Packet Pushers Podcast

We’ve done many podcasts now on Software Defined Whatever. Most of those shows are focused on diving deep into SDN technology and how protocols such as OpenFlow are meant to work. Let’s face it - this is fascinating stuff to a bunch of engineers. But over and beyond just being cool technology – SDN must solve a problem.

This show was recorded by Brent Salisbury at Open Networking Summit in April 2013 http://www.opennetsummit.org where he got a bunch of folks around a microphone to talk about OpenFlow/SDN and the progress being made in the organisations. Show topics How is OpenFlow progressing ? Open Daylight foundation and its inception. Is the future of OpenFlow assured and what it's role in the future ? Where are the applications for SDN in the market ? Evolved packet core for service providers even got a mention Show Guests Matt Davy - Talacc Net Ed Balas Matt Palmer - SDN Central Roy Chua -  SDN Central

This episode (re-)introduces Carl Moberg and dives into Tail-f’s Network Control System (NCS). We talk through the moving parts of Network Control System at a technical level and discuss why you should care about this product. If you have been interested in tools that do multivendor automation of the network then you will be interested in this discussion.

At Cisco Live 2013 in Orlando, Packet Pushers co-hosts Ethan Banks and Greg Ferro sat with Nexus 7000 champion Ron Fuller and network design expert Russ White to discuss how, when and why you might choose to deploy FabricPath, OTV, or LISP. In particular, we get into the specifics of what each protocol does, where they fit (and don't fit), and then how to make them work together. What's FabricPath? FabricPath is a Cisco-specific version of TRILL. FabricPath enables layer 2 multipathing, with all links in a forwarding state. It is a spanning-tree replacement. In general, the FabricPath use-case is that of inside the data center. What's OTV? Overlay Transport Virtualization is a Cisco technology available in certain line cards of the Nexus 7000 and ASR products. OTV extends layer 2 domains between two or more data centers. As many as ten sites in a single OTV domain are supported. OTV is a data center interconnect (DCI) technology. Many clever features are built into OTV to minimize traffic tromboning, topology loops, and single points of failure. What's LISP? Locator/ID Separation Protocol is a mapping protocol & tunneling service that allows individual addresses to be mobile without encumbering the global routing system. LISP tracks where a specific end-node address lives and tunnels traffic to it, transparently to the requestor. In the context of FabricPath and OTV, LISP can help maintain symmetric traffic flows when a layer 2 domain is split between data centers. LISP is available on many different Cisco platforms, and is being worked on by the IETF. In the show, we get into more detail about each of the three of these, and discuss how they fit together to form a cohesive network design, when your design includes layer 2 DCI with active/active data centers. LINKS Cisco FabricPath Cisco OTV Cisco LISP

It's the latest dudilicious episode of Healthy Paranoia! This time we'll be covering the topic of information sharing and analysis centers (ISAC), specifically in the research and educational networking sector, aka REN-ISAC. Joining Mrs. Y on this adventure into the land of dudeness is Wes Young, REN-ISAC Principal Security Engineer and Architect (El Duderino), Keith Lehigh, Lead Security Engineer from Indiana University (the Duder) and bromance expert and developer, Liam Randall. We'll explore subjects such as: The history of ISACs. The benefits of information sharing or crowdsourcing security. Which intelligence feeds are better: paid or free? Mrs. Y's bandwidth envy. Why mixing beer, zombies and lawyers is always a bad idea. As always, Healthy Paranoia is security-douchebag-free, a place where nerds run free and the dudes abide. Show Notes: REN-ISAC Security Event System The Collective Intelligence Framework (CIF) Collective Intelligence Community Farsight Security, formerly Internet Systems Consortium Security Information Exchange (ISC SIE) Intelligence Exchange in a Free Market Economy by Wes Young Presidential Decision Directive 63 and Homeland Security Presidential Directive 7 Anti-Phishing Working Group Assorted presentations on CIF

