From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer
Brief Me At Interop?
Want to brief me about your product or otherwise have a chat? Send an e-mail to while there's still room on my calendar. I

Planning A Physical Data Center Rack Cleanup

I’m part of a project that’s going to do some physical rack cleanup. As in, the cables are a mess, labeling isn’t consistent, power distribution isn’t quite what it should be, and it’s gotten to the point where doing maintenance on any of the hardware is tough. So, it’s time to tidy everything up. I’ve been a part of several of these kinds of projects before, and I’ve collected a bunch of data on how to approach it.

Read more

Scapple: The $15 Network Diagramming Tool?

According to the good folks at Literature & Latte, Scapple is…

an easy-to-use tool for getting ideas down as quickly as possible and making connections between them. It isn’t exactly mind-mapping software—it’s more like a freeform text editor that allows you to make notes anywhere on the page and to connect them using straight dotted lines or arrows. If you’ve ever scribbled down ideas all over a piece of paper and drawn lines between related thoughts,

Read more

How To: Simple Juniper SRX Rate-Limiting via Policer

I recently needed to configure rate-limiting on a Juniper SRX650 firewall’s 1GbE interface facing an ISP. The scenario was that the ISP allowed line rate traffic and billed at the 95th percentile of utilization. As long as 95th percentile was under the number of bps we were paying for, there was no excess charge. But that possibility of an excess charge was sort of annoying. How to provide ease of mind? Rate limit all traffic going through the 1GbE interfaces to the ISP.

Read more

My Home Lab, ESXi 5.5 Server Build, and The Logic Behind It All

Several folks have asked me about my home lab server build since I’ve tweeted a time or two about it. Here’s what I’ve built so far, and some of the logic behind my choices.

The Purpose Of My Lab

I am working on network virtualization, automation, and software defined networking tools. I need to work with a variety of hypervisors, virtual switches & routers, and virtual networking appliances. While I’ll have a few applications I’m running along the way,

Read more

Moving BIG-IP VE LAB Edition from VMware Fusion to ESXi 5.5

I moved my BIG-IP VE Lab Edition VM from VMware Fusion on my Mac over to VMware ESXi, now that I’ve built a full ESXi 5.5 host to lab with. Here are my notes, as it was overall easy enough, but I did it wrong the first time. Maybe I can save someone a little time. Or better yet, someone can respond in the comments with an even better way to accomplish this.

  1. VMware provides a vCenter Converter Standalone Client.

Read more

Junos SNMPv3 – Config Baseline for All OID Access Using USM with Authorization & Privacy

SNMPv3 is the successor to the more commonly deployed SNMPv2c. While the underlying structure of MIBs & OIDs are not impacted by v3, the way those objects are accessed are. While SNMPv2c offers read-only and read-write community strings (essentially passwords) to secure access to the device MIB, the data flow was in plaintext, easily readable by anyone in the data path with a sniffer. SNMPv3 offers a an authentication and encryption scheme that, should you so desire,

Read more

Juniper MX Baseline for 802.3ad, 802.1q, Bridge Domains, IRB, Routing Instance, + OSPF

junos-logoThis is documentation of a part of a Juniper MX router configuration that took me a bit time and reading to get working. I had a number of specific goals.

  • 802.3ad (LACP) to aggregate physical links between the MX router and uplinked switches. In the configuration below, you’ll notice I’ve only assigned one physical interface to the link bundle. The idea is that I can scale the configuration sideways with a minimum of effort by simply adding an additional interface to the aggregated link bundle.

Read more

Opengear IM4200 ‘Connection Refused’ on SSH to Ports 3001+

Opengear makes out-of-band management console servers with a great deal of flexibility. In essence, an Opengear box is a Linux machine with ports that can act in a variety of roles. Various models have various console port densities and specific functions.

I ran into an issue with an Opengear IM4216-34 running firmware 3.5.3u1 where the box would give me an immediate “connection refused” when attempting to SSH to ports 3001 and up after it had been working for weeks,

Read more

New Year’s Thoughts: Start With Documentation

This post is a simple challenge to all of us network engineers. Let’s document our networks better. By “better”, I mean more clearly, currently, and completely. And I will also make the case that new projects should not end with documentation. They should start with it.


I have frequently been in the position of inheriting networks from engineers that have moved on. My new manager and/or peers will share with me the documentation on hand,

Read more

How To Obtain & Install F5 BIG-IP VE Lab Edition

Eric Flores, community blogger at Packet Pushers, posted this gem about F5 dropping the price of the F5 BIG-IP Virtual Edition for lab license down to $95. In my opinion, F5 is the market leader in load-balancing appliances – what they call “application delivery controllers”. I’ve used F5 gear for many years now, and have a visceral attachment to the platform. F5 has been in the middle of some of my most frustrating moments in networking,

Read more

Arista Networks VM Tracer Connects Switches to vCenter & Automates VLAN Provisioning

Arista Networks sells low-latency, high-density, merchant-silicon based Ethernet switches that run a modular OS called Extensible Operating System (EOS). While the hardware is certainly commendable, I feel that software is Arista’s differentiator. From my network engineer’s perspective, EOS was built to make my life easier. The idea is that EOS can be used to get good information about the switch, processes, and traffic flowing through the switch easily. I have several hundred more pages of EOS manual reading to do before I feel competent to talk about EOS magic in much detail;

Read more

Worth Reading – RFC 7059, A Comparison of IPv6-over-IPv4 Tunnel Mechanisms

ietf-logoI don’t usually get excited about new RFCs. They come, they go, with varying degrees of relevance to my day to day networking world. But RFC 7059 is a little different. This informational RFC walks through IPv6-over-IPv4 tunneling. This matters to me for a couple of reasons.

  1. I’m about to have this problem. IPv6 is on my radar. In my specific application for IPv6, I’ll need a tunneling mechanism due to parts of the network I don’t control yet need to traverse that are IPv4 only.

Read more

ASA 8.2(1) to SRX 11.4R7.5 Site-to-Site IPSEC VPN Configuration

This is a summary of bringing up an IPSEC site to site VPN tunnel between a Cisco ASA firewall we’ll call EAST running ASA 8.2(1) and an Juniper SRX 650 firewall we’ll call WEST running Junos 11.4R7.5. Not the most elegant blog post in the world, but rather a summary along with config files that worked in my case and have been stable for about a week now.


Juniper offers route-based IPSEC VPNs and policy-based IPSEC VPNs.

Read more

My First Look at Junosphere 3.0

I’ve recently taken on a new day job, where I’ve inherited some Juniper gear that needs to be put into production soon. As long as I’ve been involved with networking, I’ve never worked with Junos. Mostly, I’ve been a Cisco IOS or NX-OS user. While many non-Cisco vendors ape the IOS CLI as sort of a de-facto standard, Juniper does not. From a CLI perspective, Junos is nothing like IOS. That puts me a time disadvantage.

Read more

Windows To Mac. Yeah, That Happened.

Some months ago, I migrated from PCs running Windows 7 to OS X running on Mac hardware. I bought a Mac Mini and a MacBookPro with a 13″ Retina display. I don’t use Windows for any personal computing at all now, and I don’t miss it.

Why did I switch?

The change was driven by three things. One was seeing many, many people in my line of work (networking professionals with a creative bent) using the Mac platform.

Read more