you of, quit, or start making plans to quit gracefully before your job kills you.<br /><br />4'thly please please note it's not your fathers company. On the same note you don't work as a charity, expect to be paid for your work.<br /><br />5'thly Optimize your life for change. Find your peak efficiency point, operate at it, deliver. I assume you are getting paid to work.<br /><br />Save some cash. Try and clear all your bad debts, marry wisely. If your wife or husband or girlfriend or boyfriend is the sort that walks the moment you hit bad times. Walk on, seriously, sneak away tonight, come to my place:-).<br /><br />other notes:<br />Then you&nbsp; have to figure out how to be successful in this new structure. The executive goal in our case was laid out very clearly, very publicly. All I needed was to know where I fit in so I could get on with it. <br /><br />The take home lesson here is; even if you don't 'feel' the structure right now, unless you become part of the process, you might end up becoming just that guy on the sidelines. In our case I actually got a chance to change a number of things I felt had not been working out for me. I still can't stand others. But such is life.<br /><br />There will be cracks, steer your issues away from them. Escalate fast, there's a high chance everyone is going through the same thing. Don't even bother talking or reasoning with negative guys. Change is hard enough as it is. Be politely blunt - to a fault. Trust me every one is afraid during a reorg including your boss, his boss, everyone, just do your thing.<br /><br />The critical things that lead to success don't change. Teamwork and collaboration are still necessary. Pursue them. Keep the teams small, hope it stays that way for a bit longer together this time. Team culture is important. don't be a 'caffeine grasping egomaniac I can do it all hero'. that sort of praise doesn't scale. I've had very successful projects working, learning and mentoring teams. It helps.<br /><br />lastly: follow through on objectives. Clarify your exact role as an individual and for the team. If you hold a leadership position, work with the team on this. I can't emphasize how important this is. To me. It really is time to quit if you can't tell what your role and objectives are. It might just be your manager acting up too. Dump him/her. There's a lot of life going on out there.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2547949926278264124?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-26443114551212666052011-06-08T09:05:00.006+03:002011-06-08T09:27:03.259+03:00The desired effect after today for me is:<br /><br />- Wider recognition that IPv4 whether we like it or not will not work for the next 'internet'. Can't scale, won't scale for the future.<br />- Massive large scale complaints from customers to jolt executives awake on IPv6. this is unlikely if you the network guy has done his job well. (see how you are your own bottleneck for progress)? <br />- Mobile network Operators need to realize that IPv6 affects them more than most. IPv6 will be heavilly used on mobile devices. (home automation devices, sensors, handsets, POS,atm's etc etc).<br />- if you are a cio/cto/ceo don't assume your guys have not been doing anything about IPv6. Just ask nicely. we hate it when you sound clueless. we're supposed to look up to you. Just ask something like; 'hey gitau, how far are along are we with ipv6? can we offer something to customers? maybe invite a few for trials?' can we put something together for the media? yes and yes and yes...probably not the answer you expected. Remember you probably heard about it the other day, gitau has been quietly working on this for +5 years.<br />- AFRINIC while holding a lot of addressing resources for us can't guarantee business continuity for your network should some killer apps be hosted and implemented only for IPv6.<br />- Laziness will get us nowhere. Ignorance is not an excuse either.<br />- IPv6 is a cliff we third world networkers should jump with the rest of the world. If we get left behind, we'll miss out on experience and the opportunity to be 'with it' as its happening. jump with the rest of the world.<br />- At lunch yesterday, someone suggested we (AFRINIC) just goes ahead and sells/auctions off all IPv4 addresses remaining to stop the illusion that we can survive with IPv4.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.worldipv6day.org/"><img border="0" src="http://www.worldipv6day.org/files/2011/05/IPv6-badge-blue-256.png" /></a></div><br />- IPv6 education needs to be taken seriously. <br />- Organizations can expect some IPv6 brain drain. <br />- Widespread collaboration has to be enforced. We need in organization, in country, in region forums discussing this issues. Policy has to embed futuristic thinking.<br />- Corporates need to embrace and promote IPv6. Sponsored events should be encouraged.<br />- Don't accept any design without IPv6 considerations. don't.<br />- Don't host with guys without IPv6. Even '<a href="http://third-world-networker.blogspot.com/2011/06/third-world-networkers-inflight-diary.html">clouds</a>' should be ipv6 aware.<br />- Install and run an IPv6 DMZ. start with DNS.<br />- Apply for your IPv6 addresses today. Make sure its <a href="http://www.afrinic.net/Registration/afsup-ipv6pi-assignments.htm">provider independent</a>. If you'd like to know how and why you need this, leave a comment. I can cover how to go about getting IPv6 space.<br />- Start peering with IPv6. Ask your service provider for IPv6. It should be free. I really hope no one charges to connect, peer or give customers IPv6 addresses. I know most have no policy on this. Just demand for it the same way you do for other services.<br />- Ensure your infrastructure is v6 ready. do an audit. maybe I can help. throw me a comment.<br />- Talk about IPv6 in your next meeting. just add it as an FYI.<br />- call safaricom, they have some really clueful guys when it comes to these things and i'm not just saying it.<br /><br />In the end the fact is there will be change. plan for it and deal with it. Otherwise IPv6 will be the gift that keeps giving to consultants from your pocket.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2644311455121266605?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-75266719186785834442011-06-08T08:16:00.010+03:002011-06-08T08:40:14.304+03:00<span style="background-color: #666666;"></span>So I'm aboard a&nbsp; <a href="http://www.fly540.com/">Fly540</a> to Dar for a <a href="http://www.afnog.org/">techies</a> meet. They had the best fly back/return trip time for me. I also discover they are cheap. My trip budget is about 500USD, life will be extremely difficult if i go over that budget.<br /><br />Its a boring, 1 hr flight, clouds fly by beneath me, that calms me; there's a lady in orange that keeps walking around. She seems to be offering on board maid service. She's friendly, I'm in a sour mood. I decide to not ruin her day. I fake a smile.<br /><br />Directly opposite me is a couple, i think the guy is nigerian and lady's from Dar. I know because he sounds a bit like a nigerian colleague at work. The lady has that melody like swahili. It just rolls off her tongue.<span style="background-color: black; color: white;"> </span><i style="background-color: black; color: white;">'ukifika dar jameni usije enda ulevini!'</i><span style="background-color: black; color: white;">. </span>Boy are they loud. Do nigerians know swahili?<br /><br />There's a mother holding a baby, a she? a he? who knows, but it's hungry. Mother's probably not comfortable breast feeding at high altitude. He/She cries.<br /><br />I power up my notebook and listen to a guy called<a href="http://www.youtube.com/watch?v=IqxP_PKqTRE"> Vast begging a girl not to take her love away</a>. I know abit about lost love, so I feel for the guy. I should learn to play this on the guitar, for when i start dating.<br /><br />I count about 27 people on this flight. It's a canadair cl-600-2b19 regional jet. They apparently have 3 of these twin engines with a 50 passenger capacity. I hope they are not making a loss on the trip. I make a point to invest in an airline in the future. Farms and clinics are great. short haul cheap airlines might just have a future.<br /><br />They; fly540 were the cheapest flight I could find. I take a pause, this trip was self sponsored due to some very last minute changes. I am versatile. I hate feeling disorganized. I am organized, i tend to plan things alot. I come from the just fucking do it fast and don't be stupid school of thought. It's my school so agree to disagree and move on. I plan, i collect facts, i put them together. Its my thing. I love it. I'll be happy sharing something with AFNOG. I owe some guys there alot.<br /><br />Almost everyone on this third world flight has a laptop or Ipad. I have a smallish notebook. It's an Acer got from Indonesia. The perfect companion. I hate Ipads. For no reason. I might love them in the morning. I stare at the baby. He starts crying. I must have sent him a bolt of bits, or an over stuffed IPv6 packet. Maybe at his age he can only digest IPv4. Who knows.<br /><br />Its a weird flight this one, before I got on, There's a guy called Noah that just asked for my Bio. He must be on the program committee, at afnog, I'll find out soon enough. He felt like a likeable fellow. I saw the request at the airport just before boarding. He wants my title, what I do, where I do it, maybe why I do it? etc.<br /><br />I have held many titles in the last two years. principal data engineer, technical lead, network architect; last one I saw was 'network architect', I suspect because of all my design work, a functional network and superior intellect, the official letter said manager - network architecture and design. In case you're wondering, I like the network architect title. Depending on where I am, and who I'm talking to , I drop the 'manager'. Both work for me. It doesn't matter. My skills, leadership or otherwise speak for me.<br /><br />It's a sweet role, the toys are lovely, the fruit of lots of labor very visible. I'm just not comfortable financially to be well focused. That and a CCIE means you get the occasional odd offer. Motivation is something personal to all of us and I clearly have different things that get me all fired up and committed.It would be nice to sit in a panel and discuss 'what drives us'.<br /><br />Afnog has come a long way. 11years! I'll just explain what I do to the guys, I sent the network architect line for bio info. I hope we fill a hall. Should kill a good 5 minutes on the podium. I think of a joke to accompany it. I smile at my own funniness. Hilarious. Haahaha! I make a point to dilute the joke. Don't kill them before you deliver your message. We need to critically think about IPv6, our collective role in it's success, we need to finally stand up and be counted. I send a hex bolt towards the baby. No tears. hmm.... maybe he's ready for IPv6 after all. <br /><br />Fly540 have an inflight magazine. Its full of Ads. Maybe they should write stories about their passengers. Heck they should make passengers submit stories while on the flight. Maybe I should write for them. Oh shoot they should write about me...in flight diaries?<br /><br />Vast is done crooning. Next up, <a href="http://www.google.com/url?sa=t&amp;source=web&amp;cd=1&amp;ved=0CBUQtwIwAA&amp;url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DaDTlcoh9DCg&amp;rct=j&amp;q=Anjunabeats%202010&amp;ei=b_zuTbm8E8P2sgbMpOGvCg&amp;usg=AFQjCNFOZTTgG5u3XOtb4X2Jp0Md3540pA&amp;cad=rja">Anjunabeats in Ibiza 2010</a>, right after Keane.&nbsp; I plan on going to <a href="http://www.ibiza-spotlight.com/night_i.htm">Ibiza</a> later for this years holiday. Anjunabeats sort of wins the musical contest. <a href="http://www.youtube.com/watch?v=_WO0PLD9oIM">Everybody's changing by Keane</a> does inspire me a bit. I play it again, I compose a resignation letter and another one re-applying for the same job, then wonder if they would hire me back. I wonder if I would hire me back. Ahh the joys of being idle. I trash the letter. Chicken!<br /><br />The clouds look beautiful,they fire up my neurons. Spatial temporal reasoning at its best. It's just abstract. Like suspended cotton they look, or floating rice, or coagulated milk. I stare at the patterns, marvel at nature. For some weird reason I think about <strike>peeing</strike> pouring hot coffee through them, and wonder if it's hot and misty when it lands. If I ever have an alternate me or an <a href="http://en.wikipedia.org/wiki/Avatar_%28computing%29">avatar</a> he'll be weird, people will <strike>kick him</strike> vomit on him just for kicks....I slap myself back to reality...<br /><br />My reality is interesting: IPv6,NGN,evolved packet core, mpls, pseudowire, otv,inter provider QOS, NNI,PPI, cloud ahh cloud, I look down the window again, I hear people store data in the clouds nowadays.<br /><br />I'm disappointed, it's nothing but white down there, I thought bits were black? I must be looking at the wrong cloud, or all data is stored in the US clouds? maybe it's a cloud quality issue? maybe third-world clouds don't work...maybe its my <strike>pee</strike> coffee? who knows...I just don't see any data, I look out again and realize it might be there, just encapsulated in cloud...bummer!<br /><br />I arrest my imagination. Too much. Ding! the fasten seat belts light up, time to stop typing....I blame the altitude for anything you find weird today....I wonder who reads this stuff, if you've read this far, let me know why! something could be wrong with you....unless you're en route to <a href="http://wikitravel.org/en/Dar_es_Salaam">Dar:-)</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7526671918678583444?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com3tag:blogger.com,1999:blog-8812919976949872507.post-79860814567368906542011-06-06T08:06:00.003+03:002011-06-06T08:11:22.626+03:00So for the last couple of months I've been thinking hard and working out what I think are major issues with IPv6 adoption within EA.<br /><br />First of all the regulators in the industry are a major barrier to driving some technologies forward. This is especially so for 'new' stuff that doesn't seem to be making money directly. (*this happens everywhere,&nbsp; justifying network spend is not easy in an organization, but governments and policy makers are there not for profit so I expect more from them).<br /><br />The competitive environment among the major players eg Safaricom and Airtel makes it quite difficult for collaboration. Without collaboration what might once have been an easy task suddenly becomes a major issue. I don't mind the politics, but a line has to be drawn somewhere.<br /><br />If there's one thing I miss about working in a pure ISP environment, it was the easy time we had just being able to chat with our 'rivals' technical people about technology. In telco's, even localized within organization collaboration is really difficult. <br /><br />What might help:<br />An open membership forum/working group along the likes of <a href="http://sites.google.com/site/ipv6implementors/2010/agenda/15_Jan_Zorz-go6-mobile_IPv6_v0.3.1.pdf?attredirects=0">go6 in</a> slovania, for a small country &lt;3M, thay have done quite alot with IPv6.<br /><br />The membership would be open to ISP's, telcoms, regulators, big corporations, an expert council - to steer things, universities and tertiary colleges and individuals within the region. I say region because the challenges are different and we need to learn from our own experiences while borrowing from others who have done this before.<br /><br />The main goal would probably be to publicize IPv6, arrange for more training along different lines eg applications, networking, System administration etc. They would host local ipv6 deployment labs, an ipv6 academy etc.<br /><br />They would ensure that people are talking about IPv6. Help with deployments, put together the information for everyone to access, bring the competitors together, bring government to the table, help universities update their offerings etc etc.<br /><br /><br />Why do East Africans need IPv6 - well because we are part of the world. <a href="http://sites.google.com/site/ipv6implementors/2010/agenda">Guys</a> are doing alot in this area. I know we are doing quite a bit, but the 'alot' we are doing needs to start being deployed with executive blessings - not some enthusiastic techies working alone during their 'free' time.<br /><br />I keep insisting that if you are an operator with more than 500K subscribers (Safaricom,Airtel,Zuku), offering multiplay services then you need IPv6. It's clean, ensures end to end connectivity for your services, and its cheaper in the long run , you definately need it more urgently than everyone else. How do you think you'll sell connectivity to all those sensors, set top boxes, home automation stuff,handsets,pos's, atm's etc etc that will mainly ride on wireless networks?<br /><br />Thinking about it, one of them should come out and sponsor monthly IPv6 meetups. <br /><br />If you are a network designer/sysadmin/programmer, make sure whatever you design is IPv6 ready. Do not for instance buy from a vendor with no support (not roadmap) for IPv6. Do not build a new data center without an IPv6 plan (believe me I saw one very recently).<br /><br />Go to<a href="http://www.afnog.org/"> afnog</a>, so far it offers the best forum for expression. Unfortunately it happens once a year hence the need for something a little bit different. See you there on <a href="http://www.afnog.org/afnog2011/conference/">Tuesday</a>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7986081456736890654?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-68616494856289316912011-06-02T13:41:00.001+03:002011-06-02T13:43:31.171+03:00Well woo hoo...2 months since the ccie....its been fun. We're now done with hey congrats and pats on the back to silenced whispers that go 'why the heck are you still here'?....seriously! Im shocked at the number of people that expected me to leave my current role/job. I hope its not a vibe I put out because from a technical point of view, It's one of the best jobs. I command the respect of everyone that I care for, and as far as networking and my line of work is concerned, I really am well on my way to the top of the pack.<br /><br />Last week I helped a 'friend' deliver an IP/ethernet backhaul class' that went really well. Next week I'll be speaking at <a href="http://www.afnog.org/afnog2011/conference/">afnog</a>, one more long life dream to be accomplished and definately the beginning of something great.<br /><br />So what next....?ehh i'll do a separate post for that.......<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6861649485628931691?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-60916808921078246192011-05-31T13:27:00.004+03:002011-06-02T12:09:10.637+03:00Please note this are pretty much notes I made while going through some literature, I also assume a lot of people reading this have probably worked for ISP's and understand a typical ISP network:<br /><br />Architecture:<br />A 'generic' ISP network has functional roles very much like a 3G network. They have an access network, Distribution/aggregation and a core network. 3G is a just a 'little bit' more complex but think along those lines and you'll get it.<br /><br />The 3G/UMTS network is divided into two main domains: <br />the packet switched (PS) domain - Where I predominantly work/worked<br />and the circuit switched (CS) domain - where I know enough theory to run circles around most but I'm by no means an expert.<br /><br />The core network elements comprise of the <a href="http://en.wikipedia.org/wiki/GPRS_Core_Network">GGSN</a>, the <a href="http://en.wikipedia.org/wiki/GPRS_Core_Network">SGSN </a>and the <a href="http://en.wikipedia.org/wiki/IP_Multimedia_Subsystem">IMS </a>(Think of the IMS as a mix of many many systems/applications).The GGSN is really just a customized router between the GPRS network and other networks - the first GGSN I ever run was a cisco CMX based on the 7613 chassis and a bunch of <a href="http://newsroom.cisco.com/dlls/Cisco_76000_Multiprocessor_WAN_Application_Module.pdf">MWAM </a>modules interfacing networks such as the general Internet and customer networks. <br /><br />The SGSN is again an intermediate router between the GGSN and radio network. It's main responsibity is administrative functions other than routing: AAA, mobility management, and billing, among others - please note you can bill from either SGSN or GGSN's, If you have a DPI/PCRF, the billing function is moved further out of the actual 3G network. <br /><br />The IMS as mentioned earlier is essentially the server farm, is where content and IP infrastructure servers live. So your DPI, WAP, DNS etc etc<br /><br />The radio network abbreviated as UTRAN has Radio Access Network Controllers (RNC's) and base stations (BTS), which connect the handsets (UE or User Equipment) to the core network. The radio network is capable of transmitting data at various increments from 64 kbps to 2 Mbps or more - it all depends on issues like the next line describes and the technologies used - google for <a href="http://w3.nokiasiemensnetworks.com/NR/rdonlyres/E6AC2D3F-A876-465A-8535-A612F9B2D485/0/Direct_Tunnel_Data_Sheet.pdf">direct tunnel</a>-. <br /><br />The actual data rate depends on propagation, velocity of the handset, bandwidth available, and so on. This is important to note especially if you're the kind of guy that escalates issues to me:-) or if you live in South C....:-) thats a joke...laugh<br /><br />IPv6 view of a 3G network:<br />As far as IPv6 is concerned the biggest point of concern is the pdp context. This forms the connection between the (UE) - user terminal and the GGSN. It is over this link that we transfer packets. If you're thinking - oh so like PPP - I'll say yes, just like PPP, only we use a protocol called <a href="http://en.wikipedia.org/wiki/GPRS_Core_Network#GPRS_tunnelling_protocol_.28GTP.29">GTP </a>.<br /><br />PDP contexts are created and torn down every time you attach/detach/re-attach. So IPv6 runs over this PDP context and that is what is referred to as an IPv6 link for a handset.<br /><br />Resource usage on Handsets:<br />Now imagine if you are dual stacked, imagine how much power you'll be using or attach reattach for two sets of contexts and you begin to see why I still insist that all mobile handsets should be made to only support IPv6 then use 6to4 mechanisms to transition.<br /><br />Also imagine a chinese manufacturer and your standard user who will buy a <a href="http://www.intomobile.com/2007/07/23/fake-nokia-n66/">Nokla</a> phone that some 'manufacturer' only enabled IPv6 and you suddenly start having very interesting support calls. I am so sure the black market for IPv6 handsets will show up and one of the key issues will be IPv6/IPv4 misconfiguration. Some intentional, some laziness, some just pure sillines.<br /><br />You will definately also need slightly more memory to hold the lenghthier IP addresses. This looks trivial but again I expect some issues there.