Monthly Archives: March 2013

Sorta Sad Panda – End Of Support Life for Some Netscreen/SSG routers

Posted on by
Reply

I was just looking up some Juniper gear I saw in a local auction… and discovered that the wheels of progress are indeed rolling along.

According to the Hardware EOS Milestone page, the NetScreen 5XT and 5GT, cute little firewall/vpn boxes that seem to be all over the place, reach their end of support life on June 30th and December 31st, 2013, respectively. Considering they were announced as EOL about 5 years ago, this isn’t a big surprise.

I was a bit concerned when the same page reported that the replacement products, the SSG-5 and SSG-20, had their EOL announced in December 2011, and their “Last Date to Convert Warranty” and “Same Day Support Discontinued” date is April 29th of this year (4 weeks away). But it looks like this only applies to the Japan, Korea, and Taiwan versions. Whew.

However, some further digging… and I see ScreenOS is on its own End Of Life path… 6.1 is gone, 6.2 has through the end of 2013, and 6.3 is gone at the end of 2015.

I actually use an SSG-20 with the ADSL2+ PIM for my store’s Internet connection… and while it’s not under warranty and I don’t expect to need support, this did make me wonder what I should consider for my next CPE need.

I’d be tempted to put together an SRX240 with DOCSIS and ADSL2+, but best price I can imagine for that is $2k or so, which is more than I want to spend on this project. So maybe I’ll drive the SSG-20 into the ground, and deal with the problem when it arises. There’s always a spare ADSL2+ modem in the cabinet just in case…

Why so blue, panda bear?

I’m not all that sad, to be honest. But I have a habit of going with old technology until it no longer does what I need. Or until it’s cheaper to replace than to maintain, which can be the same thing.

Heck, I have actually installed Windows XP in the past month… and it stops getting updates any day now. And I’m used to far worse support prognoses–I’m looking at you, Cisco Linksys, with the “it’s a year old? Oh, no updates for you!” policies on a lot of your home network gear (wouldn’t be so bad if it was stuff that can run DD-WRT or OpenWRT… but RV042 and the like aren’t a fit there).

Anyway, this gear has had a good run, in the market and in my own environment. So I’ll keep an eye out for new and better gear within a minimal budget, and see where the world takes my networks.

Looking forward to Cisco Live 2013 in Orlando!

Posted on by
2

Welcome to those of you coming here through the Cisco Live 2013 Twitter List.

It looks like I’ll be able to make it to Cisco Live this year.

If you’d asked me even ten years ago if  I’d ever be doing something like this, I would have asked if you’d gone off your meds. I was not a Cisco fan, partly because I worked in what became Nortel’s Ethernet switching division (the old Rapid City Communications group, which brought the Accelar/Passport 1000/8000 lines to market and pushed Cisco’s hand in bringing out Gigabit Ethernet).

(If we meet at CLUS, and if the rum is good, maybe I’ll tell you the Alidian story. Or not. Depends on who’s buying the rum.)

But I’m expanding my horizons, and I’ve spent over a year working in a UCS C-series (rackmount) environment, becoming sort of a subsistence expert on the platform (with lots of help from friends at Cisco of course). And I could see myself building on this experience in the future.

So I’m looking forward to my first big vendor event, meeting up with new and old friends, learning more about my new “home” platform and more about what’s around it as well.

It’ll be a busy June for me, as I’m headed for Austin to participate in Tech Field Day 9 the week before… and conveniently my company has a facility just outside Orlando that I’ll be able to bring the family to for a couple of days after Cisco Live.

Thanks for visiting… hope to see you in the comments, on Twitter, and at Cisco Live.

How many Internets do you need?

Posted on by
1

I’m a big fan of redundancy when it comes to Internet connectivity. Sometimes your provider has maintenance, or random cablemodem reboots, or routing issues. And sometimes the hardware fails… I once had an enterprise colo site go down because, of all things, a SFP module for the Internet uplink failed.

There are two roads you can go down…

So for quite a while I’ve had two Internet connections at home. The primary one is ADSL2+ through Sonic.net, a local Bay Area ISP who offer service limited only by the laws of physics. With Annex M turned on, I get about 25mbit down/4mbit up — Annex M trades a chunk of download speed for a smaller chunk of upload speed, and with things like Bitcasa, Dropbox, and so forth, upload speed becomes more important.

My secondary connection is a Comcast cablemodem… we have to have television for the little one anyway, so the additional cost for 25mbit-ish cable service is negligible.

For the longest time, I had separate wireless routers behind each connection. Sonic was the default, but if I had issues with that connection or just wanted a full 25mbit (or 15mbit at the time), I’d switch my laptop to the other wireless. What this meant was that most of the time, I had a 25mbit connection sitting idle.

As I mentioned, the cablemodem service could be justified away as free, if I accept the usual price for a modest tv package, and remember to renegotiate every 6 months or so. But still, it seemed like a waste.