There are two proposals floating around that are trying to address BGP origination hijacks (aka Pakistan vs. YouTube): RPKI and DNSSEC-based system. Ivan Pepelnjak joins Greg Ferro to talk about what is means for Networking. This show was recorded in January 2013 and it’s been delayed publishing. Please accept my apologies. Show Links Opinionated background on the RPKI discussion >http://www.internetgovernance.org/2013/01/09/the-routing-security-battles-intensify/> (warning, heavily biased authors on this site. ) RIPE 65 Session List - https://ripe65.ripe.net/presentations/presentation-archive/ RPKI would effectively give control over route advertisement validation to regional registries (who are also allocating the address space these advertisements cover), while the alternative approach would rely on DNSSEC and/or CA infrastructure controlled by … (fill in the blanks). Also, this graph is interesting. Look who’s dragging their feet - http://certification-stats.ripe.net/ PROGRAMMABLEFLOW TECHNICAL DEEP DIVE This free webinar sponsored by NEC Corporation of America describes the benefits and technical details of ProgrammableFlow®, the first production-grade commercial implementation of an OpenFlow-based Software Defined Network with a controller and data center switches. http://www.ipspace.net/ProgrammableFlow_Technical_Deep_Dive

In this community show recorded at Cisco Live US 2013 in Orlando, Cooper Lees, Lauren Mahoit and Colin McNamara join Packet Pushers hosts Greg Ferro and Ethan Banks in a happy chat about the coming world of networking automation. We discuss the following high-level topics. Automation, orchestration and devops in the network is becoming an ever-bigger deal. We apply this in a Cisco context, getting into Cisco ONE and OpenStack, as well as SDN controllers. Commodity silicon vs. Cisco silicon and what that means for the automation movement, considering just how much silicon Cisco themselves are putting out there. The edge of the network is moving right out to servers in the form of soft switches in hypervisors and networking chips built onto motherboards. How is that impacting network design? How does a company that doesn't "get" SDN come to the point where they realize they need it? Underlay networks are still really, really important. The beauty of the consistency that comes with automation. Even when it's wrong, it's consistently wrong. And that's useful, because it gives you a direction to follow so that you can get it right. Consistently right. How does a network engineer get into coding if they've not been doing that?

At Cisco Live US 2013 in Orlando, Packet Pushers co-host Ethan Banks was joined by CCDE program manager Elaine Lopes, CiscoPress author Russ White who was closely involved with the CCDE program creation, quad-CCIE & CCDE Scott Morris, and CCIE & CCDE Jeremy Filliben who instructs a CCDE bootcamp. We discuss (what else) how to prepare for the Cisco Certified Design Expert certification. We recorded this as a video in the Learning @ Cisco Live booth in the CLUS Certifications Lounge. And let me tell you - it was HOT in that little room! With 5 guests crammed in there, plus the cameraman and gear, we were five baked potatoes by the time the session was over. BUT - what a great discussion about the CCDE program! The Packet Pushers thank the Cisco Learning Network for sharing the audio with us so that we could distribute it here. If CCDE interests you, have a listen to advice given by a group of outstanding guests who understand the philosophy of the CCDE program well. The CCDE is unlikely to be like any other certification track you've been down, assuming you came up through the ranks of CCNA, CCNP and CCIE. CCDE is a different animal, with a different approach, different testing methodology, and different ultimate goals for the candidate.

At Cisco Live US 2013, we were able to get together a nice group of folks to share their opinions on the announcements we found most interesting. You'll know some of them from Tech Field Day, an event Greg and I have been a part of several times. This show is good conversation with smart folks that we're sure you'll enjoy! Topics include the Cisco Nexus 7700, Nexus F3 module, NVT, VIRL, Catalyst 6800 and more. Here's a list of everyone that took part, in order of appearance. Ethan Banks @ecbanks Stephen Foskett @sfoskett Greg Ferro @etherealmind Jennifer Huber @jenniferlucille Darrel Clute @darrelclute Tom Hollingsworth @networkingnerd Bob McCouch @bobmccouch Chris Wahl @chriswahl