<br /><br />IPv6 address assignment:<br />GPRS systems have always supported static and dynamic addresses. This can be stateless or stateful. The key issue with IPv6 here is the simple fact that autoconfiguration requires a mac-address, your handset doesn't have this, to counter this, we'll use <a href="http://tools.ietf.org/html/rfc2472">rfc 2472</a>'s procedures. <br /><br />There are other issues here with addressing that Im not entirely sure I get, like since we now have so many addresses, doesn't it make sense to assign static addresses? plug each msisdn with an IP on the HLR and call it a day? apparently not<br /><br />Aa /64 to each handset is a huge number of addresses, however you can very well expect guys to share connections behind mobile devices in which case it actually makes sense. It also makes sense because 'most books' say so, and if you do the binary math carefully, you start seeing why /64's to each endhost is good for the transition. Heck some might even require /48's - think of tethering. Plan how to do addressing carefully.<br /><br />Whether or not you'll run out of addresses depends on many variables, including size of allocation, customer takeup, and so on. Your planning is also key here. If you were an idiot subnetter in IPv4, I suggest you try cross the idiot barrier fast. IPv6 is a whole 'nother ball game. In reality even with the ratio adjusted to /64 per PDP context, and only addresses from 2xxx:: used, there are still well over 300 trillion addresses available. This should be plenty of room for the next few years. Just plan accordingly, read widely, you should be okay.<br /><br />Mobility:<br />The movement of cellular hosts within 3GPP networks is handled by link layer mechanisms. So as far as IPv6 goes, it's handled just as it would be in IPv4.<br /><br />Following the case above, it means the PDP context would be moved from one location to another without tearing down the pdp context. Now most movements are within base stations - micro mobility? This doesn't change your point of attachment for IP so there's no 'handover from a ggsn to another. You can also have movements that churn your point of attachment between GGSNs - macro mobility. In the initial releases of 3G, macro mobility is taken care of below IP layer by using tunnels to create an apparently flat IP network. ie a tunnel between ggsnA and B ensuring your PDP context remains BUT the more this happens the more delay and other bad things can happen to your connection.<br /><br />Roaming:<br />Arghhhh.......throw in another arghhh for the fact that telco's still insist on using simcards for identifying users....the sim card should be killed...swiftly...another rant, another day<br /><br />Are there motivations to move IPv6:<br />Where I work, IPv6 is still pretty much driven by technical enthusiasts. Management is still quiet and can be quite unsupportive and a morale drain. However it might be us techies failing to inform them. Am I motivated enough to do that? probably not, for some reason there is always someone higher up, an invisible hand out to discredit or tear them down, or generally just not ready to make things happen fast enough, so unless i can safely do it without asking eg paying for my own ccie or<a href="http://www.afnog.org/afnog2011/conference/"> travel to afnog</a>,or test IPv6 I stopped bothering; they can read my blog though:-) to get a grasp of my views.<br /><br />The move to general IP is however very well taken up. we have come from far, we've done an NGN, we have a unified core so IPv6 will be an easy one to cross once we get widespread acceptance, or its forced on us. Either way it will happen.<br /><br /><br />I also saw a nice term describing a challenge we can expect. <a href="http://www.networkworld.com/news/2011/030711-ipv6-brain-drain.html">IPv6 brain drain</a>. Since the most senior enough managers to make retention decisions do not know much about IPv6, expect to lose some people to the ones that get it faster than you. <br /><br />In the US, IPv6 is actually being driven<a href="https://www.networkworld.com/news/2010/092810-white-house-ipv6-directive.html"> by government.</a> i find it weird that organizations that stand to benefit the most are the ones lagging behind the most.<br /><br />Probably the clearest motivation for 3G from the telco point of view is that the integration of IP actually helps to reduce the cost of running the network.Ultimately, the goal is to carry voice traffic over packets, enabling statistical multiplexing to kick in. This should save costs on traditional support infrastructure, such as circuit-switched E1-minimum increment backhaul. Furthermore, the mass market economics of IP, when brought to bear upon the production of telecomms equipment, should result in further savings.<br /><br /><a href="http://my.safaribooksonline.com/book/networking/ip/0596009348"> - read IPv6 Network Administration By: Niall Richard Murphy; David Malone</a><br /><br />References:<br /><a href="http://tools.ietf.org/html/rfc3316">http://tools.ietf.org/html/rfc3316</a><br /><a href="http://tools.ietf.org/html/rfc2472">http://tools.ietf.org/html/rfc2472</a><br /><a href="http://my.safaribooksonline.com/book/networking/ip/0596009348">installation-and-configuration/ipv6na-chp-5-sect-7 </a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6091680892107824619?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-53835090886806836712011-05-30T13:01:00.002+03:002011-05-30T14:38:51.269+03:00Now I have of late been looking into alot of things IPv6. So much that I'll actually be throwing in a discussion around it at <a href="http://www.afnog.org/afnog2011/conference/">Afnog in Tanzania </a>- look me up on the 7th June 11 am. After that we can grab some beers at <a href="http://www.kempinski.com/en/daressalaam/Restaurants%20and%20Bars/Bars/Pages/bar1.aspx">Kempiski.</a><br /><br />While alot of the stuff we'll discuss are not implemented. They show our (the technical guys) thinking and plans for the mobile network part. The enterprise business and IT generally have plans just like everyone else has.<br /><br /><br />So what is different with IPv6 addressing:<br />First of all, IPv6 is technically incompatible with IPv4 addresses. With that in mind, here are some areas we expect some 'issues'...<br /><br />There are three considerations to focus on here; the network,the mobile nodes and the applications. <br /><ol><li>- First of all Roaming. I don't see this happening without some automated tunneling like <a href="http://isatap.org/">ISATAP</a>. There have been commercial tests for this by Ericsson and a european telco. A native IPv6 roaming agreement will probably take a while. (I still dont get this whole roaming thing - I personally think its a 'silly business model'. also note that if some providers do not go IPv6 at around the same time you do, it ironically forces you to support IPv4 addressing when your own&nbsp; (outbound) subscribers roam to networks which do not offer IPv6.</li><li>Per subscriber IP addressing: We'll seemingly be using several addresses per subscriber. If you did any IPv4 planning, conservation was very key. It might seem like a huge waste assigning /64's per subscriber GGSN/PGW- thats huge unless GGSN's start supporting 12Million subscribers or more.....</li><li>If you choose a dual stack scenario, Your handset will need more memory to hold IP's. At afnog we'll be discussing why the best strategy really is to have IPv6 end to end or at least at the network and handset level then leave the applications to slowly transition. This interestingly has us using NAT 'for good' ie we'll be natting IPv6 to V4.</li><li>The transport network need not be IPv6 ready, an operational IPv6 network can be deployed with configured tunneling between the network nodes with IPv4-only transport. for instane betwen nodeb's and rnc's.</li></ol><a href="http://tools.ietf.org/html/rfc4866">http://tools.ietf.org/html/rfc4866</a><br /><a href="http://tools.ietf.org/html/draft-koodli-ipv6-in-mobile-networks-02#page-9">http://tools.ietf.org/html/draft-koodli-ipv6-in-mobile-networks-02&nbsp;</a><br /><a href="http://tools.ietf.org/html/rfc3531">A flexible method for IPv6 address assignment </a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5383509088680683671?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-64922344220212878032011-05-19T11:55:00.003+03:002011-05-19T12:01:03.541+03:00If you go through IPv6 training material or blogs or whatever your source is, if you have run an ISP *on a constrained budget or dodn't have <a href="http://www.afrinic.net/">AFRINIC&nbsp; </a>[1]as an RIR to get routable addresses for all your users,then the NAT technology is something you might have had to deal with.<br /><br />NAT has been very successful in delaying large scale IPv6 deployment. But the end is near.<br /><br />NAT44 is on most slides I have come across as an IPv6 transition mechanism. I have to say for some slides I was preparing, I had to throw it in just so I can rant about it.<br /><br />NAT44 also goes by the names:<br />CGN - Carrier Grade NAT<br />LSN - Large scale NAT and<br />NAT444 - which implies <strike>multiple </strike>two NAT44 layers<br /><br />There's also a distinction between SP NAT44 and Residential NAT44. The key difference really is the implementation and NAT placement. the SP gets a large box to do NAT and calls it CGN/LSN.<br /><br />Lets have a quick look at the differences:<br /><b>Residential NAT44</b><br />would be deployed on a CPE,<br /><b>SP NAT44</b><br />generally deployed on the SP side .<br />The end topology would look like the following: <br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><img border="0" height="120" src="http://1.bp.blogspot.com/-TvyriLBGPhI/TdTThCtpp8I/AAAAAAAAADc/0gM0gOngp2U/s320/nat444.PNG" style="margin-left: auto; margin-right: auto;" width="320" /></td></tr><tr><td class="tr-caption" style="text-align: center;">CGN is NAT44 on the SP end, CPE's are also running NAT</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"><br /></div>So you'd have two RFC1918 addresses back to back. The idea is to extend the 1918 space as much as possible.&nbsp; Prolong the pain if you may.<br /><br />The deployment models are varied. There's a NAT on a stick model that eliminates NAT from the main data path and uses source-IP based routing - This has <strike>almost </strike>killed our network several times.<br /><br />You also have an inline model that forces all traffic to use the NAT path. You get a single point of failure as bonus.<br /><br /><b>Reasons I agree with alot of people that this is not an ideal solution:</b><br /><ul><li>The most easy to identify from the diagram above is conflicting address space between the customers and SP's. there's a <a href="https://tools.ietf.org/html/draft-weil-opsawg-provider-address-space-02%20">draft proposal</a> for shared address space that Im yet to read.</li><li>A single level of NAT (NAT4?) was very prevalent, and it worked to a large extent. Applications won't be aware of the other tiers of NAT which will undoubtedly break a few things.</li><li>Troubleshooting will be a mess. I mean how many NAT's are we to learn - NAT, NAT4, NAT44,NAT64 - dare I say I expect someone after using all v6 space to propose <a href="http://en.wikipedia.org/wiki/Number_of_the_Beast">NAT666</a>&nbsp;</li><li>Application developers will have a hard time predicting or trying to work in what technologies will be used to reach their content/run their apps.</li><li>There will be contention for port pools. Remember some applications leverage multiple ports to speed things up, NAT will be doing the same which means some customers will definately notice 'slow internet'.</li><li>Accountability and logging? forget it in NAT44. </li></ul><b>A few reasons why it will most likely be adopted more for IPv6 transition:</b><br />- It is well understood - I think * I suspect the real culprit is the ease of deployment not a good understanding, Most network engineers have no idea how NAT affects applications and guys writing apps have no clue how the network affects their work. Some do, actually most do, they just dont seem to be running networks. They're made managers:-)<br />- Its easy to enforce policy<br />- cluelessness/laziness/low budget/misplaced priorities <br />- NAT44 devices on the client end wont require replacing.<br /><br /><b>Fact:</b><br />- This NAT44 thing will be installed, mostly the NAT on a stick model.<br />- Customers WILL be affected during&nbsp; the IPv6 transition<br />- It is inevitable that someone somewhere will be forced to host their application on an IPv6 only site. I expect this to begin happening in the next 3 years.<br />- Worse, it is inevitable that some devices maybe for home automation, maybe some large scale rfid tags to track rhinos , whatever, some device somewhere will be deployed without an IPv4 option.<br />-Even worse or better, high chances are they wont be connecting to a typical enterprise network, most likely going to be a mobile network of sortes. 3g/edge/umts/lte/wimax.<br />- the last fact from me here is that not many people know what is happening. there are too many prevailing not necessarily agreeing views on IPv6/IPv4 depletion, transition mechanisms and the effects on the internet.&nbsp; I get the feeling 'no one really knows'...I sure as hell don't, but read widely, listen, work with others...who knows what sort of enlightened state we'll be in later.<br /><br /><b>Funny </b><br />In this part of the world -kenya, most mobile operators especially at high management level still have 'heads in the sand' as far as IPv6 is concerned. Early adoption would probably benefit them the most.<br /><br />1-AFRINIC is probably the only RIR today that still has V4 addresses to dish out to LIR's.<br />*I posit that this could create a false sense of security for african operators forgeting that most of their customers access content 'outside' Africa, if said content is switched to IPv6, we're done for and the sad thing is most network admins might not be ready to explain to 'the suits' higher up what the hell happened.<br /><br /><b>References:</b><br /><b>*For any reference to an rfc, google for it or&nbsp; head to the <a href="http://tools.ietf.org/">ietf site</a></b><br />•&nbsp; “basic-nat44” (Reference [RFC 2663])<br />•&nbsp; “napt44” (Reference [RFC 2663])<br />•&nbsp; “stateful-nat64” (Reference [NAT64])<br />•&nbsp; “stateless-nat64” (Reference [XLATE])<br />•&nbsp; “basic-nat66” (same as basic-nat44 but for IPv6 family)<br />•&nbsp; “basic-nat-pt” (Reference [NAPT])<br />•&nbsp; “napt-pt” (Reference [NAPT])<br />•&nbsp; “twice-nat44” (Reference [RFC2663])<br />•&nbsp; “dynamic-nat44” (Dynamic SRC Address-only)<br />•&nbsp; “stateless-nat66” (Reference [NAT66])<br />•&nbsp; “napt66” (same as napt44 but for IPv6 family)<br /><br />*<a href="http://www.juniper.net/us/en/local/pdf/implementation-guides/8010076-en.pdf">A Juniper implementation guide</a><br />* <a href="http://www.nanog.org/meetings/nanog50/presentations/Wednesday/NANOG50.Talk65.weil-SP%20NAT44.pdf">a paper from nanog</a><br />* <a href="http://www.networkworld.com/community/node/44989">jeff doyles post over at network world</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6492234422021287803?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-3122711914131041822011-05-17T10:31:00.002+03:002011-05-17T10:40:28.801+03:00<a href="http://www.jackrooster.com/">http://www.jackrooster.com/</a><br /><br />Well the site came out really well, and if you ever need to listen to great tunes with a twist...head over to<a href="http://www.jackrooster.com/"> Jack's site</a> .<br /><br />Yes yes yes he's a ccie and close friend so the content is valid here:-) go check it out...download a tune, or two...maybe all <a href="http://www.blogger.com/goog_2006424319">3</a><a href="http://www55.zippyshare.com/v/21331486/file.html"> volumes..... </a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-312271191413104182?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-42010379696279500642011-05-17T08:59:00.002+03:002011-05-17T09:02:45.134+03:00on webex meetings you can't really tell where any one is now can you, for all I know Gandalf and Frodo are on the call while flying over the shire....<br /><br />So it was around 3pm (Monday) and a meeting request pops up. Easy I tell my self, open it, two attachments hmm...pdf- well we can read that. double click, takes a while to load up, double click the other one just so we can at least have a clue on what both are:<br /><br />Document 1: - LLD from from cisco on UCS design<br />Document 2: - another one for the DCI - Data center interconnect.<br /><br />Total: 220 Pages. Review and discuss on Tuesday.<br /><br />Well my DC-fu sucks, rather sucked, my experience with NX-OS never went beyond me drooling over the boxes and marvelling and dreaming at all the adventures I'll have with the shiny box, and al those modules you can pull out on a nexus 7K....awesome...by the way if you did a data center before 2009, the skills are not transferable, so many changes in there, its all about virtualization now, many more services, fancy terms...aiyaiyaiii...<br /><br />Lets go back a bit: last month I had purchased or rather loaded <a href="http://my.safaribooksonline.com/book/networking/vpls/9781587059988">Interconnecting Data Centers Using VPLS (Ensure Business Continuance on Virtualized Networks by Implementing Layer 2 Connectivity Across Layer 3)</a> to my bookshelf on<a href="http://my.safaribooksonline.com/"> safari</a>. (now I know vpls is a terrible choice for DCI, i also know why), I also went through most of the DC <a href="http://blog.ioshints.info/">webinars&nbsp; </a>(I can't think of a better educational investment than <a href="http://blog.ioshints.info/">Ivan's webinars</a> and a <a href="http://my.safaribooksonline.com/">yearly Safaribooks</a> subscription) and re-learnt the difference between OTV,VPLS and pseudowire) a separate post will describe how and why we use them here (I work for a <a href="http://safaricom.co.ke/">telco</a>).<br /><br />So yes I think I moved from novice to just about clueful in a month. Today we have a kickoff meeting where I'll try and show off all my wondrous knowledge in the hope someone decides Im fit to be let loose on the shiny boxes....Yes I managed to go through the documents at a price....Im still sleepy, <a href="http://nairobijavahouse.com/html/home.htm">coffee</a> doesn't seem to be helping much....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4201037969627950064?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-19628747238716916782011-05-16T09:22:00.000+03:002011-05-16T09:22:48.638+03:00<a href="http://www.vyncke.org/ipv6status/detailed.php?country=ke&amp;type=">IPv6 deployment status</a><br />Kenya's ipv6 deployment sucks, heck we don't have AAAA records even for google.co.ke,safaricom.co.ke etc...which pretty much means <a href="http://www.ipv6day.org/">June 6 th</a> - IPv6 day will hopefully break something - I hope that happens if only to get the sleeping execs up....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1962874723871691678?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-68374218572014380952011-05-15T18:59:00.002+03:002011-05-15T19:30:48.123+03:00Now I went out and subscribed to <a href="http://www.ioshints.info/">webinars</a> that are recorded on webex . Unfortunately for me, ubuntu doesn't have a player for arf and wrf formats. If you're in that bowl of soup...fear not, here's what you do:<br /><br /><a href="http://support.webex.com/support/downloads.html">webex</a> provides a host of tools to make your life easier. The one you need is the <a href="http://support.webex.com/supportutilities/nbr2mp4.tar">converter</a> for arf to mp4 that vlc or most media players can handle.<br /><br />Its really simple:<br /><pre class="source">wget http://support.webex.com/supportutilities/nbr2mp4.tar<br /></pre>untar and extract a '.sh' file<br /><pre class="source">tar - xvf nbr2mp4.tar</pre><pre class="source">chmod +x<br />./nbr2mp4.sh<br /></pre><br />a folder nbr2_mp4 will be created, go in there and run<br /><pre class="source">./nbr2mp4 'abcd.arf'<br /></pre>output will be<br /><pre class="source">abcd.mp4<br /></pre>or whatever you want to name it.<br />you can change the FPS - frames per second to whatever you need. I left the default 5 for my case.<br /><br />As its working, you can preview the file just to be sure it works with vlc in the /tmp directory. a file like:<br /><br /><pre class="source">cd /tmp<br />ls -lrta <br />-rw-r--r--&nbsp; 1 jgitau jgitau 1355776 2011-05-15 18:50 wbx_nbr_3523.h264<br /></pre>will be available. when its done - it takes a while, you'll get an mp4 file that you can play.<br /><br /><pre class="source">vlc wbx_nbr_3523.h264<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6837421857201438095?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com2tag:blogger.com,1999:blog-8812919976949872507.post-62684523137266666692011-05-15T18:25:00.001+03:002011-05-15T19:02:47.260+03:00well this weekend has passed lazily. I watched green lantern - first flight thrice (third time bacause my neighbors son insisted on it - we both loved it.<br /><br />Read <a href="http://my.safaribooksonline.com/book/web-development/joomla/9780132488013">Joomla!™ 1.6: A User’s Guide: Building a Successful Joomla! Powered Website, Third Edition. </a>over at <a href="http://my.safaribooksonline.com/">safari</a> - I have been working on a few sites. Between Joomla, Drupal and Plone I have to choose a CMS. Joomla and Plone4 seem to be winning out for various reasons but thats neither here nor there.<br /><br />I also went through <a href="http://www.ioshints.info/">Ivan's</a> webinar on upcoming internet challenges and decided oh hey...look some affect me:-)...<br /><br />The top one is the fact that TV over access networks is now a reality in Kenya. DSTV started streaming over <a href="http://www.telecompaper.com/news/dstv-safaricom-launch-mobile-tv-service">safaricom's network</a>. Which means my cell phone is a tiny media house now. It's not yet 'that killer app' but we're headed there. compared to netflix's 1M subscribers connecting through Level 3 doing about 3Tbps, we're nowhere near that capacity.<br /><br />NAT - arghh this one pains me, its even worse -for me-that some of the solutions being proposed for <a href="http://technet.microsoft.com/en-us/library/bb457042.aspx">ipv6 is NAT</a>.....we're lazy...again<br /><br />The other one is business model failures. and misleading service definitions. I think we're still experimenting with how to bill data. I expect a lot of money to be wasted especially with DPI's and trying to bill per service<a href="http://./">.</a> Imagine if you were billing skype as a service, now Microsoft bought them and suddenly your DPI will probably need to look at totally new metering bits/rule base to decide on what/how to bill. The effort is not worth it. chances of messing up and pissing off customers is high.<br /><br />In a few networks I know, DPI is used for good. It ensures fair usage for all.<br /><br /><br />Unbundling the local loop in Kenya is quite easy with the right policies. Heck I think it would fit very nicely for a startup based in one of the upcoming high growth counties.<br /><br />and there's more and it goes on...some day i'll be writing better...for now you're stuck with my thoughts and notes...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6268452313726666669?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-17396334882248914372011-05-12T21:56:00.000+03:002011-05-13T23:45:28.071+03:00<a href="http://www.bloomberg.com/news/2011-05-12/kenya-customs-faces-cargo-clearance-delays-no-revenue-loss-1-.html">Kenya Revenue Authority's </a>data center had a power upgrade go wrong and affect several services by disrupting the supply chain of goods, specifically there are widespread fears that this could trigger another fuel crisis, or worse be used as an excuse for one.