Throwing hardware at the problem sometimes helps…

So I got the new-at-the-time Cradlepoint MBR-1200. This is a Wireless-N router that supports up to 5 broadband wireless modems (USB and ExpressCard), as well as up to two Gigabit Ethernet WAN connections. It will load balance across them, or a common option is to have the broadband cards serve as failover in case the wired WAN fails. So I set up the two connections that way, each getting DHCP settings from the respective providers, and started using it.

I found the connection was not reliable in load balancing mode, primarily due to DNS. Generally an ISP allows its customers/netblocks to use its resolvers, but doesn’t leave them open to the world. So if the router got one provider’s DNS, but the connection went out the other provider’s line, I’d have problems resolving DNS records.

I didn’t think about it at the time–just went back to the manual failover method with separate networks–but when I found a good deal on a Cisco Linksys RV042 dual wan router, I started thinking about it again. About that time I’d started using OpenDNS, a third party DNS provider that provides metrics on your DNS use.

Or maybe throwing the cloud at it will help?

Then it hit me. Third party DNS would get around the split-brain networking issue I’d been experiencing before. I set up the RV042 with Comcast on one side and Sonic on the other, plugged in the OpenDNS resolvers in place of the provider DNS, and gave it a try. It worked.

I have still run into at least one problem that can be traced to the dual WAN configuration. Vonage, my phone service, gets terribly confused if client connections come in from multiple IPs, and was making me log in again for every frame and page I viewed. I haven’t seen this for any other sites, including banking and e-commerce. The solution for this was to set a static route to their subnet through one WAN connection, and now I can view my account again.

And there are two other things I’m disappointed with in this configuration. One is that the RV042 is 10/100, and in theory Comcast could go faster than that would allow. The other is that the RV042 is too old for IPv6, but as I recall the Cradlepoint routers don’t support IPv6 either (even the ones that didn’t EOL last year like mine, sigh), so it’s not a specific pain to the RV042.

I expect that when Sonic.net comes out with native (non-tunnel) IPv6 I will start looking around again for a load balancing option. Maybe Peplink Balance 20/30 would do the job (100mbit, but IPv6 is supported even in the lower-end models).

As an aside, there are newer versions of the hardware above… and the links do add to my toy budget, if you choose to use them.

Have you done small network load balancing? What caveats and eurekas did you run into? And what hardware do you recommend?

SSD Accelerators for Windows – Your experience?

Posted on by
Reply

corsair_accel_30gbI’ve had a Corsair Accelerator 30GB SSD sitting on my desk for a month or two, since it was on reasonably absurd sale pricing at Fry’s. Similar to Corsair Nova Series 2 30GB but with the NVelo software license included.

Now that I’m rebuilding my main desktop at home, I may finally get around to installing it and seeing how it benefits me. I’m already running with 16GB DDR3 RAM (Windows 7 Professional 64-bit), but startup is kinda slow on single SATA drives.

If any of my readers have experience with this sort of accelerator, I’d like to hear about it. Specifically…

1. What’s the actual  benefit from an SSD accelerator, aside from having more data storage capacity (which is why I’m going from a 500gb spinning disk to a mirrored 1tb spinning disk behind it)? Maybe better put, how much do you notice the difference and when?

2. Have you tried different sizes of cache drive? What if I were to replace this 30gb with a 120gb OCZ or the like?

3. WTF? Amazon doesn’t sell this particular item, but a “Marketplace” seller on Newegg has one for $1999. Yes, just short of two thousand dollars. I’d sell mine, with unused license, for half that!
Thanks in advance for any thoughts you have to share.

Join me on Thwack next week!

Posted on by
Reply

I was going to make a joke about an uncomfortable unicorn and tooting my own horn… but I’ll leave that as an exercise to the reader.

Seriously though, starting next week I’ll be a Thwack Ambassador on the Thwack Community hosted by SolarWinds.

Thwack is a community for people who manage, monitor, or deploy stuff. There are consultants, administrators, a few SolarWinds gurus, and generally people interested in having an easier life in systems/network/virtualization administration.

I’ll be sharing, and soliciting, some thoughts on topics around alerting and oncall, for the next four weeks. I also hope, if I can, to use, in a manner of speaking, way more commas than one, in his right mind, that is, might use. </shatner>

SolarWinds, as you may know, produces software to monitor and manage networks, servers, virtualization, logs, and more. They have a number of free products that you can use, from an SSH client and a very popular tftp/sftp server to IP address management and a subnet calculator (great for those of you with ten fingers rather than two). But this isn’t about their products.

#include <disclaimer.h>

I am paid a bit for my stint as a Thwack Ambassador. I am given a very broad theme to work from, but they don’t get to specify what I write about. So as with my own blog, you’ll be reading what I find interesting and/or true.

Come see me on Thwack next week, share your thoughts (there’s bound to be a contest for people who interact with me and my co-ambassador for March, Jeremy Stretch), and hopefully you’ll find (and share) some new ideas and solutions.

Update: My first post is up: Let’s just eliminate alerting altogether, okay? Check it out for a chance to win an iPod Nano!