Ethan Banks and Greg Ferro are joined by Brent Salisbury for a discussion with Cisco's Nexus-geek-at-large Ron Fuller about a whole lot of things happening in the Cisco data center product line in this sponsored edition of the Packet Pushers Podcast. First up, we review the announcement from the previous Cisco Live (London 2013) about the Nexus 6K products. The 6001 & 6004 are non-blocking L3 10GbE & 40GbE switches designed to cram a lot of forwarding into a small form factor. That was sort of old news, but we thought it was worth bringing up for those that maybe hadn't noticed. After that, we got into a discussion of the new Cisco Nexus 7700 product line, hitting a rack near you in two form-factors: the 7710 (10-slot) or 7718 (18-slot). The 7700 features true front-to-back airflow and up to 1.3Tb per slot. That bandwidth is coming from new fabric cards that double-up the "Sacramento" fabric chips inside. We next talk through the new Nexus 7000 & 7700 F3 line cards coming in 40GbE and 100GbE flavors. The F3's offer a new ASIC that can do several different encapsulation types  right on the chip, and will be priced somewhere between the current F2 and M series line cards. Does that mean the M series cards will go away? Listen to find out. Nexus Validation Testing (NVT) might be the biggest news of Cisco Live US 2013, as far as we're concerned. NVT is a new software testing methodology where Cisco builds the sorts of topologies customers build, and then tests the sorts of configurations customers deploy. The idea is to put new NX-OS code through real-world scenarios. NVT failures will prevent NX-OS from shipping. We also talk about what NVT means for the Safe Harbor program. NX-OS 6.2 is the first code release to be put through NVT, and we get the details on a number of new features that are being included. Lots of good stuff here - listen to find out the details and availability date. Finally, we have a chinwag about the Network Analysis Module available for the Nexus 7K, the NAM-NX1. While you might expect panning and derision for taking up valuable chassis real-estate in a data center class switch with a services module, that doesn't seem to be the prevailing opinion. And not just because we're being nice. There's a clear use-case for the NAM-NX1. LINKS Nexus 6000 Data Sheets Nexus 7700 Models Nexus Validation Testing NAM-NX1 Data Sheet

Get ready for another nerdilicious episode of Healthy Paranoia featuring Andrew Case, digital forensics researcher and a core developer for the Volatility Framework. Liam Randall joins Mrs. Y. as they discuss topics such as: The difference between forensics and incident response. Malware analysis vs. reverse engineering. Why you should treat a compromised system like a leper flesh-eating zombie.* UPDATE: Andrew Case was just named "Digital Forensics Examiner of the Year" at this year's Forensics 4cast Awards. Show Notes: Forensicswiki.org Sleuth Kit and Autopsy Chaos Communication Congress RegRipper by Harlan Carvey Brian Carrier Registry Decoder Remnux Kali Linux (because Backtrack is so last year) Windows Forensics email list Volatility Labs Memory Forensics Training Defeating Windows Memory Forensics Joanna Rutkowska Malware Analysis: N00b to Ninja in 60 Minutes by Grecs FTK - Forensic Toolkit EnCase Cuckoo Sandbox F-Response *Someone was offended by my use of the term leper, because technically, leprosy isn't that infectious. Unless you happen to hang around gangs of armadillos.