<br /><br />Looking back at my escapades with data centers, many many lessons have been learnt. The one that tends to ring true over and over again is how power and its design is important in a data center. Trying to recover services especially poorly documented services can take ages.<br /><br />It also brings home the fact that no matter what scale of services you are running, business continuity is not something to take lightly. Make all the critical data centers and services fully redundant.<br /><br />I cant think of a single excuse a revenue collecting authority can have for such an outage. none. the technology and any other resource that might have been a limiting factor several years back is now widely available.....oh well I guess this is a good time to brush up on data center design....it wont be fun...too much has changed, and remained the same...which means mega confusion<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1739633488224891437?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-49750208663891460652011-05-10T15:27:00.000+03:002011-05-10T15:27:16.936+03:00A term I had not come across that definately made it to my document's to get done list* This is probably a *hint* to one of the things keeping me busy this week.... <br /><a href="http://web.mit.edu/e-club/hadzima/founders-memo.html">Founder vesting</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4975020866389146065?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-9731587471100563972011-05-09T15:51:00.000+03:002011-05-09T15:51:08.432+03:00I had pretty much the same boy dreams, go out play in the mud not get bullied, bully girls especially ones i was attracted to (was it just me?). I mud slid, rode 'shot gun' in a pickup, picked my nose...you know little boy things.<br /><br />My mother had the usual dreams for her son. He'll be a doctor and take care of all of us in old age! she imagined. Or he will go to America and come back an educated young man - can't even remember what i was to study there:-). (It was a fad that has most of my cousins currently living overseas). I laughed at jokes and farted around and went out and rode my grandfathers bike, or played hide and seek at the mango farm.....<br /><br />Today, I still play, the toys are bigger, Im chasing the same things I used to, I try to be nice to the girls, I have travelled more than most and I turned out to be a pretty decent network engineer/<a href="http://www.farmken.com/">farmer</a>/brother/friend/uncle....so life has been good, it has been very random, weirdly twisty and I have been very very lucky so far.....its great to be me - and no I had nothing better to write but hey--its life go be alive....<br /><br /><br />hmm ok so Im reviewing some materials for the CISSP certification - might as well get that over with - (I attended the training a while back but had no idea if I wanted the certification or not) - then realized banks love it.<br /><br />I'm also subscribing to Ivan's webinars just so I can get all the <a href="http://www.ioshints.info/Subscription/Recordings">data center webinars</a> he's been conducting. see I had something technical to say:-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-973158747110056397?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-148428096855981652011-05-05T13:22:00.001+03:002011-05-06T09:54:43.745+03:00Well look what finally arrived ............<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-AhQ12NBFnck/TcJ6FNHi4kI/AAAAAAAAAEE/Q8ZtbzXRP_8/s1600/CCIE-plaque.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-AhQ12NBFnck/TcJ6FNHi4kI/AAAAAAAAAEE/Q8ZtbzXRP_8/s320/CCIE-plaque.jpg" width="320" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-14842809685598165?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com2Nairobi, Kenya-1.2833333 36.81666670000004-1.4233928 36.61468920000004 -1.1432738 37.01864420000004tag:blogger.com,1999:blog-8812919976949872507.post-64204048989903176302011-05-05T11:06:00.001+03:002011-05-05T12:00:31.391+03:00Look If you are one of those bozo CIO,CTO,CCC,CKT or whatever acronym that will make me rich by moving your stuff to a cloud while concurrently being thoruoughly clueless about it, please:<br /><br />1: Get my contacts right. You might forget it during a meltdown and I need the money.....<br />2: And this is important, learn,read up on cloud services, what they are, what to do when<a href="http://aws.amazon.com/message/65648/"> the clouds go 'poof'</a> automagically. Just because jesus rode one doesn't make them fool proof.<br /><br />Seriously guys, you still need redundancy, you still need to think about the design and you most definately need regular audits no matter who is providing the service to you. Yet another reason I don't advocate for Kenyan companies hosting anything outside our borders....especially if its mission critical like those idiots who installed systems that monitor<a href="https://forums.aws.amazon.com/thread.jspa?threadID=65649&amp;tstart=0"> 'patients pacemakers' </a>in the 'clouds'.<br /><br />If you are a network admin, get clued in on this 'cloud thing', its gonna be bread and butter alongside IPv6. Start small, install vmware, mess around with esx, steal a nexus switch or oh well justlearn something to sound intelligent when the friggin' cio/cto wants to talk cloud....<br /><a href="http://www.standalone-sysadmin.com/blog/2011/04/the-silver-lining-of-amazons-cloud-issues/">http://www.standalone-sysadmin.com/blog/2011/04/the-silver-lining-of-amazons-cloud-issues/</a><br />I especially liked this one:<br /><a href="http://evilrouters.net/2011/04/29/the-ec2-ebs-outage-what-amazon-didnt-tell-you/">http://evilrouters.net/2011/04/29/the-ec2-ebs-outage-what-amazon-didnt-tell-you/</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6420404898990317630?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-89836909991770320332011-05-03T14:07:00.000+03:002011-05-03T14:07:11.024+03:00I was messing around with wireshark today.You have two kinds of filters:<br />Display filters and capture filters. Capture filters are especially important if you don't have alot of space and post processing 'power' on your laptop/pc.<br /><br />Display Filters samples:<br />Only display packets sent to or received from 10.10.10.10<br /><pre class="source">Filter 1: ip.addr == 10.10.10.10<br />Filter 2: ip.src == 10.10.10.10 or ip.dst == 10.10.10.10<br /></pre>Only display packets sent to 10.10.10.10<br /><pre class="source">Filter: ip.dst == 10.10.10.10<br /></pre>Only display packets sent from 10.10.10.10<br /><pre class="source">ip.src == 10.10.10.10<br /></pre>Only display TCP port 53 packets <br /><pre class="source">tcp.port eq 53<br /></pre>Only display TCP port 110 or UDP port 53 packets<br /><pre class="source">tcp.port eq 110 or udp.port eq 53<br /></pre>Display packets from every IP apart from 10.10.10.10<br /><pre class="source">ip.addr != 10.10.10.10<br /></pre>Only display or DNS traffic <br /><pre class="source">arp or dns<br /></pre>To see POP passwords <br /><pre class="source">pop.request.command == PASS<br /></pre>To display FTP commands including USER and PASSWORD:<br /><pre class="source">ftp.request.command<br /></pre>For displaying ALL frames with the word PASS in them:<br /><pre class="source">frame contains 50:41:53:53<br /></pre><br />For the capture filters, the same sort of format is used. Please<a href="http://www.mindcert.com/resources/MindCert-Wireshark-MindMap.pdf"> follow this link </a>on how to go about some of them....a good third-world-networker needs to know his/her way around wireshark or whatever you use for packet capture.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8983690999177032033?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-40730795281803371852011-05-02T22:59:00.006+03:002011-05-02T23:23:50.955+03:00As I watch<a href="http://brokenpipes.blogspot.com/"> Himawan's</a>&nbsp; <a href="https://cisco.webex.com/ciscosales/lsr.php?AT=pb&amp;SP=MC&amp;rID=51282027&amp;rKey=fdb28637e25db938">webex recording </a>on the ccie program and some new bits he worked into the program. His story fascinates me. I like the focus and dedication he has shown so far. I decided to post this just for me to keep track of things. <br /><br />its been an interesting month. as a couple of you know,after passing CCIE, I have been away from work focusing on some personal projects that had been long neglected, resting and giving my career plans some serious attention. <br /><br />At this point, my main motivation is money, I borrowed lots of money to take the CCIE (I'll do a post on what it costs a third world networker to do some of these things) so it really has to pay that back - and then some. Soon, the focus can move back where it matters. Getting the best exposure and personal satisfaction from what I do on a day to day basis.&nbsp; <br /><br />Now Im back at work and I think I can pretty much throw my digested mind map here.<br /><br />Option 1:<br />Stay at my current job, negotiate for more cash. This is my preferred option, but Im a terrible negotiator. The only issue I foresee here is the remuneration. That sucks. Other than that it is the perfect place to work, it offers the best opportunities for technical growth and <a href="http://packetattack.org/2011/03/09/of-greener-pastures-the-fences-other-side-finding-the-perfect-compromise/">I doubt the grass will be any greener </a>elsewhere as far as a good work environment goes. There's also exciting change happening and it almost has that 'start up feeling' that I like. It also exposes me to everything I'd like to be doing technically. LTE, CCIE SP, IP transformation,project management and a training component.<br /><br />Option 2: <br />Work for a cisco partner that actually requires my ccie number more than my skill - for now. This is most definately the easiest option as far as getting more money and a new job goes - 2 solid offers received already so yeah a ccie helps. But most of them do not do service provider networks so I'd be bored senseless. I hat being bored. However we/they can grow the business and get some SP's in. I'd also most likely pursue a JNCIE* and a CCIE-Security - to kill the boredom and they would be paying:-).<br /><br />Option 3:<br />Work for a Telco integrator like NSN or Ericsson or Huawei. Definately worth looking into. I am fascinated by LTE, IP RAN and the whole mobile network ecosystem/revolution. I also have a very strong background having run a mobile PS core for 3+ years before my current IP NGN role. I probably wouldn't pursue any other certfications. However I'd most definately improve on my multivendor skills so some juniper and Alcatel experience would be pursued.<br /><br />Option 4:<br />Work for Cisco. Well I guess just for the multiple CCIE's (I would really like the voice and SP) and the opportunities that would open up. This option is actually quite high up on my list especially if at some point I get a role that deals with the ASR 5K's and general SP -NGN mobile networks like stuff. I however know for sure that this BU is not represented in Kenya and I'm not really interested in starting from the bottom or from another office and working through the maze that is Cisco.<br /><br />Option 5:<br />consult - basically take on contracts and go work wherever id be needed.anything from GGSN's, IP NGN, migrations, ipv6, whatever ....&nbsp; I would get to travel and earn lots of cash. Im not so sure why I dont like this option given that its the easiest path for me. I'd have to be desperate to pull this trigger. <br /><br />Option 6:<br />Set up my/our own shop and hustle it out as a consulting/training company. This takes quite some work. Just working on filling a business model working in business plans, deciding on partners etc is enough headache already. While I have lots of practical experience, I tend to over think things so ehh...hmm... I can pursue whatever certifications I feel are relevant to market the 'shop'. I'd probably have to do more to improve on my voice and security. I also have a very good network as far as contacts go.. This definately offers more long term benefits but in the short term it will be quite busy. definately also near top of my list.....<br /><br />Option 7:<br /><br />become a farmer:-) -- I could just go deal with Kenya's food security issues....it's a sector waiting to be exploded:-)<br /><br />Im sure I've missed some out.<br /><br />So anyway May marks the second month before I make these decisions so stick around...we'll see how it goes. Either way for all those that have been asking, yes, a ccie comes in handy especially in the EMEA region. go get one:-)<br /><br />Oh I also lifted the following slides:<br />*They were shared on the webex above and I'd suggest you watch that. I make an assumption that the numbers are public... <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/--C5U5lJDJpU/Tb8Pae7soLI/AAAAAAAAAD8/qd4cb8ZSK8E/s1600/untitled.bmp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="210" src="http://4.bp.blogspot.com/--C5U5lJDJpU/Tb8Pae7soLI/AAAAAAAAAD8/qd4cb8ZSK8E/s320/untitled.bmp" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-a7AeeKncIuw/Tb8PiEPT-fI/AAAAAAAAAEA/LZYvXe_E-0A/s1600/untitled1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="http://2.bp.blogspot.com/-a7AeeKncIuw/Tb8PiEPT-fI/AAAAAAAAAEA/LZYvXe_E-0A/s320/untitled1.JPG" width="320" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4073079528180337185?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-38556138596904627012011-05-01T14:45:00.000+03:002011-05-01T14:45:52.809+03:00Ahh have.had taken some time off work/blogs/internet and generally umm people...I almost feel great....one more month to go before making some major career decisions (I had decided on a two month period to re-evaluae my career goals and seek/improve opportunities)...so this month (May) is bound ot be a bit tense and interesting for me....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-3855613859690462701?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-68510568963611773222011-04-16T19:22:00.005+03:002011-04-16T19:57:24.821+03:00I spent a frustrated morning try to upload/restore a friends backup to his server and skype my cousin at the same time. I am currently using the safaricom 3G service as my primary connection but had to fall back to an alternate providers broadband for this upload (I required a consistent uninterrupted service for this upload). 3G has always served me well - since i moved <a href="http://third-world-networker.blogspot.com/2011/03/my-ccie-lab.html">my lab - more like sold some of mine to use the work lab... </a><br /><br />In the meantime, I started messing around with some tools trying to figure out this 3G 'issue' and the effect of large buffers more out of curiosity - It (3G) really serves me well when its working, that and I was bored...<br /><br />A few things to note:<br />- Today is a saturday so I expect more contention since the sites around here serve residential/home users. Which means that with my large files, TCP is&nbsp; wrecking havoc as usual.<br /><br />Buffers on all the network elements are shared and distributed among all clients, the radio controllers are shared and obviously we share the internet backhaul networks. That initial connection to the Radio is what I was curious about.<br /><br />We have gone through cycles of high capacity at the edge, then at the core then to the edge again. In the past it used to be that Dialup users in Kenya rarely cumulatively filled an ISP's capacity, Newer technologies like DSL, frame relay, ppp multilink saved the consumer but moved the bottleneck to the core.<br /><br />The internet has a single method of mitigating/signalling congestion. By dropping packets.This is the only way you notice that 'hey, that packet never arrived, and do something about it'. Windowing (tcp) is built around this mechanism. The other mechanism is known as Explicit congestion Notification (ECN). It's like telling your friend on your way to work driving in the opposite direction ', Hey, the road is flooded back there', use another route or dont go at all.<br /><br />The best solution is always more capacity, however you can only get so much with 3G/edge/gprs. What most computers and home routers have nowadays is huge buffers. Buffers increase delay - because you pack the packet longer. Which means some packets get to their destination pretty much useless. Its like being in traffic jam past a doctors appointment time. getting there late is useless. So the very solutions you build in (longer jam controlled by a traffic cop) tends to break the network more.<br /><br />Remember the internet and our networks rely on packets dropping to deal with congestion. excessive buffering breaks that.<br /><br />So back to <a href="http://www.umtsworld.com/technology/overview.htm#a1">3G</a>; please note most of what powers 3G and Edge (actually lets focus on 3G) was designed at a time telecommunication networks didnt care much about data. So obviously transmitting 1500bytes as a single packet is pretty much impossible (ie the MTU on most of those systems is much much lower). This obviously calls for alot of what tcp is known for - fragment, transmit, reorder and ----buffering.<br /><br />Unfortunately I decided on this article at a time when the 3G network seems to be okay. at least the RTT are not as bad as earlier in the day. <br /><pre class="source">C:\Documents and Settings\jgitau&gt;ping 196.201.208.2<br /><br />Pinging 196.201.208.2 with 32 bytes of data:<br /><br />Reply from 196.201.208.2: bytes=32 time=84ms TTL=56<br />Reply from 196.201.208.2: bytes=32 time=104ms TTL=56<br />Reply from 196.201.208.2: bytes=32 time=83ms TTL=56<br />Reply from 196.201.208.2: bytes=32 time=111ms TTL=56<br /><br />Ping statistics for 196.201.208.2:<br />&nbsp;&nbsp;&nbsp; Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br />Approximate round trip times in milli-seconds:<br />&nbsp;&nbsp;&nbsp; Minimum = 83ms, Maximum = 111ms, Average = 95ms<br /><br /></pre><br />So what could possibly have been happening - when things were not working out for me: When you are served by a busy RNC, you have to wait for some time to retransmit the damaged packets, or the RNC to retransmit it to back to you (<a href="http://www.linuxplanet.com/linuxplanet/tutorials/6534/1/">tcp 101</a>). Most of these are buffered waiting completion (remember each packet is fragmented then put together for onward transmission). Also remember TCP is end to end, however on a 3G network, the said 'end points' are actually multiple endpoints. You probably use up about 8 - 10 IP addresses for each connection - RNC to the Core, SGSN to GGSN, GGSN to the Internet etc- each of those elements have to bring up a session for you to transmit....<br /><br />By not signalling congestion, the buffers fill up because the endpoints never backed off. The buffers stay full until the load lessens.&nbsp; Suddenly all of you 'clients' are suffering and complaining but the RNC can't really do much for you now can it?...<a href="https://gettys.wordpress.com/2010/12/08/bufferbloat-mitigations/">So is buffering bad? </a><br /><br />This whole thing becomes worse when you try tuning stuff and realize that the bandwidth for 3G is variable. I say pick an amount lets say a conservative 128K and tune your system with if you are so inclined.<br /><br />I have no point here today other than to say that 3G networks are not easy to predict. The RNC is the first bit that actually deals with your packet and more often than not is going to be the first culprit when congestion occurs. Everything else from there on is able to handle larger packet sizes. ehh no wait there's an SGSN just after that:-)....End to end qos could help but I know of no one implementing it...I however look forward to LTE and maybe a technology like HSUPA - what that does is eliminate the number of buffers you have to deal with. <br /><br />Sooo tools I use frequently or would like to use more of: - I put some of them here just so I remember where to find them....:-)<br /><a href="http://tstat.tlc.polito.it/index.shtml">tstat</a><br /><a href="http://www.measurementlab.net/measurement-lab-tools">Mlab has&nbsp; set of tools</a><br /><a href="http://www.xplot.org/">xplot</a><br /><a href="http://www.tcptrace.org/">tcptrace</a><br /><a href="http://n3.netalyzr.icsi.berkeley.edu/">netalyzr and a sample output from my 3g connection</a><br /><br /><a href="http://netalyzr.icsi.berkeley.edu/restore/id=ae81b058-26157-6de17181-d1f8-44ad-a5a3">sample output:</a> <br /><pre class="source">Network buffer measurements (?): Uplink 3500 ms, Downlink 430 ms<br />We estimate your uplink as having 3500 msec of buffering. This is quite high, and you may experience substantial disruption to your network performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. With such a buffer, real-time applications such as games or audio chat can work quite poorly when conducting large uploads at the same time.<br />We estimate your downlink as having 430 msec of buffering. This level may serve well for maximizing speed while minimizing the impact of large transfers on other traffic.&nbsp;</pre><pre class="source">&nbsp;</pre><br />Note the Uplink buffer above. So obviously my skype suffered if i uploaded the 'huge' files on one computer while skyping on another.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6851056896361177322?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-8716006019691741012011-04-13T13:47:00.001+03:002011-04-13T16:36:29.673+03:00When companies engage a network designer be it in house or a consultant, one of the most beautiful things is that post implementation feeling; there's always a change. Mostly for the better. The value is visible, the ROI immediate - well almost.<br /><br />Quite a number of design recommendations are left out, compromises are made, its very engaging. Also, as was with the last major design work I undertook, some companies do actually get into the design process with a clear understanding of the role they must play, what is required, the support they must accord and a willingness to let their networks be transformed by it (the process). I'll also add having the right engineering team to push some good decisions that look unnecessary to the management is sometimes necessary.<br /><br />There has to be a management solidly behind innovation, new technologies and technique of doing things. For instance the choice between eigrp/OSPF or ISIS should really not start a debate with management ditto anycast vs load balancers for some services? let the guys decide and justify their design.<br /><br />Good design also happens to be a single element in the overall system. It has to be supported by the business. It has to influence the business, It has to be fed by the business, it has to fit into it's culture, support its products.<br /><br />In the end its fun watching a good design get implemented, its even better watching others work on it, change things, enhance it, grow it. It's very satisfying.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-871600601969174101?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com2tag:blogger.com,1999:blog-8812919976949872507.post-41792817420586596122011-04-12T10:25:00.003+03:002011-04-15T11:07:17.400+03:00several things are slowly taking shape. one is annoying:<br /><br />I still can't find a credible cisco learning partner to work with towards getting a ccsi. <br /><br /><br />It could however prove to be an interesting opportunity too...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4179281742058659612?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-69357392527151670692011-04-11T00:04:00.009+03:002011-04-11T01:09:35.290+03:00I hate that this blog hasn't focused a lot<a href="http://packetlife.net/blog/2010/dec/13/blog-examples-going-ipv6-next-year/"> more on ipv6</a>. I take solace in the fact that mobile networks are not going to ipv6 soon (mainly out of ignorance if you ask me), Infact I suspect they will have to be forced to use it since no one will be thinking about it if the decision is left to the guys I see making current decisions in the telco space (imagine if apple released an IPv6 only iphone).<br /><br />Mobile operators stand to benefit the most from IPv6 mainly from <a href="http://www.ipv6style.jp/en/special/20051226/index.shtml">M2M applications/communications</a>. Incidentally People so afraid of change are unfortunately in charge of moving us forward (from the regulator to the operators). Focus on mobile number portability has wasted lots of time. a few people saw it as the dead end it seems to be.<br /><br />Its a clear case of the blind leading the sighted:-) I see it in the whole industry, there's alot of talk in mailing lists about 'issues' but no action *Please read disclaimer below if you're about to rant*. Politics doesn't get work done.<br /><br />It will be a consultants field day:-) when IPv6 gets forced on the networks. Closer to home, we have some internet peering but dont have a single service on IPv6 (2c0f:fe38::/32): from the <a href="https://support.cw.com/prod/tools_lookingglass.html?CW=30978ebc3b887ace1dac3ac8c9ac266c">cable and wireless looking glass</a> you'll find us represented:-) I would really like to have some<a href="http://playground.sun.com/ipv6/presentations/dec2001/3gpp-design-team.ppt"> IPv6 pdp contexts </a>activated, an IPv6 dmz, to test end to end mobile IPv6.<br /><br /><pre class="source">inet6.0: 5546 destinations, 31745 routes (5535 active, 0 holddown, 14 hidden)<br />+ = Active Route, - = Last Active, * = Both<br /><br />2c0f:fe38::/32 *[BGP/170] 2w3d 09:10:07, MED 0, localpref 80<br /> AS path: 6453 33771 I<br /> &gt; to 2001:5002:100:4::2 via ae0.1404</pre><br />* so yes our network is IPv6 ready, we can definately provide IPv6 connectivity but we again haven't really tested any service - yet, and you wont have many places to 'go' to that areipv6 enabled. I however wish you'd begin testing. Believe me you'll save money in the near future.<br /><br />we haven't progressed the <a href="http://isoc.org/wp/worldipv6day/">IPv6</a> initiative as much as we should have in Kenya either, the network guys seem ready. The <a href="http://www.kixp.or.ke/index.php?option=com_content&amp;task=view&amp;id=35&amp;Itemid=34">local exchange point</a> has a bunch of us IPv6 peering, but we as yet have no applications running on it - apart from DNS and hmm I wonder if the google global cache reachable through <a href="http://www.kixp.net/">KIXP</a> is <a href="http://www.google.com/intl/en/ipv6/">IPv6</a> enabled.<br /><br /><br />tracing to the ipv6.google.com uses our international link so I guess not, or I used the wrong fqdn.<br /><br /><pre class="source">Primary#traceroute ipv6 ipv6.google.com</pre><pre class="source">Type escape sequence to abort.<br />Tracing the route to 2A00:1450:8002::93<br /><br />&nbsp; 1 2001:5A0:C00:100::35 [AS 6453] 292 msec<br />&nbsp;&nbsp;&nbsp; 2001:5A0:C00:100::15 224 msec<br />&nbsp;&nbsp;&nbsp; 2001:5A0:C00:100::35 248 msec<br />&nbsp; 2 2001:5A0:2A00:100::1 [AS 6453] 180 msec 180 msec 180 msec<br />&nbsp; 3 2001:5A0:2000:400::2 [AS 6453] 188 msec 188 msec 184 msec<br />&nbsp; 4 2A01:3E0:FFF0:400::D [AS 6453] 188 msec 188 msec 188 msec<br />&nbsp; 5 2A01:3E0:FF80:100::9 [AS 6453] 200 msec 196 msec 196 msec<br />&nbsp; 6 2A01:3E0:FF20::3A [AS 6453] 196 msec 220 msec 196 msec<br />&nbsp; 7 2001:7F8::3B41:0:1 [AS 6453] 200 msec 228 msec 200 msec<br />&nbsp; 8 2001:4860::1:0:10 [AS 6453] 228 msec 200 msec 200 msec<br />&nbsp; 9 2001:4860::1:0:8 [AS 6453] 208 msec 208 msec 204 msec<br />&nbsp;10 2001:4860::8:0:2AC3 [AS 6453] 212 msec 212 msec 212 msec<br />&nbsp;11 2001:4860::2:0:87D [AS 6453] 212 msec 208 msec 220 msec<br />&nbsp;12 2001:4860:0:1::25 [AS 6453] 216 msec<br />&nbsp;&nbsp;&nbsp; 2001:4860:0:1::23 212 msec<br />&nbsp;&nbsp;&nbsp; 2001:4860:0:1::25 220 msec<br />&nbsp;13 2A00:1450:8002::93 [AS 6453] 208 msec 212 msec 208 msec<br /><br /><br /></pre>I hope and wish to have a full IPv6 DMZ (dns,smtp,ntp,pop,www,wap,looking glass etc) by the <a href="http://isoc.org/wp/worldipv6day/">IPV6 day.</a> <br /><br />So...scoot over to the <a href="http://isoc.org/wp/worldipv6day/how-to-join/">isc </a>. its important to note here that whether we like it or not, among others, <a href="http://en.wikipedia.org/wiki/Facebook">Facebook</a>, <a href="http://en.wikipedia.org/wiki/Google">Google</a>, <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Yahoo" title="Yahoo">Yahoo</a>, <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Cisco" title="Cisco">Cisco</a>, <a href="http://en.wikipedia.org/wiki/Akamai_Technologies">Akamai Technologies</a>, <a href="http://en.wikipedia.org/wiki/Limelight_Networks">Limelight Networks</a>, <a href="http://en.wikipedia.org/wiki/World_Wide_Web_Consortium" title="World Wide Web Consortium">W3C</a>, <a href="http://en.wikipedia.org/wiki/Bing_%28search_engine%29" title="Bing (search engine)">Bing</a> (<a href="http://en.wikipedia.org/wiki/Microsoft">Microsoft</a>), <a href="http://en.wikipedia.org/wiki/Tom%27s_Hardware">Tom's Hardware</a>, <a href="http://en.wikipedia.org/wiki/Rackspace">Rackspace</a>, <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Verizon" title="Verizon">Verizon</a>, and <a href="http://en.wikipedia.org/wiki/Juniper_Networks" title="Juniper Networks">Juniper</a> have committed to participating in the experiment<span style="font-size: xx-small;"> (wikipedia)</span>.We will all participate if our users visit sites affiliated with the networks above. so we might as well do something about our infrastructure.<br /><br />what are you doing about it?<br /><br />I am not directly responsible for this infrastructure at work anymore but I'll definately make a concerted effort to ensure our customers don't get caught off guard. and now Im sleepy:-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6935739252715167069?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com2tag:blogger.com,1999:blog-8812919976949872507.post-64695005957203805312011-04-10T21:40:00.006+03:002011-04-10T22:28:08.561+03:00Sundays tend to find me at home just hanging out with friends. Today was extra great I did just that with a bonus. I've met someone new (to me) that might very well join my 'the circle of trust'.<br /><br />We (happened to be all CCIE's) - note Kenya has <strike>7</strike> 8 CCIE's so getting more than 3 together is always quite interesting - we basically <strike>threw ideas</strike> discussed the current networking trends, opportunities, where we are, what we are, who we are, how things are done here vs how they happen elsewhere whether there's opportunity to do better than others etc etc....well obviously this paragraph has nothing to do with SDN...<br /><br />SDN (software defined networking) is an NGO promoting change in the way networks are run and managed.<br /><br />It's based on openflow, a relatively new protocol and its supported by some of the biggest users and buyers of networking equipment. <a href="http://www.opennetworkingfoundation.org/">Looking at the list of&nbsp;</a> members this evening tells me that this will be a definite game changer in the future.<br /><br />Soon I hope to get to test the protocol. <a href="http://www.openflowhub.org/display/Indigo/Indigo+-+OpenFlow+for+Hardware+Switches">Indigo</a> have a list of supported hardware. The opengear sounds like something I might just have. If I get at least two, we'll give it a test drive. Either way the idea of commoditiz'ing networking gear is very appealing.<br /><br />anyhow here's a list of places to check on openflow:<br /><ol><li><a href="http://content.blubrry.com/packetpushers/Show-40-Openflow-Upending-Networking-Industry.mp3">: this podcast here is a good start</a></li><li><a href="http://www.opennetworkingfoundation.org/">: openflow networking website</a></li><li><a href="http://blog.ioshints.info/2011/03/open-networking-foundation-fabric.html">: Ivan's analysis of the same</a></li><li><a href="http://www.networkworld.com/news/2011/040711-openflow-big-switch-networks.html">: on networkworld</a></li><li><a href="http://www.linkedin.com/company/big-switch-networks">: A company actually making and hoping and I believe will sell the switches</a></li><li><a href="http://www.openflowhub.org/display/Indigo/Indigo+-+OpenFlow+for+Hardware+Switches">: and another one</a></li></ol>also there's a Linux Software Reference System which lets you run openflow on a linux pc with multiple <a href="http://netfpga.org/foswiki/bin/view/NetFPGA/OneGig/GetStarted">NIC's</a>. Expect something on openflow here at some point in the future. When working with SME's, i expect cheap networking gear like this to feature prominently. Mikrotik is so far my favorite, we'll see how openflow and SDN fare.<br /><br />*Other areas I'm trying to catch up on:- <br /><ul><li>IOS-XR - on CRS-1's </li><li>NX-OS - this one will be tricky. Rumor has it that our new data center (an area I'm weak in) will be running a couple of Nexus. I might have to make new alliances to get a hold of some switches running NX-OS. I am totally clueless on this and can't wait to just power one up.</li><li>LTE - I just ordered three books on LTE (Safari doesn't have much on this). So in a months' time I'll be focusing on it. I might very well move to the section dealing with LTE at work if only to get a grasp of what the vendors are doing. the base level knowledge will have to be read though.</li></ul><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6469500595720380531?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-15498945287301248362011-04-07T23:21:00.001+03:002011-04-07T23:27:44.757+03:00So once upon a short time back I worked on the mobile core (I still insist thats the best team to work with - ever). The interface between the sgsn and the GGSN is called the <span style="color: yellow;">gn</span> interface. (I promise to do more posts on the mobile core).<br /><br />Now our GGSN's were actually a couple of cisco <a href="http://www.google.com/url?sa=t&amp;source=web&amp;cd=3&amp;ved=0CCIQFjAC&amp;url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fios%2F12_4%2F12_4x%2Frelease%2Fnotes%2FrnMWAMxg.html&amp;rct=j&amp;q=mwam%20cisco%20ggsn&amp;ei=wBqeTZH8PMrwsgaDzrS6BA&amp;usg=AFQjCNGHJbl-ObwFXRb34XvlEVJhkDU23Q&amp;cad=rja">MWAM blades</a> hosting several ggsn's each. <br /><br />We used DNS for load balancing traffic from the sgsn to the ggsn. Here's a brief of how it works:<br /><br />during session setup also known as pdp context activation, the sgsn is supposed to set up a tunnel (gtp tunnel) with a ggsn for each&nbsp; session. Now the user uses an 'apn' like 'safaricom' which defines the service a customer is allowed to access. each ggsn is configured to allow a specific apn access, the sgsn looks at the apn, checks a dns server, resolves the apn to a ggsn's ip address and creates the tunnel.<br /><br />DNS is therefore used to decide which ggsn to channel the request to. Multiple DNS servers means you get to load balance the traffic among the ggsn's - round robin. It was not perfect, but it was cheaper than trying to get loadbalancers in.<br /><br />If you'd like to know more about how the mobile core works, how its all put together drop a comment ....the design considerations are definately way more than trying to slap together a document for a pure IP core....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1549894528730124836?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com3tag:blogger.com,1999:blog-8812919976949872507.post-17307614279730885482011-04-07T14:52:00.000+03:002011-04-07T14:52:38.910+03:00It was a really happy happy happy surprise and will be a happy happy happy happy haaapppy day come 15th April if indeed the damn cisco toolbar jingmathingie goes away. I hate it, hate the way it takes up my notebook screens space, hate the way its rendered (I use a linux desktop) hate the way it moves around as I try to focus on a sentence or a word my brain can't process...and just in case you think Im alone just have a look at the number of bloggers waiting with bated breath:<br /><a href="http://blogs.cisco.com/webexperience/cisco-com-toolbar-update/">http://blogs.cisco.com/webexperience/cisco-com-toolbar-update/</a><br /><a href="http://etherealmind.com/cisco-website-sucks-part-2/">http://etherealmind.com/cisco-website-sucks-part-2/ </a><br /><br />while at it they removed something else that really bothered me:<br /><a href="http://blogs.cisco.com/webexperience/death-ofby-toolbar/">http://blogs.cisco.com/webexperience/death-ofby-toolbar/</a><br /><br />now if only they can sort out the fact that a simulator for educational purposes (especially XR) works for them not against them... Chambers already accepted <a href="http://blogs.cisco.com/news/message-from-john-chambers-where-cisco-is-taking-the-network/">here </a>that their strategy was wrong before....not letting guys have access to IOS for educational reasons is a bit medieval, so is hiding simulators in san jose....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1730761427973088548?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-72149438389818066082011-04-06T14:04:00.005+03:002011-04-06T14:16:16.746+03:00Im not sure how to word this post.<br /><br />The cisco&nbsp; 7600-ES+20G3C&nbsp; modules running on c7600rsp72043-advipservicesk9-mz.122-33.SRD4.bin have been misbehaving on me. Here's a short list of issues I've had:<br /><br />One started spewing out the following:<br /><pre class="source">Feb 10 13:37:11.536: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br />Feb 10 13:37:11.544: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br />Feb 10 13:37:13.524: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br />Feb 10 13:37:13.532: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br />Feb 10 13:37:13.544: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br />Feb 10 13:37:13.552: %C7600_ES-DFC9-5-BRIDGE_ASIC_INTR: The Bridge-ASIC-AR[0] interrupt asserted. Addr[0x0200]=0x00000004<br /></pre>Im talking a gagomoth of informational lines, the alarms were not service affecting, Our syslog server was obviously not amused. Note this only happened on one 7609-s (out of more than 20 ). We ended up swapping the module that cooled things off, figuring out along the way that it was due to a bug -CSCtc16746 (that oly affected that node:-)) - weird.<br /><br />- one 20 port module somehow lost functionality on half the ports. I assume there's a chip that controls that half that just conked out.<br />- Another one just 'died' dead dead dead..no light, nothing...it had been working fine, unfortunately that was just before we had installed an external syslog server. So clueless on what happened.<br /><br />(all modules were replaced by cisco in time and we keep spares).<br /><br />Im just trying to figure our if Im the only one going through some wacky do's with the ES+20 modules. <br /><br />Other than that some of the QOS features we have implemented would probably never be possible on other modules....so I still love them):...Moral of the story if any: Pay for support specifically support that replaces modules for you within the shortest time possible.<br /><br />*PS if you have SAMI blades running STP or GGSN or CSG, let me know how thats working out for you too...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7214943838981806608?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-15980527610112160642011-04-06T13:35:00.000+03:002011-04-06T13:35:44.449+03:00<a href="http://packetlife.net/blog/2011/apr/6/live-packet-capture-wireshark-gns3/">Live Packet Capture in Wireshark With GNS3</a><br /><br />This is cool for the guys using gns3 and need to have a look at traces ....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1598052761011216064?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-79691714249443821092011-04-06T11:40:00.024+03:002011-04-06T13:32:06.415+03:00I'll take you back some to 2002. I'd just got my very first job, a semblance of freedom (Im not too sure it wasn't slavery of sorts now:-)), a chance to spread my 'wings', someone had trusted me with their customers as a technical analyst/systems admin/power dude/network admin/billing admin and some other things in between, I was ready to conquer the world .....I was young, full of energy and fresh from ditching campus for part&nbsp; money part frustration part defiance and some bzzzzz word abbreviated as ADD and some excitement.....oh those were happy days.<br /><br /><br /><b>Elsewhere on the internet:</b><br />October 21, 2002 something a bit bigger targeted at a larger audience happened:<br />An attack was launched at all <a href="http://www.isc.org/f-root-denial-of-service-21-oct-2002">13 root servers</a> aiming at disabling the internet itself. the closest we had got to a catastrophe was earlier in April 1997 when 7 root servers went offline for technical reasons.<br /><br />The role of anycast addressing in all this cannot be underestimated. Anycast ensured that a total outage never occured. It continutes to do so for DNS, it can do the same for your organization's services.<br /><br />Anycast is simply the use of routing/addressing policy to choose and use several geographically dispersed targets that "listen" to a service within a receiver group from a single source.<br /><br />So the same IP addressing space is used to address each of the listeners.&nbsp; Layer 3 routing dynamically handles the calculation and transmission of packets from our source ( in our case a DNS Client) to its most appropriate (DNS Server) target. So if I try to resolve cnn.com, the root server at <a href="http://www.kixp.or.ke/">KIXP </a>as opposed to the one in NewYork will respond, which essentially means an outage to the one in New York will not affect us.<br /><br />One of the other significant uses for anycast in the IPv6 arena is the Anycast Prefix for <a href="http://www.getipv6.info/index.php/Cisco_6to4_Relay_Service">6to4 Relay Routers.</a><br /><br /><b>It has a simple operational model:</b><br />6to4 Assigns a block of IPv6 address space to any host or network that has a global IPv4 address.<br />6to4 Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using 6in4.<br />then <br />6to4 Routes traffic between <a href="http://www.ietf.org/rfc/rfc3068.txt">6to4 and "native" IPv6 networks</a>.<br /><br />It's supposed to be a transitional mechanism, I haven't tested it but there is a list of <a href="http://bgpmon.net/6to4.php">relay routers</a> thats <br />constantly updated.Today everyone using 6to4 should now set their default router to 2002:c058:6301:: <br />which is a special magic <a href="http://www.faqs.org/rfcs/rfc3068.html">anycast address </a>for the nearest (in BGP terms) <a href="http://bgpmon.net/6to4.php">Relay Router.</a><br /><br />So now working on the same premise, that anycast can help you distribute a service, a network designer can use anycast by either using IANA reserved addresses or apportioning a part of his/her address space for anycast addressing and distributing applications. Include it in your 'toolbox' for your next design.<br /><br /><b>Practical uses for anycast in our environment:</b><br /><br />1: Depending on how a bank has done their network, geographically distributed ATM's could use it. Well that means banks with newer networks and open to new ideas, old banks have really rigid old 'unchangeable' systems. (because of policy of course). Working on a banks network is both fun and annoying.<br />- Healthcare networks are more open and something like patient records can be distributed using anycast, the same goes for student record in schools. <br /><br />2: We have alot of customers using 3g/edge/umts. They can be configured to send whatever data they collect to the closest server.<br />- For instance each nakumatt or shoe store or a fleet manager tracking his trucks with a distributed network can post truck data, sales or collections or whatever data to a local server that at the back end synchronizes with the main database.<br />- What this ensures is customers especially in large retail stores are always served without suffering WAN delays. (that time you wait as the guy scans your goods, waits for the price to pop up, tallying it up grr).<br />&nbsp;- This obviously depends on the operators network and in extremely good/lucky cases, if <a href="http://www.3gpp.org/ftp/Specs/html-info/23919.htm">direct tunnel</a> is employed then you can get the services like dns,wapgw's,www servers as close to the ggsn's as possible.<br /><br />3: Static databases for corporate use can be installed on all pop's saving you alot of WAN capacity and improving user experience. same as above but directed at where I work:-)<br /><br />4: print servers,mail (smtp) servers,smpp,wapgw's,www servers etc.You can basically have a distributed DMZ give the same IP or dns name to each customer and they would never face some of the issues I've seen around. A service like <a href="http://skiza.safaricom.com/user/mainframe.screen">skiza </a>will be greatly enhanced by this (remember one of the advantages is loadbalancing, and this negates the need for load balancers).<br /><br />5: In a telco, you can have the Ga/Gy/Gi interfaces on the ggsn/sgsn as close to the users as possible. Actually so would the Gr interface. You can shorten the hop count for signalling and save some milliseconds which count for alot in a mobile environment. services like <a href="http://en.wikipedia.org/wiki/GPRS_Roaming_Exchange">GRX</a> services pretty much use an almost similar model.<br /><br /><b>Drawbacks:</b><br />- complexity<br />- Expensive<br />- Difficult to manage and troubleshoot<br />- Monitoring it is a pain<br /><br /><b>Benefits:</b><br />- It works, DNS is a good example, Akamai, Google and a bunch of other large networks use it. <br />- Reliable<br />- Load balances your traffic/internet traffic. google's installation of a caching server at the kenyan exchange point will save us all alot of expensive bandwidth.<br />- localizing DDos and any other issues ie only a small userbase gets affected.<br />- Clients only configure one IP regardless of where you are. Technically you can use a single wapGW,smtp,dns address and anycast takes care of the rest for you.<br />- obviously you get increased availability.<br /><br /><a href="http://www.youtube.com/watch?v=14zDAcOY2VM">http://www.youtube.com/watch?v=14zDAcOY2VM</a><br /><a href="http://www.cshttp//www.faqs.org/rfcs/rfc3068.html.berkeley.edu/%7Ekarthik/research/papers/oasis/">http://www.cshttp://www.faqs.org/rfcs/rfc3068.html.berkeley.edu/~karthik/research/papers/oasis/</a><br /><a href="http://www.lacnic.net/documentos/lacnicxi/presentaciones/Google-LACNIC-final-short.pdf">http://www.lacnic.net/documentos/lacnicxi/presentaciones/Google-LACNIC-final-short.pdf</a><br />google for anycast + bgp+dns or any other keyword....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7969171424944382109?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-7953576974042089432011-04-05T17:06:00.000+03:002011-04-05T17:06:57.360+03:00IP Anycast: Widely known for its role in DNS. Arguably there would have come up a technique to scale DNS to the levels it has. Anycast however has proved to be so resilient It never made sense to change it.<br /><br />DNS: Imagine having a network of several hundred nodes. You need DNS to give meaning to the IP addresses. A traceroute for instance showing the interfaces, nodes,buildings traversed is more meaningful in the middle of the night just before you start pulling your hair than a bunch of IP's showing you a path to a blackhole.