In this show recorded in a small little room with a great big fan (which we were mostly able to edit out) in the "Meet the Expert" lounge at Cisco Live 2013 in Orlando, Packet Pushers Greg Ferro and Ethan Banks discuss Cisco's UCS Director product (formerly Cloupia) with folks from the UCS Director team. Before you yawn and tune out because you're not in a UCS shop, the first thing to know about UCS Director is that it's not just about Cisco UCS. UCS Director bring orchestration and automation not only to the UCS platform, but also to a variety of other products as well. If you knew of Cloupia before Cisco completed the acquisition, you might be skeptically saying, "Yeah, well...Cisco's going to kill all that non-Cisco product support now that they've gotten a hold of it." According to Joann Starke and Eric Charlesworth, that's just not the case. There's a long roadmap of non-Cisco product support coming, with plans to only broaden UCS Director's scope. We talk about that and several other things in this podcast. What does UCS Director do? Is UCS Director for orchestration, automation or both? From the perspective of a network engineer, what does UCS accomplish? How is QoS managed inside of a storage array? Let's talk about multi-vendor magic. How big of a shop is the right size to be considering UCS Director? UCS Director key features - have or have not the following: multi-tenancy, self-service, resource management? How to map high-level problems down to low-level realities. UCS Director's ability to react to events. Integrating UCS Director with Cisco's Intelligent Automation for Cloud (CIAC). LINKS Cisco's UCS Director Home Page

Cisco eXtensible Network Controller (XNC) can provide greater business agility, through a cost-effective, scalable, Software-Defined Network (SDN)-based approach to traffic monitoring. What is the XNC? What's it for? Comparing XNC Controller to OpenDaylight. What's the same? What's a value-add? What are the northbound capabilities of XNC? Southbound? Let's give some examples of what we can do with this controller. Apps: monitoring, transit selection, network slicing. What sort of network hardware is required to leverage XNC? What are some future use-cases? Clever things that might be possible with XNC & an SDN-capable network infrastructure on the scene? Cisco ONE Overview  (video): http://video.cisco.com/video/TechnologyTrends/ONE/TechnologyTrends/ONE/ (Video title: Advanced Flow Control) Overview on Monitor Manager (Video): http://video.cisco.com/video/TechnologyTrends/ONE/TechnologyTrends/ONE/ (Video Title: Increased traffic visibility with Cisco XNC) OpenDaylight - http://www.opendaylight.org

Guests Patrick Warichet Alain Fiocco @alainfiocco Andrew Yourtchenko @ayourtch Kumar Reddy @kumarreddy Show Notes You can follow the Cisco IPv6 Lab Team on Twitter at @cisco6lab “Happy Eyeballs” - RFC6555 - Happy Eyeballs: Success with Dual-Stack Hosts - http://tools.ietf.org/html/rfc6555 Test your IPv6 http://test-ipv6.com/ IPvFoo - https://code.google.com/p/ipvfoo/ 6lab.cisco.com/stats Sessions on Cisco Live 365 from Orlando, 2013. PNLCRS–2303, Experience deploying IPv6 BRKRST-2304 Hitchhiker's Guide to Troubleshooting IPv6 Sundry Links https://ripe66.ripe.net/presentations/114-RIPE-IPv6-only-Clients-RIPE.pdf http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/whitepaper_C11–721661.html MAP demo that we did for CiscoLive: http://www.youtube.com/watch?v=UQUK5nnqilA http://blogs.cisco.com/sp/real-world-demonstration-of-map-for-ipv6/

The hosts of the Speaking in Tech podcast join the Packet Pushers to discuss “not networking” just ahead of the Cisco Live conference. CLUS roving reporter Chris Wahl @chriswahl takes part in the melee. Dropping insults on ITIL and ITSM once again. Defining Software Defined Whatever because “My Other Software Defined is Your Mom” Software Definable Something is Software Definable How the workday overload is preventing Infrastructure from looking ahead at technologies that can build cloud-like infrastructure Considering IT Security as the driver for Enterprise Cloud Discussing Security as Business issue. Speaking in Tech Podcast @SpeakingInTech Greg Knieremen @Knieremen Ed Saipetch @edsai Engineers Unplugged http://www.youtube.com/engineersunplugged Amy Lewis @commsninja Disclosure: All of the attendees were sponsored in some form to attend Cisco Live 2013 (Amy Lewis is Cisco employee). Which is useful since we couldn't afford to make the trip on our own. Thanks to Cisco for their support. All opinions remain those of the people involved and in no way reflect their employers, sponsors or any other party.