<br /><br />SMTP: for sending email from systems.<br /><br />SMPP: for sending SMS in the same manner SMTP does.<br />Perl : for making sense of log files.<br />SNMP: we all use it so I won't spend much time on it. I however in the end show while trying to understand myself how the MIB's and OID's come together. different versions etc.<br /><br />the coming posts (next two weeks) will focus a bit on anycast, its other applications, a few analogies etc...then we'll get on to DNS a service so key in network management that seems to work for some but not for others and why people really don't use it when they should be using it, sample ways to automate zonefile generation etc....How it fits in with IPv6....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-795357697404208943?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-3434188707478219512011-04-01T17:30:00.001+03:002011-04-01T17:32:25.304+03:00The kind of knowledge/education required to get to the higher levels of expertise I aspire to takes years to acquire. Sometimes even experience doesn't cut it. I finally figured/decided that adding training/teaching to regular work will probably work best - for me...!<br /><br />How I think training works well:<br />A) I'll get to read so deeply and critically into the literature of involved topics and their sub-topics till I become an 'expert', and I get to know I am one directly from the reaction from trainees.(yes more than during a ccie because now you get questions from more people for more than a cumulative 8 hour period:-))<br /><br />B) Being able to approach any and all vendor provided literature, RFC's and other technical material with the ability to simultaneously maintain the thought that "this is such a load of crap" and "this is the best paper/rfc ever written!" with my mind all the while coming up with ideas to justify each position.<br /><br />now if only there's a clp this side of the sahara to sort out some pesky learning partner requirements for a ccsi!!!! Seriously I expected it to be easier than I am finding it.... so if you know a cisco learning partner in Kenya (hmm does it actually matter?)..leave the name and number on the comments....(yes I obviously haven't looked around much)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-343418870747821951?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-36946223303598992582011-03-31T10:52:00.002+03:002011-03-31T11:41:27.791+03:00<a href="http://etherealmind.com/who-am-i/">Greg</a> had me all giggly this morning with this<span style="color: yellow;"> </span><a href="http://etherealmind.com/network-dictionary-google-technician/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+etherealmind+%28My+Etherealmind+-+Network+design%2C+architecture%2C+thinking%2C+working.+Tech.%29&amp;utm_content=Google+Feedfetcher" style="color: yellow;">post</a><span style="color: yellow;"> </span>and this<span style="color: yellow;"> </span><a href="http://etherealmind.com/network-administrator-role-going-away/#comment-8740" style="color: yellow;">one</a> :<br /><br /><a href="http://etherealmind.com/network-dictionary-google-technician/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+etherealmind+%28My+Etherealmind+-+Network+design%2C+architecture%2C+thinking%2C+working.+Tech.%29&amp;utm_content=Google+Feedfetcher">“Google Technician”</a> — A&nbsp;google tech is one who googles an issue and sys­tem­at­ic­ally tries every sug­ges­tion that is returned without under­stand­ing or regard for the valid­ity of the response.<br /><br />I find the google techs quite interesting (as per the definition above), I think the same applies to those that pick scripts off the net and try them until something breaks or works (most of the times things work) which sort of fuels the 'google tech' movement.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-3694622330359899258?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-62872461815537507782011-03-29T09:41:00.001+03:002011-03-29T09:51:10.318+03:00We had an interesting incident yesterday. Our network has lots of Huawei and Cisco devices. We use SFP's and XFP's widely on all the platforms. In an ideal world Huawei sfp's should work on Cisco whenever you plug it (there's some HP&nbsp; switches from which I have borrowed SFP's to cisco and Huawei without any problems) in and this was never an issue on the Huawei end. So it's not a consistent problem for me/us.<br /><br />Trying it on an ASR 1006 turned out to not be as straight forward. We had to use a 'hidden command'.<br /><br /><pre class="source">*Mar 28 11:07:49.547: %TRANSCEIVER-6-REMOVED: SIP0/3: Transceiver module removed from POS0/3/0<br /><br />*Mar 28 11:07:59.542: %TRANSCEIVER-6-INSERTED: SIP0/3: transceiver module inserted in POS0/3/0<br /><br />*Mar 28 11:08:01.160: %ASR1000_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/3/0 Transceiver Missing - Link Down<br /><br />*Mar 28 11:08:01.161: %ASR1000_RP_ALARM-6-INFO: ASSERT CRITICAL POS0/3/0 Physical Port Link Down<br /><br /><span style="color: yellow;">*Mar 28 11:08:01.124: %TRANSCEIVER-3-NOT_SUPPORTED: SIP0/3: Detected for transceiver module in POS0/3/0, module disabled</span><br /></pre><br /><br />Next the command is run:<br /><pre class="source">FW-LB-Rtr(config)#service un?<br /><br />% Unrecognized command<br /></pre>The above tells you that its hidden and won't come up under context help by typing a question mark.<br /><pre class="source">FW-LB-Rtr(config)#<span style="color: yellow;">service unsupported-transceiver</span></pre>You get a warning as shown below so be careful what you do or don't do:<br /><pre class="source">Warning: When Cisco determines that a fault or defect can be traced to<br /><br />the use of third-party transceivers installed by a customer or reseller,<br /><br />then, at Cisco's discretion, Cisco may withhold support under warranty or<br /><br />a Cisco support program. In the course of providing support for a Cisco<br /><br />networking product Cisco may require that the end user install Cisco<br /><br />transceivers if Cisco determines that removing third-party parts will<br /><br />assist Cisco in diagnosing the cause of a support issue.<br /><br /> <br /><br />FW-LB-Rtr(config)#<br /><br /></pre><br />and our interface came up<br /><pre class="source" style="color: yellow;">*Mar 28 12:28:36.354: %LINK-3-UPDOWN: SIP0/3: Interface POS0/3/0, changed state to up<br /><br />*Mar 28 12:28:37.372: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS0/3/0, changed state to up<br /></pre><div style="color: yellow;"><br /></div><a href="http://www.cciecandidate.com/?p=363">Please note the command is supported on some switches.</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6287246181553750778?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-69433318828036698382011-03-25T15:41:00.002+03:002011-03-25T15:55:22.978+03:00I have for a while now used <a href="http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator" target="_blank" title="Dynamips emulator">Dynamips</a>,<a href="http://www.dynagen.org/" target="_blank" title="Dynagen Console for Dynamips">Dynagen</a> and <a href="http://www.qemu.org/" target="_blank" title="Qemu emulator">Qemu </a>for emulating IOS and Junos. Dynamips as everyone thats tried using it is a huge resource hog and if not properly managed can be quite a pain to work with.<br /><br />For the troubleshooting exam, you need to load well over 20 routers and a few switches. While this can be done in isolation ie subsections of a lab done separately maybe with 5 routers max, I prefered getting a platform that allowed me to load them all up.<br /><br />I assume here that you are familiar with GNS3. If not please check out the link below:<br /><a href="http://www.gns3.net/documentation">http://www.gns3.net/documentation </a><br /><br />To get this working for me, I used GNS3 and a remote hypervisor. This sort of outsources the intensive processing to a powerful server and my laptop managed the frontend/topology.<br /><br />I used just one server but you can use many. On the server (I am using a server running Ubunu 10.10, 128GB memory and several processors), Do the following:<br /><br />Prepare the serverside environment and download Dynamips (make sure you get the proper version for your platform):<br /><pre class="source">root@scc-sfc-mgt-devsvr:/home/jgitau# mkdir dynamips<br />root@scc-sfc-mgt-devsvr:/home/jgitau# cd dynamips/<br />wget http://www.ipflow.utc.fr/dynamips/dynamips-0.2.8-RC2-amd64.bin<br /></pre>Create a folder for your IOS and a temporary folder to use as a working directory<br /><pre class="source">root@scc-sfc-mgt-devsvr:/home/jgitau/dynamips# mkdir ios<br />root@scc-sfc-mgt-devsvr:/home/jgitau/dynamips# mkdir tmp<br /></pre>Your folder should resemble something like:<br /><pre class="source">root@scc-sfc-mgt-devsvr:/home/jgitau/dynamips# ls<br />dynamips-0.2.8-RC2-amd64.bin dynamips_log.txt ios tmp<br /></pre>Place the IOS you'll be using in the IOS folder then start dynamips. Also ensure its networked duh! and can 'ping' your laptop/pc/whatever you run the GNS3 on.<br /><br />Next, start the dynamips engine:<br /><br /><i>Note on a server with multiple CPU's, it helps if you start several instances on different ports.</i><br /><pre class="source">root@scc-sfc-mgt-devsvr:/home/jgitau/dynamips# ./dynamips-0.2.8-RC2-amd64.bin -H 7201<br />Cisco Router Simulation Platform (version 0.2.8-RC2-amd64)<br />Copyright (c) 2005-2007 Christophe Fillot.<br />Build date: Oct 14 2007 10:46:52<br /><br />ILT: loaded table "mips64j" from cache.<br />ILT: loaded table "mips64e" from cache.<br />ILT: loaded table "ppc32j" from cache.<br />ILT: loaded table "ppc32e" from cache.<br />Hypervisor TCP control server started (port 7201).<br /><br /></pre><br />Next up, fire up GNS3 on your laptop, we'll create a 20 router topology for demo purposes. I am running GNS3 0.6.<br /><br /><pre class="source">- Click on Edit --&gt; Ios Images and Hypervisors <br /></pre>Navigate to "External Hypervisors" tab<br /><pre class="source">- Put in the host details , ensure the port matches the port you started on the server (7201).<br />- Put in the base UDP Port (10004), Base console (2000) and the working directory: /home/jgitau/dynamips/tmp <br /><i>(This is the folder you created on the server)</i><br />- save.<br /></pre>Next, Navigate to "IOS Images" tab.<br />Image file is the image location on your server, use whatever platform your IOS matches<br /><pre class="source">Image file: /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br />platform :7200<br /></pre>On your right, <br /><pre class="source">Unclick the "use Hypervisor manager"<br />save<br /></pre><br />Create a topology, I did the one showed on the image below, start up the lab, on the server side you'll see the routers loading up. Sort out the idle PC as usual. Monitor the CPU using top or htop. Sample output follows.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-KgqASF8yKfc/TYyLYwk_00I/AAAAAAAAAD4/VJ8K_YRvky8/s1600/gns3-sample.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="175" src="https://lh3.googleusercontent.com/-KgqASF8yKfc/TYyLYwk_00I/AAAAAAAAAD4/VJ8K_YRvky8/s320/gns3-sample.PNG" width="320" /></a></div><br /><br /><pre class="source">Loading ELF file '/home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin'...<br />ELF loading skipped, using a ghost RAM file.<br />ELF entry point: 0x80008000<br /><br />C7200 'QOA.PE.2': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.<br />CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.<br />C7200 instance 'QOA.PE.1' (id 19):<br /> VM Status : 0<br /> RAM size : 256 Mb<br /> IOMEM size : 0 Mb<br /> NVRAM size : 128 Kb<br /> NPE model : npe-400<br /> Midplane : vxr<br /> IOS image : /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br /><br />Loading ELF file '/home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin'...<br />ELF loading skipped, using a ghost RAM file.<br />ELF entry point: 0x80008000<br /><br />C7200 'QOA.PE.1': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.<br />CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.<br />C7200 instance 'KBW.P' (id 20):<br /> VM Status : 0<br /> RAM size : 256 Mb<br /> IOMEM size : 0 Mb<br /> NVRAM size : 128 Kb<br /> NPE model : npe-400<br /> Midplane : vxr<br /> IOS image : /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br /><br />Loading ELF file '/home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin'...<br />ELF loading skipped, using a ghost RAM file.<br />ELF entry point: 0x80008000<br /><br />C7200 'KBW.P': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.<br />CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.<br />C7200 instance 'SCC.RR' (id 21):<br /> VM Status : 0<br /> RAM size : 256 Mb<br /> IOMEM size : 0 Mb<br /> NVRAM size : 128 Kb<br /> NPE model : npe-400<br /> Midplane : vxr<br /> IOS image : /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br /><br />Loading ELF file '/home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin'...<br />ELF loading skipped, using a ghost RAM file.<br />ELF entry point: 0x80008000<br /><br />C7200 'SCC.RR': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.<br />CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.<br />C7200 instance 'MSA.P' (id 22):<br /> VM Status : 0<br /> RAM size : 256 Mb<br /> IOMEM size : 0 Mb<br /> NVRAM size : 128 Kb<br /> NPE model : npe-400<br /> Midplane : vxr<br /> IOS image : /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br /><br />Loading ELF file '/home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin'...<br />ELF loading skipped, using a ghost RAM file.<br />ELF entry point: 0x80008000<br /><br />C7200 'MSA.P': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.<br /></pre><br />The above shows a sample output you get on the server side.<br /><pre class="source">noc@scc-sfc-mgt-devsvr:~$ htop<br /></pre><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-tGclq1c7gvI/TYyLKWCi6zI/AAAAAAAAADw/4NP5gAiZ27U/s1600/gns3-sample2.PNG" imageanchor="1"><img border="0" height="175" src="http://2.bp.blogspot.com/-tGclq1c7gvI/TYyLKWCi6zI/AAAAAAAAADw/4NP5gAiZ27U/s320/gns3-sample2.PNG" width="320" /></a></div>Sample .net file:<br /><pre class="source">autostart = False<br />[192.168.13.2:7201]<br /> workingdir = /home/jgitau/dynamips/tmp<br /> udp = 10004<br /> [[7200]]<br /> image = /home/jgitau/dynamips/ios/c7200-p-mz.124-25d.bin<br /> ghostios = True<br /> sparsemem = True<br /> [[ROUTER MSA.PE.2]]<br /> console = 2046<br /> slot1 = PA-GE<br /> g1/0 = MSA.PE.1 g2/0<br /> slot2 = PA-GE<br /> g2/0 = MSA.P g4/0<br /> x = 874.788888605<br /> y = 753.254833996<br /> [[ROUTER SCC.MCE.2]]<br /> console = 2054<br /> slot1 = PA-GE<br /> g1/0 = SCC.MCE.1 g1/0<br /> slot2 = PA-GE<br /> g2/0 = SCC.PE.1 g1/0<br /> slot3 = PA-GE<br /> g3/0 = SCC.PE.2 g2/0<br /> x = -1235.54415588<br /> y = 811.297690046<br /> [[ROUTER EDT.PE.2]]<br /> console = 2065<br /> slot1 = PA-GE<br /> g1/0 = EDT.PE.1 g2/0<br /> slot2 = PA-GE<br /> g2/0 = SCC.P g6/0<br /> slot3 = PA-GE<br /> slot4 = PA-GE<br /> slot5 = PA-GE<br /> slot6 = PA-4E<br /> x = -1679.1445866<br /> y = -389.695526217<br /> [[ROUTER EDT.PE.1]]<br /> console = 2066<br /> slot1 = PA-8E<br /> e1/0 = NKU.P e6/0<br /> slot2 = PA-GE<br /> g2/0 = EDT.PE.2 g1/0<br /> slot3 = PA-GE<br /> slot4 = PA-GE<br /> slot5 = PA-GE<br /> slot6 = PA-4E<br /> x = -1506.61053199<br /> y = -389.695526217<br /> [[ROUTER SCC.MCE.1]]<br /> console = 2055<br /> slot1 = PA-GE<br /> g1/0 = SCC.MCE.2 g1/0<br /> slot2 = PA-GE<br /> g2/0 = SCC.PE.2 g1/0<br /> slot3 = PA-GE<br /> g3/0 = SCC.PE.1 g2/0<br /> x = -1499.27416998<br /> y = 810.611398545<br /> [[ROUTER SCC.P]]<br /> console = 2021<br /> f0/0 = QOA.P f0/0<br /> slot1 = PA-GE<br /> g1/0 = MSA.P g2/0<br /> slot2 = PA-GE<br /> g2/0 = NKU.P g1/0<br /> slot3 = PA-GE<br /> g3/0 = SCC.PE.2 g3/0<br /> slot4 = PA-GE<br /> g4/0 = QOA.PE.1 g2/0<br /> slot5 = PA-GE<br /> g5/0 = SCC.RR g1/0<br /> slot6 = PA-GE<br /> g6/0 = EDT.PE.2 g2/0<br /> x = -1260.55277785<br /> y = 323.885822331<br /></pre><br />- Note:<br />You can use as many servers as you want. technically the server side stuff can be a friends laptop when he's not using it. Since there's not much in the name of installation, a friendly systems admin can also 'allow' you to run this on a test server, it can also be done remotely. There's a clearer video I found showing the same thing here: <a href="http://www.brainbump.net/tutorials/gns3/multiplepcgns3topology.htm">http://www.brainbump.net/tutorials/gns3/multiplepcgns3topology.htm</a><br /><br />- The other upside is anyone I share this with on our network won't suffer CPU issues and can just focus on the simulations. It comes quite handy as a training tool as well since multiple hypervisors can be used. This particular server has at one point run 80 routers....(4 guys doing 20'something routers each) thats some serious steroids right there.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6943331882803669838?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-44105186773035204162011-03-23T01:21:00.007+03:002011-03-23T03:29:36.128+03:00Studying and time management: It's now a skill I should probably list on my CV alongside everything else I have in there.<br /><br />I wake up early. Sleep early. By early I mean depending on what's on my plate, don't be shocked to find me at my desk either in the office or the study at home at 3-4am. By 9 am on these days Im pretty much done with any pressing creative (hard focus work) and can 'trade' email or chat by the water cooler all day.<br /><br />Fact: the only thing that matters is the result. In the case of a ccie, a pass, in a competitive environment, no one wants to be number 2....I want to be at the top...ALWAYS...I want the gold, keep the silver....<br /><br />Life has never been fair, the path to success is not fair, its not linear, it's negotiable and it most definately changes. I know this, I have been lucky in some ways...very lucky actually .....<br /><br />I don't do facebook. I totally weaned off facebook during the last 3 months of my CCIE preparation. I might use it to market something in the future but it has no relevance whatsoever in my personal life. All my friends know how to reach me. I am checking out twitter. This doesn't mean you have to, I personally just couldnt handle the distraction.<br /><br />I like knowing well before hand whats expected of me for me to appropriately schedule it.I was brought up in a household that avoided ambiguity, yes no answers were common, you either did something or didn't.<br /><br />This is a big pain at my current workplace since a restructuring is taking place. Ad hoc requests and implied responsibilities tend to come up alot. I hate it. It frustrates me and my efforts towards effective time and other resource management.<br /><br />I don't measure my productivity with Hours worked. I prefer working with results. Your results are a direct reflection of the strategy you employ to get a certain grade or outcome.<br /><br />Avoid meaningless meetings, infact don't go for any meeting without an agenda. Wait for the minutes. If none come then it can't have been important. On the same note avoid people that bring negative energy to your life. If you can't eg they are your boss...learn to 'zone out' (a skill i don't have but wish I did - just in case:-))<br /><br />Almost all core concepts on the CCIE blueprint require 20 - 60 minutes of some serious focus including time spent lab'bing up simple scenarios before you 'get it' well enough to answer related questions or teach it. Which is why trying to rush through the material doesn't work very well. If you don't have a study plan that respects this need for the tasks, you are most likely destined for failure.<br /><br />Time management is a technical skill. There is a huge difference between technique and effort. Learn to schedule work then do it, dont make excuses, do not procrastinate, do the mental labour, don't focus on time, just get it done to get the most satisfactory result possible.<br /><br />IMHO hours spent on study and work are a terrible metric, to this end the 9-5 sort of job alot of people are into offers no appeal to me.&nbsp; I think compared to most people I do have a very flexible work schedule. Use the time saved to do things you love.<br /><br />Avoid transcribing, aim to understand. If listening to an on demand video on OSPF/bgp/etc, pause it occassionally to test the scenarios, don't try to take 'blind' notes. Even typing the commands and expected output on notepad if you have no access to routers/gns3/dynamips/dynagen helps more than taking notes as you listen and move along. so learn it like you are going to teach it, synthesize the material. break it down to its littlest pieces, then put it together again.<br /><br />In the end the point Im trying to make here is : counting hours is meaningless (It was for me) when it comes to studying. (On my first ccie attempt I kept a very detailed log of how long I spent studying for the exam - While the data is good to a statician, I didn't find it to be of any use). So the last time round I focused on learning the material and the concepts, got the knowledge ,acquired the skills until I felt ready. Do this and you might avoid landing yourself in a failure situation.<br /><br />If you are working on something else that requires 'some serious focus' alongside something like preparing for the CCIE, stop being silly, drop one. There's a high chance you'll miss out on both.<br /><br />Do not give up, especially if you have already spent well over $10K in personal dollars, Money spent on a CCIE can be a big incentive to working harder, to passing:-)....can also be quite frustrating......<br /><br />Lastly just have fun, relax enjoy the journey.....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4410518677303520416?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-5841500014730444182011-03-21T15:50:00.001+03:002011-03-21T15:55:55.139+03:00Every once in a while it happens that my TV is on while Im messing around on the laptop. One of the 'news' items on the last week was that one of the Telco's was launching a broadband service that would guarantee well over 8MegaBytes of data. huh! This was followed by the usual market speak....it will be super fast..yada yada yada!!!<br /><br />On the same note the papers have all sort's of <a href="http://www.youtube.com/watch?v=yTe3Zp7Z_Z8">G's</a> being advertised. 2G,2.5G,3G and next up for your consumption is 4G.....<br /><br />Sometimes the market speak can be quite hilarious, other times- not so much. On the<a href="http://lists.kictanet.or.ke/pipermail/kictanet/2011-March/011816.html"> Kictanet mailing list</a>, a search for complaints, promises, bandwidth, unlimited etc gives an indicator of the kind of confusion marketing a service purely on offered capacity and 'take home bits' without making an attempt at educating the consumer can create. The case linked above helped get out some very interesting issues.<br /><br />One I thing we (the industry) need to take a keen on is the fact that the more info consumers have, the easier it gets. Information on coverage,regional QOS (site to site latency/jitter) etc shoul d probably be availed. Customers should be allowed a forum to vent and networks use that as a honey pot of sorts. Do we support IPv6? provide the info before its asked for. Network engineers need to collaborate more.<br /><br />Managing customer expectations/interactions and the role of <a href="http://lists.kictanet.or.ke/pipermail/kictanet/2011-March/011816.html">CCK&nbsp;&nbsp;&nbsp;</a> as a consumer advocate is also not very clear.<br /><br />Considering ISP's have been there longer than traditional telco's in the data arena, its funny they still do not have a QOS policy for data. (I take that back, even if they had one I'm not too sure they can enforce it - they can try but ehhh)....It might turn out to be the old Jambonet 'block' all VOIP musical chairs with ISP's...somehow Jambonet used to be left standing....now those were good days!!! <br /><br />If I am in a coverage hole for 3G, am I right in accusing the vendor of poor service? what if my phone 'hops' from 3G to 2G, If on an unlimited data plan what gives, what is this downgrade my speed (bps) maneno? did I pay for a specific QOS? If I did how do I measure it? can the guy selling it to me even measure it? what of Wimax, LTE when it gets sold...?....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-584150001473044418?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-43624589515344081712011-03-17T20:28:00.001+03:002011-03-17T20:47:58.293+03:00<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh5.googleusercontent.com/-ZrBMcV59yTM/TYI8UgdMi_I/AAAAAAAAACA/0P0h84RFGOk/s1600/08092010151.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://lh5.googleusercontent.com/-ZrBMcV59yTM/TYI8UgdMi_I/AAAAAAAAACA/0P0h84RFGOk/s320/08092010151.jpg" width="320" /></a></div><br /><br /><br />My practice lab for the CCIE was made up of 3 x 3750, 1 3550 switches, 2 x 2821 routers , 2 x 2811 (one acted as a console - from the image thats the one with the green cables, 1 x 2851 router and three lower end routers to inject backbone routes. Just in case shit hit the fan, I had (still have) more than 1000 rack hours over at<a href="http://blog.ine.com/2010/12/08/graded-labs-ccie-rack-rental-session/"> graded labs</a>. <br /><br />For the troubleshooting scenarios, I got extremely lucky. Happened to have a Sun Fire X4470 Server, 128GB of memory and some extremely fast processors that allowed me to load well over 30 routers. Virtualizing would have got me more capacity. Dynamips and Dynagen took care of the rest. I didn't even have to meddle with the idlepc. So obviously I had more than enough equipment to get this done.<br /><br />*Being ready and having access to the right equipment and people clearly came out as one of the key factors if you expect to pass the ccie. Out of the 15 or so guys that sat the mobile lab, I think only my colleague and I passed which to me is very telling.<br /><br />*I have never paid <a href="http://www.micronicstraining.com/">Narbik </a>a single cent but for some reason he answered all my questions promptly - ON CHAT!....including after the lab when I had trouble accessing information on how to become a ccsi. So thanks for that...<br /><br />I had (still have about 1500hrs rented rack over at <a href="http://www.ine.com/">INE</a>) and the lab above was set up for the full INE R&amp;S topology. I also have to add that <a href="http://www.ine.com/rack-rentals.htm">INE/graded lab</a> racks are probably more advanced than any other commercial rack I ever tried (and I tried quite a number). My time zone (+3 GMT) allowed me to get excellent service/rack hours.<br /><br />Considering all the above, the only thing stopping me from taking the CCIE SP is the change in blueprint. <br /><br />To the physical devices above will be added some IOS-XR devices and I expect that to form the basis for future blogs if I'm not too lazy to post that here. I am yet to decide on a vendor vs self study for workbooks and how much 'noteput' to produce (I could do my own workbooks). IOS-XR is not very well covered, there's not many examples for various scenarios, neither is the CRS-1/ASR's and other high end devices that I might have access to....I would expect that to add value here in between my rambling...we'll see<br />!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4362458951534408171?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-73933431117330594122011-03-17T18:59:00.000+03:002011-03-17T18:59:43.906+03:00I think I have what I can only call "Post CCIE Syndrome": Symptoms include :<br /><br />- Sleeping early, getting up late, having breakfast without panicking because you seem to have forgotten under what circumstances a default route cannot be injected to different OSPF areas.<br />- Occassionally slapping your face to confirm 'its not a dream, the 8 hrs happened and you passed'.<br />- Somehow having time to go to the gym, say a smiling hello to the neighbors (who hated you for being a snob).<br />- General cheer and high energy levels - if you passed, low energy levels if you failed (Imagining that you'll go through it all again sucks).<br />- Having time for girls/boys/dogs/cycling/hiking....<br />- Wondering where all the money people say you get after a CCIE is...(My CCIE debts are astronomical). <br />- but the one that really gets me is how lazy I have become. Yesterday I watched day time TV (I swear I could feel some IQ points flying away as a consequence but who needs those for another week right:-))...<br /><br />**<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7393343111733059412?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-41754764330119096452011-03-11T02:38:00.000+03:002011-03-11T02:39:49.976+03:00ccie#28352<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4175476433011909645?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com3tag:blogger.com,1999:blog-8812919976949872507.post-2484266070413486362011-01-31T11:40:00.003+03:002011-01-31T11:42:33.453+03:00Closing some key gaps. From the blueprint i can pretty much tell I'll have issues with multicast primarily because I rarely work with those technologies.....for some very interesting issues from the INE workbook I curiously got stuck on a bgp (confederation) configuration that increased the time I took to do that lab by a whole 40 minutes....grr...oh well...on and on we go...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-248426607041348636?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-43773832651111168342011-01-23T09:32:00.003+03:002011-01-23T11:25:00.220+03:00Well it happened, our new core is fully functional. Lots of lessons learnt, most of them non technical. <br /><br />This migration was mainly breaking up the old Huawei mpls core and making all their P/PE's into CE's to the new core comprising of CRS-1's and 7609's. It went very smooothly.<br /><br />it seems the most annoying thing in this whole process is going to be mainly dealing with people. <br /><br />- due to the size and components involved, even my manager was not sure we could pull it off. Which creates interesting scenarios, all of them annoying time wasters. Im happy for them to waste the time they pay for, unfortunately this has started eating into my personal time and I dont think I can/will allow that <br /><br />- Other departments also need to be given the confidence that everything will work out and for us (my team) this (running/managing a network) is easier than a walk in the park - we have to watch out for thugs and other miscreants though. IP transformation needs to be understood as a process that takes time.<br /><br />- I hate project managers especially if they dont have a technical background, even worse if they are not willing to listen and happen to sign your paycheck.<br /><br />Next up of course there will be the usual setting up all the network monitoring systems, ensuring qos is well done, all this have been tested but we now have to confirm how it fares with live traffic.<br /><br />If you work for a telco and have had to deal with the ip transofmation process, Id be very interested to know how you handled peoples confidence levels in the process without going nuts!<br /><br />- the next four weeks are focused on my lab. and I feel like I've pretty much achieved what I wanted here. oh....from now on I am also scouting for contracts especially if they have anything to do with design/implementation and general IP transformation ....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4377383265111116834?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-74730871781918404842010-12-07T17:48:00.001+03:002010-12-07T17:50:28.430+03:00Well...big project done, some free time coming up, mobile lab right here at home:-)<br /><br />Lab Details<br />Lab Type Routing and Switching<br />Lab Date 07-MAR-11<br />Lab Location Nairobi<br /><br />I wish me well:-) <br />sleepless nights coming up....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7473087178191840484?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-74746090523646450822010-11-25T13:57:00.003+03:002010-11-25T14:16:43.310+03:00Sooo Im almost done with a very interesting project and wanted to share a little something on what happened when we wanted to monitor the optical interfaces.<br /><br />First off the core network has a bunch of CRS1's interconnected using 3 x 10G DWDM links to the rest of the network giving us what someone fondly called a 10Gig core, or 30 depending on how/what you calculate.<br /><br />Now the dwdm link characteristics are very important to ensure the deck of cards above it doesnt come crashing down. Some fiber was not very clean and you'd get parameters like:<br /><pre class="source"><br />RP/0/RP0/CPU0:xxxxxxx1#sh controllers dwdm 0/0/0/2<br />Thu Nov 25 14:10:16.303 EAT<br /><br />Port dwdm0/0/0/2<br /><br />Controller State: up<br /><br />Loopback: None<br /><br />G709 Status<br /><br /><br />OTU<br /> LOS = 0 LOF = 0 LOM = 0<br /> BDI = 0 IAE = 0 BIP = 0<br /> BEI = 0 TIM = 0<br /><br />ODU<br /> AIS = 0 BDI = 0 OCI = 0<br /> LCK = 0 BIP = 0 BEI = 0<br /> PTIM = 0 TIM = 0<br /><br />FEC Mode: Enhanced FEC(default)<br /> EC(current second) = 3217480 <span style="font-weight:bold;">EC = 602132861570 UC = 43432861570</span><br /> pre-FEC BER = 2.89E-4 Q = 3.42 Q Margin = 1.74<br /><br />Remote FEC Mode: Enhanced FEC<br /> FECMISMATCH = 0<br /><br />Detected Alarms: None<br />Asserted Alarms: None<br />Alarm Reporting Enabled for: LOS LOF LOM IAE OTU-BDI OTU-TIM OTU_SF_BER OTU_SD_BER ODU-AIS ODU-BDI OCI LCK PTIM ODU-TIM FECMISMATCH<br />BER Thresholds: OTU-SF = E-2 OTU-SD = E-5<br /><br />OTU TTI Sent String ASCII: Tx TTI Not Configured<br />OTU TTI Received String ASCII: Rx TTI Not Recieved<br />OTU TTI Expected String ASCII: Exp TTI Not Configured<br /><br />ODU TTI Sent String ASCII: Tx TTI Not Configured<br />ODU TTI Received String ASCII: Rx TTI Not Recieved<br />ODU TTI Expected String ASCII: Exp TTI Not Configured<br /><br />Optics Status<br /><br /> Optics Type: Cisco 10Gb DWDM<br /> Wavelength Info: C-Band, XXX ITU Channel=27, Frequency=1xx.80THz, Wavelength=1534.976nm<br /> TX Power = 4.45 dBm<br /> RX Power = <span style="font-weight:bold;">-10.90 dBm</span><br />TDC Info<br /><br /> TDC Not Supported on the Plim<br /><br /></pre><br /><br />So any way we needed a way to graph and send alerts based on output like that.<br /><br />IOS/XR's MIB's do not seem to have anything I could work with.<br /><br />*if you know the MIB/OID to get me TX/RX power,UC,EC and prefec values I'll be very grateful.<br /><br />*If you also happen to have an explanation on how to interpret the pre fec values eg:<br /><pre class="source"><br />pre-FEC BER = <span style="font-weight:bold;">2.89E-4 </span><br /></pre><br /><br />I'd also be very happy.<br /><br />Enter some scripts:<br />to get this info we used a combination of expect and perl.<br /><br />Basically we wrote a script that connects to each node and runs runs the command and dumps it on a text file. our perl-fu then comes on along and picks out the bits and pieces we need and dumps it on a database.<br /><br />Zabbix (our mrtg'like monitoring system) graphs those. A few other scripts send us sms and email alerts.<br /><br />Sample expect script:<br /><pre class="source"><br />set timeout 3<br />spawn /bin/bash<br />match_max 100000<br />send -- "telnet 192.168.1.1\r"<br />expect -exact "telnet 192.168.1.1\r<br />Trying 192.168.1.1...\r<br />Connected to 192.168.1.1.\r<br />Escape character is '^\]'.\r<br />\r<br />\r<br />User Access Verification\r<br />\r<br />Username: "<br />send -- "yadada\r"<br />expect -exact "durangor\r<br />Password: "<br />send -- "django\r"<br />expect -exact "\r<br />\r<br />RP/0/RP0/CPU0:xxxxxxxx1#"<br />send -- "show controllers dwdm 0/0/0/2"<br />expect -exact "show controllers dwdm 0/0/0/2"<br />send -- "\r"<br />send -- " exit\r"<br />send -- " "<br />expect eof<br /></pre><br /><br />its a simple one that one.<br /><pre class="source"><br />other helpful commands for graphing other things:<br />sh snmp mib object-name<br />sh snmp interface<br />sh snmp interface tenGigE 0/0/0/0 ifindex<br /></pre><br /><br />I am having alot of fun with IOS xr, the crs1 has some interesting features/utilities too....more on this later...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7474609052364645082?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-41144608572741107292010-11-21T15:33:00.002+03:002010-11-21T15:37:06.359+03:00sunday afternoon, nice sunny day re-running 'The Matrix'....while listening to the line with morpheus saying the matrix is all around us , it immediately jumped to mind and I completed the sentence, just like stupid people....<br /><br />the matrix is all around us, just like stupid people - <br /><br />* one of my biggest fears is that i become stupid or thick or......<br /><br />Gitau<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4114460857274110729?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-78692373684146222442010-11-11T18:33:00.011+03:002010-11-11T18:49:53.010+03:00Ahhh the folly of <a href="http://allafrica.com/stories/201011040048.html">road construction and fiber cuts</a>:-) while I totally thoroughly don't mind the infrastructure build going on in the country <a href="http://en.wikipedia.org/wiki/Kenya">(Kenya)</a>, the near total outages we're suffering due to <a href="http://www.kentv.net/index.php/kentv-news/1-latest-news/2953-nicked-fibre-optic-cable-cause-massive-outage-on-safaricom-network">fiber cuts</a> are raising very interesting questions....and halted some of my work:-)<br /><br />How do you build a redundant national fiber infrastructure?<br />how come the builders didn't know or allow for this sort of thing happening?<br />Is there room for new players?<br />whats my role in all this?<br />will the local counties benefit from this ? <br />and many many more<br /><br />so I drifted to <a href="http://en.wikisource.org/wiki/Moral_letters_to_Lucilius/Letter_22">Moral letters to Lucilius/Letter 22</a> mainly just to kill time and maybe get in touch with my inner self.....I basically have nothing to write today....but I felt I had to fill the space:-) no the letters and the fiber cuts are not related either:-)<br /><br />anyway interesting words from the moral letters:<br /><a href="http://en.wikisource.org/wiki/Moral_letters_to_Lucilius/Letter_22">11. My dear Lucilius; there are a few men whom slavery holds fast, but there are many more who hold fast to slavery.<br />12. But if you keep turning round and looking about, in order to see how much you may carry away with you, and how much money you may keep to equip yourself for the life of leisure, you will never find a way out. <span style="font-weight:bold;">No man can swim ashore and take his baggage with him</span>. </a><br /><br />*PS I read these letters during boring endless time suck's called meetings...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7869237368414622244?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-50712682569981017182010-11-08T10:40:00.010+03:002010-11-08T12:03:26.434+03:00When I started my career (8 years ago) in networking, life was easy. I worked at a startup and had alot of freedom to experiment. I did some sysadmin stuff, lots of networking stuff and life was great.<br /><br />Over that time something struck me as odd: when choosing for instance on what to run Bind, I had a choice of hardware, CPU's, memory and many many operating systems to chose from. This coupled with opensourse stuff meant we could run an ISP very cheaply with commodity hardware. I think we ran DNS on a regular Dell PC mounted on a shelf for the more than 3 yrs I worked there.<br /><br />What we sort of accepted without question was the networking gear. We'd call a vendor test their products and buy it in full. The hardware, processor/central logic manufacturer,operating systems -- everything was by the same company - in our case cisco. <br /><br />When I moved on to a mobile network, I noticed an uncanny similarity to this scenario with the GSM industry. Apple Android and other manufacturers have done alot to open up an industry that was shrouded in mystery. GSM products and specifically the core electronic components were as far as I know only done by a few companies: classic suppliers were Texas Instruments, ST/Ericsson, ADI/MediaTek), In neon, Freescal. <a href="http://laforge.gnumonks.org/papers/gsm_phone-anatomy-latest.pdf">Herald welte</a> has an excellent article on this. <br /><br />For each of the other things I needed to learn, there was always a simulator and cheap hardware to learn on. <a href="http://openbsc.osmocom.org/trac/">Openbsc</a> and<a href="http://bb.osmocom.org/trac/"> osmocombb</a> (I had lots of fun with this on a motorolla C117) really helped me 'kill some two months eaarly this year. I killed that phone, doubt it'll ever make another call though maybe I'll have some time to mess around with it. its definately my fault that it doesn't work, not the software. <br /><br />When I started on mobile data I used opensgsn extensively for testing the core network to verify flows without worrying about the access network,coupled with open bsc I could create very interesting test scenarios without worrying about the radio. It also made me sound quite clever while having discussions with the 'core' network guys.<br /><br />I saw the <a href="http://sourceforge.net/projects/ggsn/">openggsn</a> project is now back to life. I never played around with this. I was lucky to have actual hardware - Cisco + Huawei.<br /><br /><span style="font-weight:bold;">Where am I going with this and what does openflow have to do with it:</span><br /><br />Well I installed openflow over the last weekend after reading <a href="http://perspectives.mvdirona.com/2010/10/31/DatacenterNetworksAreInMyWay.aspx">James Hamilton 's Datacenter networks are in my way document</a>. I also have lots of hardware (PC's) to play around with. It addresses my earlier observation that in the networking world, it’s a vertically integrated stack and this slows innovation and artificially holds margins high. It’s a business model makes services unnecesarily expensive for everyone apart from the vendor and It lags behind in 'conforming to the rest of the pack ie servers and other general technology areas which are open.<br /><br />Enter <a href="http://www.openflowswitch.org/foswiki/bin/view/OpenFlow/Deployment/">http://www.openflowswitch.org</a><br /><br />The important thing for me is where this could lead to. Cheaper products, excellent learning platform (especially if cisco insist on making IOS inaccessible for educational purposes) and the ability to run networks on cheap hardware. Our small businesses require this. To this end I havt to also thank the folks running quagga,vyatta (I had to shift our entire NAT for millions of customers to Vyatta at some point - the free version) et all....I have had alot of fun...<br /><br />If interested, my openflow is currently on a standalone PC, next I'll play with multiple PC's, vmware and see where this wave leads to....all in all a very productive use of my free time...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5071268256998101718?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-41924847397008660442010-11-05T10:18:00.004+03:002010-11-05T10:58:42.358+03:00Third world networker will be mixing it up at <a href="http://www.gvrc.or.ke/">The Safaricom Foundation and the Gender Violence Recovery Center (GVRC)</a> annual fundraising dinner this evening which will be at the Carnivore Grounds. <br /><br />The Foundation will be matching every shilling raised so I figure it's good use of my money. The foundations results are very visible so I try and support their projects whenever/howevre I can.<br /><br />why: because third world networker believes in a few things, he also tries to have a life outside the lab and office.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4192484739700866044?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-15029186951330069192010-11-04T08:27:00.002+03:002010-11-04T08:45:32.168+03:00It was during a discussion about the migration strategies for the R4/R99 and some LTE test gear that it was disclosed a new STP (Signalling transfer point) would be integrated at around the same time the new core would be coming 'live'. Some of the MPLS vendor's guys have not worked on a mobile core before so it's a learning experience for everyone.<br /><br />It got more interesting when a 'new' protocol SCTP was mentioned as being in extensive use. One of the guys is a new ccie and as you can imagine his TCP knowledge is still fresh in his mind. It thoroughly bewildered him why SCTP was even necessary in the first place. We white boarded quite a number of reasons with explanations (it makes it easier for the migration if we're all semi clueful of what's going on on the network) so we tend to stop 'everything' and explain alot.<br /><br />rfc2960 (http://www.ietf.org/rfc/rfc2960.txt) gives a very clear explanation. Please head over there to see why SCTP is necessary for some applications. <br /><br />I also expect alot more implementations and use of SCTP over the coming years.well at least I expect it at work. It has a mature socket API so writing applications for this is not a big problem for experienced and novice programmers who dont mind putting in some time. <br /><br />At work I've changed some apps to sctp to gain the 'multihomning advantage', other than that there's really nothing to get excited about. It's however good to have an idea that such a protocol exists, if nothing else, it makes for exciting 'beer' talk.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1502918695133006919?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-29453543468590201022010-11-03T02:26:00.003+03:002010-11-03T02:33:23.626+03:00So the final stages of our core modernization project have had me communicating in very funny acronym like terms: NRFU, FTS,NOS,SFP,XFP,DWDM,Lambda, etc etc add that to all the acronyms we go through for the ccie bgp,ospf,rip,lisp,trill -last two not really ccie stuff but our data center team has them rolling off their tongues too easilly lately and you've got a nice recipe for confusion. Regular project managers (the sort that only ask about time, money (when when when!)) have their own AFAIK,IMO,IMHO...I think we're slowly coming up with a new language....<br /><br />ok back to TS:-)<br />Gitau<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-2945354346859020102?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-7918346927170518312010-11-02T08:31:00.003+03:002010-11-02T08:38:29.362+03:00Well my written had expired, pursuing it (the ccie) was no longer fun -I have had more exciting projects this year- and other areas of my life were not keeping up with the extensive study required to get the ccie lab done.<br /><br />However: I find that there are now several good, quite good reasons with actual practical application to go back to it. So I re-took the written v4 -twice (I had underestimated and grossed over some topics! assembled an actual lab and I think Im in pretty good form to go for the lab now.<br /><br />And yes the main motivation is now a job swap or go independent. After this project Im working on (a huge major mobile core redesign/migration from the good old tdm to the IP wonders featureing a no small number of CRS-1's (P) and 7609's (PE)) - throw in multivendor CE's and the fun just never stops. I can only foresee boredom and trouble tickets after this :-( unless something changes within the organization (from structure to compensation policies).<br /><br />JGitau<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-791834692717051831?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-61322121196319132722010-08-11T12:01:00.003+03:002010-08-11T12:08:41.517+03:00The internet society is for 3 days sponsoring a conference :<br />The African Peering and Interconnection Forum: Unlocking Africa’s Regional Interconnection<br /><br />Now for most that know me, I started my career working for a startup ISP that has since grown way bigger than I had imagined. I also happen to have been around when we had to technically justify peering and answer questions like what is internet peering, why peer, how does it work etc etc...and finally the KIXP was set up.<br /><br />Im interestingly caught up in another transformation (IP/Buusiness transformation for a large telco). so see you there...<br /><br />I moved on quite a bit, but the opportunities to catch up with old friends is always welcome. <br /><br />http://www.isoc.org/isoc/conferences/africanforum2010/<br /><br />registration is still open, slides will be availed and live streaming is available here:<br />http://wavu.kixp.or.ke:8001/afpif<br /><br />IM conference Service and Email<br />================================<br /><br />(a) Those with jabber clients can join the AfPIF conference room,<br />afpif@conference.isoc.org.<br /><br />A list of jabber clients can be found at<br />http://www.jabber.org/software/clients.shtml<br /><br />(b) Those without can send their comments and/or queries to<br />mwangi@isoc.org, karen@isoc.org and morris@isoc.org<br /><br />Gitau<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6132212119631913272?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-3625025039873572742010-04-12T12:10:00.012+03:002010-04-12T12:30:09.782+03:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_pKL4NX69DFU/S8LnUuqLcrI/AAAAAAAAAA8/US2Zs8typvo/s1600/09042010094.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://2.bp.blogspot.com/_pKL4NX69DFU/S8LnUuqLcrI/AAAAAAAAAA8/US2Zs8typvo/s320/09042010094.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459180041634804402" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_pKL4NX69DFU/S8LnNPRuIcI/AAAAAAAAAA0/zgKvCQILVR8/s1600/09042010096.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_pKL4NX69DFU/S8LnNPRuIcI/AAAAAAAAAA0/zgKvCQILVR8/s320/09042010096.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459179912951636418" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_pKL4NX69DFU/S8Lmx5wzFSI/AAAAAAAAAAs/zPgSrWTNVrQ/s1600/09042010098.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_pKL4NX69DFU/S8Lmx5wzFSI/AAAAAAAAAAs/zPgSrWTNVrQ/s320/09042010098.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459179443319936290" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_pKL4NX69DFU/S8LmrBzv6tI/AAAAAAAAAAk/Pbl3zc3VtWI/s1600/09042010096.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_pKL4NX69DFU/S8LmrBzv6tI/AAAAAAAAAAk/Pbl3zc3VtWI/s320/09042010096.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459179325220711122" /></a><br /><br /><br />I have worked for the last 3 or so years now with the cisco GGSN/CSG aka CMX (Cisco Mobile Exchange) supporting gsm,gprs and UMTS on the 7613 platform.<br /><br />The old boxes were getting sort of old and tired, They also have the new ASR5000 (starent acquisition) that I believe to be by far more superior than what they were pushing.<br /><br />Anyway pending some decisions, cisco being the nice guys they are actually sent some brand new toys for me to test. Please see attached....this is going to be a great week:-) I get to lab up the entire topology and integrate the new toys:-) <br /><br />**<b>Last three images are the sami blades</b><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_pKL4NX69DFU/S8LlufoNJQI/AAAAAAAAAAc/Nmti_gIVLMA/s1600/09042010107.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_pKL4NX69DFU/S8LlufoNJQI/AAAAAAAAAAc/Nmti_gIVLMA/s320/09042010107.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459178285253338370" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_pKL4NX69DFU/S8Llj0D9_hI/AAAAAAAAAAU/jlH8FZK-OvI/s1600/09042010106.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://1.bp.blogspot.com/_pKL4NX69DFU/S8Llj0D9_hI/AAAAAAAAAAU/jlH8FZK-OvI/s320/09042010106.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459178101759933970" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_pKL4NX69DFU/S8LlaNmpSLI/AAAAAAAAAAM/pbHYeiOdQKI/s1600/09042010105.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="http://2.bp.blogspot.com/_pKL4NX69DFU/S8LlaNmpSLI/AAAAAAAAAAM/pbHYeiOdQKI/s320/09042010105.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5459177936817572018" /></a><br /><br />I also get to play around with the Cisco ASA 5580 with GTP inspection licence. Now this has been on my wish list for a while now. Swapping out the almost old firewalls for re-deployment will be easy. The fun is mainly in the higher number of supported interfaces and their capacity (10G), the gtp inspection will save our GGSN's quite alot of resources....oh well some photos (yes I opened them up to see what's in there).....<br /><br />I'll post a review of both next time.....<br />I have some requests for easy to understand terms when dealing with gsm/gprs/umts mobility....I'll see about that too...Its just so wide I don't know where to start so if you have some ideas please let me know....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-362502503987357274?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-56975219170322882942010-04-06T22:03:00.003+03:002010-04-06T22:21:59.993+03:00Every once in a while I remind myself to update this blog. Trouble is most of the material Im working on for the CCIE has been posted somewhere. So apart from having some sort of online diary to keep track of stuff, I rarely see sense in making posts. so I don't. I keep detailed notes though...<br /><br />I however realize that third world networkers can be about something else. How we do things here. I have been lucky to see/visit other networks for good enough comparisons. I can tell we are lagging behind in some areas .... I also happen to work on a large mobile network.<br /><br />I can make this about how we run networks a bit differently on a tighter budget to satisfy totally different customer needs. <br /><br />It can be about how we don't have a terrestial network to speak of and how we manage to get by. <br /><br />It can be about how since I set up my first network until late last year (8years now), all international traffic was on satellite.<br /><br />It can be about how a straight forward PCEF <==> pcrf<==>IN implementation can suddenly become complicated due to vendor use of proprietary protocols and how that has (a/no) place on tomorrows network.....<br /><br />It can be tips on how to scale a CSG to carry more traffic than what Cisco originally posted on their page. Or how the Huawei GGSN compares to the ASR 5000.<br /><br />It can be about me and what Im thinking about and all the cool stuff Im playing with...yes it can be about the ccie which is more a means to an end now....there just is no excitement....just need the digits to move on....cisco have made too many changes and contradictory remarks about this program its just tiring ... but i've worked too hard to stop now so.....lets see where this leads to....see you around<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5697521917032288294?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-73498851893696357252010-02-18T17:49:00.002+03:002010-02-18T17:52:27.717+03:00oh well...figured I have a few minutes to type up.....yes Im still on, if financials allow I think Im good to go in April .... I like that i can now pretty much book the lab with a week to spare, heck i can book flights,visa's before the lab if i wanted to:-) R&S seats are not as full as late last year... -- so I won't rush the booking (I have found booking the lab three months in advance to be some sort of motivator in itself in the past)....<br /><br />wish me well...<br /><br />jgitau<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7349885189369635725?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-62134837229059394982009-12-06T08:03:00.005+03:002009-12-06T08:36:33.296+03:00back when I started preparing for my ccip. the first exam and training I attended relevant to the certification was MPLS. it was an intense two week course and the instructor took almost a whole week on ATM/cell-mode/cell switching and generally telling us how important it was to fully understand ATM including popular hardware that supported it. Boy am I glad I paid attention, and that course is paying up big time.<br /><br />Today I find myself in an interesting position. My employer is jumping headlong in the mpls bandwagon at the core (various departments run mpls for their own little' networks:-))...being a telco you can imagine the fear the 'old school' C7/ss7/ATM legacy type switching guys bring to our meetings. If any one there has gone through this transitions please tell me how you went about re-assuring them that apart from some added complexities:-) life moves on.....<br /><br />either way Africa and some parts of Asia will probably be the last frontier for any vendor that hasn't managed to penetrate the US and european markets at the core. We have them all cisco,juniper,Huawei,alcatel,ECI etc etc to evaluate..some make it very easy to knock off...I can see at least 3 that will require a little bit of work..<br /><br />Either way the traditional telco vendor's with their closed model of working centered around the operators is definately coming to an end. The focus is slowly turning to the customer/employee and their needs....fun fun stuff...oh I also see a post on a similar issue over at http://networkers-online.com/blog/2009/12/cisco-or-juniper-which-one-should-i-choose/<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6213483722905939498?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com2tag:blogger.com,1999:blog-8812919976949872507.post-71575471500313480232009-12-02T08:30:00.004+03:002009-12-02T09:07:51.298+03:00So after the lab, I had to come back to work, all my pending projects, any pending school work, my neglected girlfriend all had to be caught up with and told that it's not over yet. <br /><br />The girlfriend and other friends were very understanding, my bank statement and employer tended to disagree. So im catching up on projects now till January. <br /><br />Im in the middle of interesting/challenging projects. Some are fun like implementing a multivendor mpls core (Huawei/Cisco) first in a test environment and later on our main network. (I'll probably post a list of all relevant commands later). Huawei is becoming an interesting 'partner' for african networks. Im also in an interesting bet with a friend on the future of Wimax with LTE hot on its heels. Im making notes elsewhere but will share once i migrate to my own website some time in the future.<br /><br />the guys at Internetwork expert have me covered on the training and in January the plan is to take a full bootcamp to sort out the the troubleshooting for the R&S ccie.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7157547150031348023?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-10460802585242938472009-12-02T08:13:00.005+03:002009-12-02T08:22:02.243+03:00So I went out to brussels took the lab and was immediately humbled by the experience. Everything was falling into place very well until the last 3 hours of the lab when I discovered a 'fatal' mistake made immediately after lunch. I have a few tips after that experience. All have been mentioned, Im just stressing their importance:<br /><br />1: read the entire lab before you type a single command.<br />2: verify after each section. This turned out to be most important for me.<br />3: The OEQ's are a no brainer, at least for me I didn't see anything out of this world. <br /><br />So its the troubleshooting section for the new format that has me a bit jittery. <br /><br />I picked on the ones that really affected me. I currently feel like Gollum/Smeagol, we want my precious ring 'back':-) will take the 4.0 R&S (for everyone that i had told Im moving out CCIE SP, that will have to come after RS, i've invested too much on this to give up now:-)...<br /><br />see you around....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1046080258524293847?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-69260379894824472802009-05-11T14:29:00.003+03:002009-05-11T14:53:47.723+03:00so after the mandatory 72 Hr wait I get to know whether my two years of toil paid up. I say this because I can't book a lab till the results are posted....otherwise I passed.... And that has to be one of the most challenging 2+ hrs sitting for an exam ever...can't wait for an 8hr lab...though at least i can now concentrate on the lab, first i'll take an assessor from cisco, then map out a plan.<br /><br />I can only imagine what I'll fell like after passing the lab... The race to actually get a lab slot by October is on, Im pretty sure most if not all are taken.<br /><br />Things i hated about the exam:<br />- can't go back to previous questions...arghhhh...<br />- OSPF and multicast really had me at a corner. I spent too much time on those areas for my comfort.<br />- I woke up late, didn't have breakfast and I was not even allowed to chew gum during the exam:-)<br /><br />My wish list:<br />- that for the full lab fee, I get to do the open ended qustions from home (prometric)and not have to travel so far.<br />- that i get a lab slot in Dubai or brussels before Oct 18.<br /><br />oh well...let me go for lunch....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-6926037989482447280?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-41532135795450374232009-04-15T09:56:00.004+03:002009-04-15T10:12:10.856+03:00<pre><br />ignorance more frequently begets confidence than does knowledge: it is those who<br />know little, not those who know much, who so positively assert that this or that<br />problem will never be solved by science.<br /><br /><a href="http://en.wikiquote.org/wiki/Charles_Darwin#The_Descent_of_Man_.281871.29">charles darwin - the descent of man</a><br /></pre><br /><br />so just in case I ever wonder - in the future of course- why i havent updated this blog for such a long time:<br /><br />well for starters studying for the ccie reminded me of how little I know - seriously - Im not being modest, I've worked in this field for close to 5 years and I think i've learnt more this year than any experience ever taught me - the professional certs helped but the RS material just blew it up, expanded it to greater horizons, a different cloud..., I just hope in the future I'll be able to put all this knowledge on a network - bring it to life so to say -......either way its mine and Im happy with my progress so far.... Aaanyhow... having to sit for other exams doesn't help much either. Either way my head is i believe well above water - eyes are waterly from lack of sleep- and Im beginning to suspect the ratio of coffee to blood in my veins is skewed.....ohh and dont forget the easter beer:-)<br /><br />I doubt another post will show up till mid may. by then i should be done with all my exams including the written ccie .... (mainly to renew my ccnp/ccip) and hopefully start getting ready for the lab later this year...or very early next year....cheerszz<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4153213579545037423?l=third-world-networker.blogspot.com' alt='' /></div>JGitaunoreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-77480791176233530762009-03-16T22:52:00.008+03:002009-03-17T00:15:36.326+03:00<a href="http://www.rfc-editor.org/rfc/rfc4443.txt">ICMPv6</a><br />ICMP for IPv6 is identified by a header value of 58 in the IPv6 next header field. ICMPv6 is used to report errors and perform internet layer functions eg ping for diagnostics. It's the base protocol for IPv6 and has to be fully implemented and understood by aspiring engineers.<br /><br />Diagram used for this article is:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_wf6GLfVwdjk/Sb6wjmLYwTI/AAAAAAAAAAk/UL-0yLeLXdk/s1600-h/IPv6.png"><img style="cursor: pointer; width: 320px; height: 58px;" src="http://3.bp.blogspot.com/_wf6GLfVwdjk/Sb6wjmLYwTI/AAAAAAAAAAk/UL-0yLeLXdk/s320/IPv6.png" alt="" id="BLOGGER_PHOTO_ID_5313878735933980978" border="0" /></a><br /><br />IPv6 Neighbor discovery and unicast routing.<br /><br />Unicast routing is off by default, remember to enable it to allow ICMpv6 neighbor discovery that replaces ARP.<br /><pre class="source"><br />Router0(config)#ipv6 unicast-routing<br />Router0(config)#int f0/0<br />Router0(config-if)#ipv6 enable<br />Router0(config-if)#no shutdown<br /><br />Router0#sh int f0/0<br />FastEthernet0/0 is up, line protocol is up<br />Hardware is AmdFE, address is cc00.1368.0000 (bia <span style="color: rgb(255, 153, 102);">cc00.1368.0000</span>)<br /><br />Router0#sh ipv6 interface fastEthernet 0/0<br />FastEthernet0/0 is up, line protocol is up<br />IPv6 is enabled, link-local address is <span style="color: rgb(255, 255, 102);">FE80::CE00:13FF:FE68:0</span><br />No global unicast address is configured<br />Joined group address(es):<br />FF02::1<br />FF02::1:FF68:0<br />MTU is 1500 bytes<br />ICMP error messages limited to one every 100 milliseconds<br />ICMP redirects are enabled<br />ND DAD is enabled, number of DAD attempts: 1<br />ND reachable time is 30000 milliseconds<br /><br />Router0#ping FE80::CE01:13FF:FE68:0<br />Output Interface: FastEthernet0/0<br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to FE80::CE01:13FF:FE68:0, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 8/40/164 ms<br /></pre><br />note the expanded 0's (zeroes below), they mean the same thing.<br /><pre class="source"><br />Router0#ping FE80:0000:0000:0000:CE01:13FF:FE68:0<br />Output Interface: FastEthernet0/0<br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to FE80::CE01:13FF:FE68:0, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 12/32/96 ms<br /></pre><br />note similar commands have to be run on router 1.<br />Now lets take some debug to observe this process of enabling th elink local address, but first cover a few basics:<br /><ul><li>IPv6 host adresses are generated from interface mac addresses. from the previouse post (partI), mac addresses are 48 bits and need conversion to 64bit to make a EUI-64 address.</li><li>ICMPv6 Neighbor discovery is used to resolve layer 3 address to Layer 2 address. in case of ethernet, that would be a mac address to an IP address, or frame relay dlci to an address, or pvc to an ip address etc etc...</li><li>This is not necessary for point to point links. the router knows that any traffic resolving/recursing to the interface based on the routing table will use whatever layer 2 circuit is assigned to the circuit.</li><li>no inverse neighbor discovery yet. so all routes should be mapped incase of frame relay (frame relay map ipv6).</li></ul>ICMPv6 replaces IPV4 ARP for neighbor discovery.<br /><ol><li> Solicitations - asking other neighbors for info.</li></ol><ul><li>Neighbor Solicitations - By any general hosts eg desktops and other hosts.</li><li>Router Solicitations - Devices routing IPV6 eg a default gateway. eg router to router segments.</li><li>Used to decide what the remote L2 address is of hosts and routers. The two types are there because there is additional info apart from the L2 address. eg routers can tell hosts the network prefix - this way a host just needs to enable IPV6, start sending neighbor solicitations to find out the neighbor, and router solicitation to find out the routers. The router sends back the network bit and the host - stateless autoconfiguration is built into ipv6 protocol stack.</li></ul><ol><li>Advertisements - sending informations.</li></ol><ul><li><blockquote></blockquote><br /></li></ul><ul><li>Neighbor advertisements</li><li>Router Advertisemens.<br /></li></ul>debug ipv6 packets and ipv6nd<br /><pre class="source">Router0(config)#<br /></pre><pre class="source">ICMPv6: Received ICMPv6 packet from ::, type 135<br />ICMPv6: Received ICMPv6 packet from FE80::CE00:13FF:FE68:0, type 136<br />ICMPv6-ND: Sending <span style="color: rgb(255, 255, 102); font-weight: bold;">NS</span><span style="font-weight: bold;"> </span>for FE80::CE01:16FF:FE0C:0 on FastEthernet0/0<br /><span style="color: rgb(255, 255, 102);">!note the NS (neighbor solicitation) this is basically like asking' can I use this address?"</span><br />IPV6: source :: (local)<br />dest FF02::1:FF0C:0 (FastEthernet0/0)<br /><span style="color: rgb(255, 255, 102);">!<span style="font-weight: bold; font-style: italic;">solicited node multicast</span> address...used for duplicate address detection (DAD). ie essentially we ask 'is anyone using this address? in the segment.)</span><br />traffic class 224, flow 0x0, len 64+16, prot 58, hops 255, originating<br />IPv6: Sending on FastEthernet0/0<br />ICMPv6-ND: DAD: FE80::CE01:16FF:FE0C:0 is <span style="color: rgb(255, 255, 102);">unique.</span><br /><br /><span style="color: rgb(255, 255, 102);">!Note chances of having a conflict are rare in this case since the address is derived from your mac address.and ICMPv6 acknowledges that the address is indeed unique.</span><br /><br />ICMPv6-ND: Sending <span style="color: rgb(255, 255, 102); font-weight: bold;">NA</span> for FE80::CE01:16FF:FE0C:0 on FastEthernet0/0<br /><span style="color: rgb(255, 255, 102);">!next we are advertising that we're an IPV6 neighbor with the address above.</span><br /><br />IPV6: source FE80::CE01:16FF:FE0C:0 (local)<br />dest FF02::1 (FastEthernet0/0)<br />traffic class 224, flow 0x0, len 72+8, prot 58, hops 255, originating<br />IPv6: Sending on FastEthernet0/0<br />ICMPv6-<span style="font-weight: bold; color: rgb(255, 255, 102);">ND</span>: Address FE80::CE01:16FF:FE0C:0/0 is up on FastEthernet0/0<br /><br />Router0(config)#<br />ICMPv6-ND: <span style="color: rgb(255, 255, 102);"><span style="font-weight: bold;">Sending </span>RA </span>to FF02::1 on FastEthernet0/0<br />ICMPv6-ND: MTU = 1500<br />IPV6: source FE80::CE00:16FF:FE0C:0 (local)<br />dest FF02::1 (FastEthernet0/0)<br />traffic class 224, flow 0x0, len 72+1428, prot 58, hops 255, originating<br />IPv6: Sending on FastEthernet0/0<br /></pre><br />Here - above- R0 sends then sends out an RA - router advertisement<br /><pre class="source"><br />ICMPv6: Received ICMPv6 packet from FE80::CE01:16FF:FE0C:0, type 134<br />ICMPv6-ND: <span style="font-weight: bold;">Received </span><span style="font-weight: bold; color: rgb(255, 255, 102);">RA</span> from FE80::CE01:16FF:FE0C:0 on FastEthernet0/0</pre>and receives an advertisement from R1. Please note no network addresses are set yet, so what you receive is the routers link local address.<br /><pre class="source">Router0#show ipv6 neighbors<br />IPv6 Address Age Link-layer Addr State Interface<br />FE80::CE01:16FF:FE0C:0 0 cc01.160c.0000 REACH Fa0/</pre>note the routers above only have link local processing<br /><br />other commands that show output for different IP versions:<br /><pre class="source">Router0#sh ipv6 int brief<br />FastEthernet0/0 [up/up]<br /> FE80::CE00:16FF:FE0C:0<br /><br /><span style="color: rgb(255, 255, 102);">!shows the link local addresses on our interfaces.</span><br /><br />Router0#sh ip int br<br />Interface IP-Address OK? Method Status Protocol<br />FastEthernet0/0 1.1.1.1 YES manual up up<br /><pre class="source"><br />Router0#sh arp<br />Protocol Address Age (min) Hardware Addr Type Interface<br />Internet 1.1.1.1 - cc00.160c.0000 ARPA FastEthernet0/0<br /><br />Router0#sh ipv6 neighbors<br />IPv6 Address Age Link-layer Addr State Interface<br />FE80::CE01:16FF:FE0C:0 2 cc01.160c.0000 STALE Fa0/0<br /></pre>Router0#sh ipv6 route<br /><pre class="source">IPv6 Routing Table - 2 entries<br />Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP<br /> U - Per-user Static route<br /> I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary<br /> O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2<br /> ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2<br />L FE80::/10 [0/0]<br /> via ::, Null0<br />L FF00::/8 [0/0]<br /> via ::, Null0<br /><span style="color: rgb(255, 255, 102);">!note the Null0, this is because the traffic is local (remember this are not global addresses yet).</span><br /> FE80::/10 is the entire range of link local addresses.<br /><br />Router0#sh ip route<br />Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br /> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br /> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br /> E1 - OSPF external type 1, E2 - OSPF external type 2<br /> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br /> ia - IS-IS inter area, * - candidate default, U - per-user static route<br /> o - ODR, P - periodic downloaded static route<br /><br />Gateway of last resort is not set<br /><br /> 1.0.0.0/24 is subnetted, 1 subnets<br />C 1.1.1.0 is directly connected, FastEthernet0/0<br /><br /></pre>Router0#sh ipv6 int<br /><pre class="source">FastEthernet0/0 is up, line protocol is up<br />IPv6 is enabled, link-local address is FE80::CE00:16FF:FE0C:0<br />No global unicast address is configured<br />Joined group address(es):<br /> <span style="color: rgb(255, 153, 0);">FF02::1</span><br /><span style="color: rgb(255, 255, 153);">!all host multicast, this is where the advertisements are sent to for autoconfiguration.</span><br /> FF02::2<br /> FF02::1:FF0C:0<br />MTU is 1500 bytes<br />ICMP error messages limited to one every 100 milliseconds<br />ICMP redirects are enabled<br />ND DAD is enabled, number of DAD attempts: 1<br />ND reachable time is 30000 milliseconds<br />ND advertised reachable time is 0 milliseconds<br />ND advertised retransmit interval is 0 milliseconds<br />ND router advertisements are sent every 200 seconds<br />ND router advertisements live for 1800 seconds<br />Hosts use stateless autoconfig for addresses.<br /><br />Router0#sh ip int<br />FastEthernet0/0 is up, line protocol is up<br />Internet address is 1.1.1.1/24<br />Broadcast address is 255.255.255.255<br />Address determined by setup command<br />MTU is 1500 bytes<br />Helper address is not set<br />Directed broadcast forwarding is disabled<br />Outgoing access list is not set<br />Inbound access list is not set<br /></pre><span style="font-style: italic;">all other commands, telnet etc also work but you need to be specific. Is there get a way to make ipv6 default IPversion </span><br /><br />another question:<br />can you disable IPv4 processing and only have IPV6 processing on a router?<br /><br /><br />Interesting question came up during this writing:<br /><span style="color: rgb(255, 153, 102); font-style: italic;">can you disable IPv4 processing and only have IPV6 processing on a router?</span><br /><br /><br /><br /><br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7748079117623353076?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-19763114133577450162009-03-16T12:27:00.002+03:002009-03-16T22:18:12.540+03:00From RFC2460, the following information jumps out at you immediately:<br /><br />- IPv6 is supposedly a succesor to IPv4 (RFC 791). It's uptake (at least in kenya) is a bit discouraging though I get the feeling this will be forced on networks when V4 resources run out.<br />-Expands the address size from 32 to 128 bits supporting more levels of addressing, more addressable nodes and autoconfiguration. Multicast routing is scaled by using 'scope' and a new address called anycast is defined.<br />-Header format is simplified to make the packet handling better and limit bandwidth costs.<br />-Improved support for extensions and other improvements. IPv6 has less stringent limits on length of options.<br />-another key thing is extension support for authentication and other privacy measures eg confidentiality and integrity can be extended on the header.<br />-flow labelling capability takes qos to a whole /nother level. eg you can label a flow for which the sender requests special handling eg real time traffic.<br /><br />IPv6 Header Format as seen on the<a href="http://www.faqs.org/rfcs/rfc2460.html"> rfc</a> - modified by my notes:<br /><pre><br /> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<br /> |Version-4bits|Traffic Class| Flow Label |<br /> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<br /> | Payload Length | Next Header | Hop Limit |<br /> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<br /> | |<br /> + +<br /> | |<br /> + Source Address +<br /> | |<br /> + +<br /> | |<br /> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<br /> | |<br /> + +<br /> | |<br /> + Destination Address +<br /> | |<br /> + +<br /> | |<br /> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<br /></pre>Extension headers:<br />Optional information is encoded in separate headers placed between the IPv6 header and the upper layer header. this have to be identified by a distinct header value.<br /><ul><li>Headers are not processed until they reach the destination/s. As such a node has to process extension headers strictly in the order they appear in the packet.</li><li>if the hop-by-hop header , which must be immeadeately following the IPv6 header is present, then it will be processed by all nodes. its presence is indicated by a value zero (0) in the next field header.</li><li>ICMP code 1 is sent to a sender if a parameter is not understood ie unrecognized. the same is apparently sent to a packet originator if a value zero is found on any header other than the IPv6 header.</li><li>If more than one extension header is used, there's a specific order they should appear in. (please read the rfc) i definately don't expect this on an exam. However, IPv6 header, hop by hop options, Destination options, routing and fragmentation followed by authentication, encapsulation and security and a destinations headed then an upper layer header is what's listed.</li><li>Note the two destinations, one is the final destination and the other is the destination listed in the routing header. ie (once before a Routing header and once before the upper-layer header) That still does confuse me.</li><li>IPv6 will accept extension headers in any order apart from the hop-by-hop optiones one that has to follow the IPv6 header.</li><li>A destination header is not examined or processed until it reaches the node identified in the Destination Address field of the IPv6 header.</li><li>Note, the frgment header is just like in IPv4 used to send a packet larger than the path mtu. However this is only done by the source nodes not routers along the path. the value identifying it is 44.</li><li>each fragment will have an unfragmentable part, a fragment header and the fragment itself. The unfragmentable part has the payload length of the original v6 header changed to contain the fragmented packet length only, the fragment header id's the first header of the fragmentable header of the original packet. Then obviously the fragment lengths must have a resulting MTU of the path being taken to the destination.</li><li>For reassembly, the packets must have the same source &amp; destination address and fragment identification</li><li>note, the fragment header doesn't show up in the final reassembled packet.</li><li>IPv6 requires that the MTU on each link be either equal to or more than 1280 octets. and fragmentation and or reassembly must be procided by a layer below the IPv6.</li><li>its recommended that IPv6 nodes implement PMTU.</li><li>IPv4 ttl is renamed to hop-limit . this is because IPv6 nodes are not required to enforce a packets lifetime. applications curently relyin gon the internet layer for ttl purposes have to be upgraded to have a mechanism to detect and discard obsolete packets</li></ul>Im not generally a fan of RFC's but for topics I don't understand, I'd rather start from there and work out towards the actual configuration with some sound theories behind me...(there's the added fact that Im out of books budget and RFC's are pretty much the source of most info)<br /><br />further reading:<br /><pre><a href="http://www.faqs.org/rfcs/rfc2402.html">Authentication </a><br /><a href="http://www.faqs.org/rfcs/rfc2406.html">Encapsulating Security Payload</a><br /><br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-1976311413357745016?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-79213480312744883122009-03-10T20:39:00.007+03:002009-03-10T22:32:49.750+03:00<span style="font-weight: bold;">The Basics</span><br /><br />**Please go through <a href="http://www.faqs.org/rfcs/rfc2373.html"><span style="font-weight: bold;">rfc2373</span></a> in its entirety. Life will be much easier after that.<br /><br />Our learning topology is a simple: two routers just to show neighbor discovery: This will mainly be used on PartII and any others that follow.<br /><br /><br />Understanding IPv6 without using it is might not be easy, however playing around with it while planning a CCIE should set you on the right path.<br /><br />To get a proper grasp of IPv6, you need to understand:<br />- A link-local address, site-local and global IPv6 address.<br />- The loopback address (::1) for the loopback interface<br />- The multicast addresses of joined groups<br />- Number of bits on an IPv6 address (128 - bits, 16 bytes)<br /><br />Also very important, what is a modified EUI-address, its purpose and how its generated. I found it also very important to know and understand IEEE 802 addresses.<br /><br />Basics on MAC addressing:<br />The IEEE 802 address consist of 24 bit company identifier and a 24 bit extension ID. this is uniquely assigned and gives you a 48-bit address. This 48-bit address is also called the physical, hardware, or media access control (MAC) address.<br /><br />EUI-64 Addresses<br />This addressing extends the '24-bit' extension ID on a MAC address to 40 bits. The company/manufacturer ID is still left at 24-bits. This 64 bits are then used to identify the host/node. This is what is called a link local address. Routers do not forward this addresses.<br /><br />To convert a MAC address to an EUI address, I use the following method. Note this only gives us the link local address, in part 2 or 3 we'll discuss how the rest of the address is completed/generated....lets use an example:<br /><br />Host X has a MAC address of 12-34-56-78-90-12<br />on a router, this would be the burnt in address (bia) or the mac address.<br /><br />First we insert FFFE between the 3rd and 4th bytes ie between the vendor ID and extension ID which results to 12-34-5F-FF-E6-78-90-12/1234-5678-9012. You can easilly do this by slicing the address into two halves.<br /><br />Next take the first byte (two characters=1 byte) so in our case the first byte is 12 (note this is in hex) and convert it to binary - 0001 00<span style="font-weight: bold; color: rgb(255, 255, 102);">1</span>0.. Take the 7th most significant bit and flip it/or invert it, this gives 0001 00<span style="font-weight: bold; color: rgb(255, 255, 102);">0</span>0. Convert this back to hex and you get :<br /><span style="font-weight: bold;">10-34-5F-FF-E6-78-90-12</span><br />put this in proper notation for IPv6 and get:<br /><span style="font-weight: bold;">1034:56FF:FE78:9012</span><br /><br />In case you get hang up on wording<br /><br /><a href="http://en.wikipedia.org/wiki/MAC_address">The IEEE now considers </a>the label MAC-48 to be an obsolete term which was previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications and should not be used in the future. Instead, the term EUI-48 should be used for this purpose.<br /><br />references:<br /><a href="http://www.faqs.org/rfcs/rfc2373.html">RFC2373 - IP Version 6 Addressing Architecture</a><br /><a href="http://www.internetworkexpert.com/">My friend tells me most of what he learnt on IPv6 was solidified at an internetwork experts boot camp so go over to their site and grab some work book, have no idea which one in particular.</a><br /><br />Part II<br />IPv6 Neighbor Discovery:<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-7921348031274488312?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-43790854386576656202009-03-08T18:48:00.002+03:002009-03-08T18:55:59.040+03:00today is a dark dark day, last week was a bit of an anti climax for me, trying to sort things out so I can afford the LAB, figure out the best place to take it (down to brussels, India and or Dubai)... Im thinking some place I havent been and a sibling might be visiting India soon....so hmm why not India for the ccie?<br /><br />anyway''''my morale is pretty low today, I think its just the thought of getting up to go to work tomorrow, I'm actually starting to look at the CCIE as a means to just switch employers, and do something more intense, challenging...anyway.. cant concentrate much so re-running lord of the rings...hah I also went to an asian fruit market and bought a bunch of froots...., ahh yes also confirmed the order and hopeful delivery of a <a href="http://www.suuntowatches.com/Suunto-Triathlon-Pack.pro">triathlon kit</a> .<br /><br />Im done rumbling....oh yes also made payment for the written in April:-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-4379085438657665620?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-6503675056728994522009-03-03T16:06:00.002+03:002009-03-03T16:34:45.113+03:00So i tried to bring a csm/csg module up on another chassis. All modules, including the Supervisor Engine (if you have redundant Supervisor Engines),<br />support online insertion and removal (OIR). You can add, replace, or remove modules without interrupting the system power or causing other software<br />or interfaces to shut down. So no worries there. the colors changed as expected on the LED....then went off........<br /><pre class="source"><br />SUP1234#sh module 13<br />Mod Ports Card Type Model Serial No.<br />--- ----- -------------------------------------- ------------------ -----------<br />13 4 Content Services Gateway WS-SVC-CSG-1 SAD094906MP<br /><br />Mod MAC addresses Hw Fw Sw Status<br />--- ---------------------------------- ------ ------------ ------------ -------<br />13 0013.c39f.1270 to 0013.c39f.1277 1.5 Unknown Unknown <span style="color: rgb(255, 102, 102);"> PwrDown</span><br /><br />Mod Online Diag Status<br />---- -------------------<br />13 Not Applicable<br /><br /></pre><br />so from the above we can tell there's a problem. Hopefully not too serious.<br /><pre class="source"><br />SUP1234#hw-module module 13 reset<br />Proceed with reload of module?[confirm]<br />% module 13 is operationally off (<span style="color: rgb(255, 102, 102);">Module Failed SCP dnld</span>)<br /></pre><br />I only ever had this SCP dnld issue with MWAMS never a CSG/CSM module. I cant even trace back to a bug showing this as a problem...YET.<br />I tried to power it up manually:<br /><pre class="source"><br />SUP1234#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />SUP1234(config)#power enable module 13<br /></pre><br />still not shows up as failed SCP dnld....<br />so resetting the module with hw-module module 13 reset and power enable module 13 both fail to power up my module.<br />If this were an MWAM i'd assume something buggy, but this is a new module, granted the hardware is a bit newer than the other csg's..<br /><pre class="source"><br />Mod MAC addresses Hw Fw Sw Status<br />--- ---------------------------------- ------ ------------ ------------ -------<br />1 000f.342c.5318 to 000f.342c.531f <span style="color: rgb(255, 0, 0);">1.4</span> 3.1(3)C7(7) Ok<br />2 0011.93b4.5698 to 0011.93b4.569f <span style="color: rgb(255, 102, 102);">1.4 </span> 3.1(3)C7(7) Ok<br />3 0011.5c81.1e6c to 0011.5c81.1e9b 6.1 6.3(1) 8.5(0.46)RFW Ok<br />4 0011.5c81.157c to 0011.5c81.15ab 6.1 6.3(1) 8.5(0.46)RFW Ok<br />5 0001.c9dd.0f5e to 0001.c9dd.0f65 <span style="color: rgb(255, 0, 0);">1.4</span> 3.1(3)C7(7) Ok<br />6 0002.fcc1.f844 to 0002.fcc1.f84b <span style="color: rgb(255, 0, 0);">1.4</span> 3.1(3)C7(7) Ok<br />7 0016.46f9.0c58 to 0016.46f9.0c5b 5.3 8.4(2) 12.2(18)SXF7 Ok<br />8 0016.c85e.a958 to 0016.c85e.a95b 5.3 8.4(2) 12.2(18)SXF7 Ok<br />9 0001.c9de.32a0 to 0001.c9de.32a7 1.7 3.1(8) Ok<br />10 001b.53bc.b038 to 001b.53bc.b03f 6.1 7.2(1) 2.1(3.0) Ok<br />11 0011.92b7.c748 to 0011.92b7.c74f 4.0 7.2(1) 2.1(3.0) Ok<br />12 001d.70c4.fc14 to 001d.70c4.fc43 3.0 12.2(18r)S1 12.2(18)SXF7 Ok<br />13 0013.c39f.1270 to 0013.c39f.1277 <span style="color: rgb(255, 255, 102);">1.5 Unknown Unknown PwrDown</span><br /></pre><br />so check power:<br />I have enough power....and its the only one not working....Im out of slots on the chassis so I can't move it around....grrrr.....<br />I'll move it to a different chassis and see....maybe the module got 'corrupt' while being moved from one chassis to another ( i had it somewhere else before) and wanted to spice up my afternoon.<br /><br />anyone have a clue on this one? id be interested.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-650367505672899452?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com7tag:blogger.com,1999:blog-8812919976949872507.post-56974549647990532472009-03-03T10:43:00.002+03:002009-03-03T10:58:46.585+03:00looking at the <a href="http://blog.internetworkexpert.com/2008/11/29/rs-30-expanded-study-blueprint/">Expanded blueprint</a> by<a href="http://blog.internetworkexpert.com"> IE</a> , I think I understand why multicast is such a pain, I missed out on key areas.....Im re-doing/ re-reading most of th ematerial again.<br /><br />I could sit for the written any time now but until Im pretty sure of the lab payments there's no need to rush it for now, it how ever means I start preparing for the lab and ensuring nothing gets forgotten.<br /><br />I have recently renewed two professional certs and while that doesn;t guarantee my written pass all the reading i did after that should get me one...or very very close (its still an exam so I'll keep my fingers crossed:)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-5697454964799053247?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0tag:blogger.com,1999:blog-8812919976949872507.post-87696327708554280102009-02-27T14:45:00.004+03:002009-02-27T15:00:46.957+03:00after the csg/ggsn exploits, the better part of my week is freed up. I like it when I do something and the impact is felt almost immediately by customers, the feedback is quite refreshing.<br /><br />An assesor lab some time back showed me weak on IPv6, multicast and i need to polih up on L2 technologies.<br /><br />Either way I think Im still on track for the CCIE. time to start redirecting my finances towards this goal. This is probably going to be the most painful one since money is hard to come by.<br /><br />anyway,,...I was on the following links today for other reasons mainly work related, and since its slowly becoming clear that data center networking might be my next bread and butter:-)<br /><br />**Yes I had nowhere to book mark the pages and needed a quick reference point...:-)<br /><br /><a href="http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4_9xg/ggsn7_0/cfg/ggsnsa.html#wp1196779">Configuring Enhanced Service-Aware Billing</a> - on the ggsn ( i deal with mobility so ggsn's sgsn,s are sort of my main dish:-)<br /><a href="http://www.cisco.com/en/US/netsol/ns742/networking_solutions_program_category_home.html">Technical Resources for the Enterprise - Cisco Design Zone</a><br /><a href="http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fsolutions%2Fns340%2Fns414%2Fns742%2Fns743%2Fns758%2Fnetworking_solutions_products_genericcontent0900aecd806c3a8c.pdf&amp;pos=2&amp;strqueryid=1&amp;websessionid=g9veYupCHnp3jjzRhz3euH8">Data Center Assurance Program (DCAP) 3.0</a><br /><a href="http://www.cisco.com/en/US/docs/wireless/csg/7.1/installation/guide/csgiccmp.html">Protocol Compliance Statements for the CSG 3.1(3)C7(1)</a><br /><a href="http://www.cisco.com/en/US/docs/safe_harbor/data_center/DCAP5/DMM_Design_Guide_External.pdf">Cisco DCAP Data Mobility Manager (DMM) Design Guide (External)</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-8769632770855428010?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com1tag:blogger.com,1999:blog-8812919976949872507.post-3711835841585260892009-02-24T17:41:00.017+03:002009-02-24T18:37:50.180+03:00Today had me doing an MOP for some upgrades. This is for a cisco CMX running on a 7613 chassis. It assumes you plug in a CSG module on slot 13 and it doesn't have the right software installed but you have it on disk0 on the supervisor.<br /><br />Next I will show how to put it together with some ggsn's, configure and test billing for mobile users.<br /><br /><pre class="source"><br />CMX1#dir<br />Directory of disk0:/<br />5 -rw- 4736628 Jun 25 2008 02:33:06 +03:00 c6csg-apc.31-3.C7.7.bin<br /></pre><br />The above shows the image we want is in disk0<br />Now make the file above accessible via tftp as follows:<br /><pre class="source"><br />CMX1(config)#tftp-server bootflash: c6csg-apc.31-3.C7.7.bin<br /></pre><br />Now the file above can be reached and picked via tftp by the csg. Another alternative is to use our tftp server.<br /><pre class="source"><br />CMX1#session slot 13 processor 0<br /><br />The default escape character is Ctrl-^, then x.<br /><br />You can also type 'exit' at the remote prompt to end the session<br /><br />Trying 127.0.0.50 ... Open<br /><br />wwwwwwwwwwwwwwwwwwwwwwww<br /><br />www.C o n t e n t w<br /><br />www.S e r v i c e s w<br /><br />www.G a t e w a y w<br /><br />wwwwwwwwwwwwwwwwwwwwwwww<br /><br />CSG> dir<br /><br />usage<br /><br />upgrade slot0:|server-ip-addr filename<br /><br />ping ip-addr<br /><br />show ...<br /><br />copy coredump tftp|rcp ip-addr filename [rcp-user]<br /><br />capture [on|off]<br /><br />pktlog ...<br /><br />exit<br /><br />CSG> upgrade slot0: c6csg-apc.31-3.C7.7.bin<br /><br />Upgrading System Image 1<br /><br />CSG ExImage Nov 8 2007<br /><br />R/W| Reading:lam_ppc.bin..DONE Writing:lam_ppc.bin..DONE<br /><br />Read 13 files in download image. (13,0,0)<br /><br />Saving image state for image 1...done.<br /><br />CSG> exit<br /><br />Good Bye.<br /><br />[Connection to 127.0.0.10 closed by foreign host]<br /></pre><br />You should get output similar to the above.<br /><pre class="source"><br />CMX1# hw-module mod 13 reset<br /></pre><br />When the module comes up sh mod should give the output almost exactly like below:<br /><pre class="source"><br />CMX1#sh mod<br /><br />5 0001.c9dd.0f5e to 0001.c9dd.0f65 1.4 3.1(3)C7(7) Ok<br /></pre><br />That’s it your CSG is upgraded.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/8812919976949872507-371183584158526089?l=third-world-networker.blogspot.com' alt='' /></div>JGitauhttp://www.blogger.com/profile/12976825241919301510noreply@blogger.com0