Tying cloud provider orchestration, security, performance, and cost management together with Prosimo AXI at Cloud Field Day 12

Disclosures at the bottom as usual.

At Cloud Field Day 12 in San Jose, Prosimo joined us to explain how they are “more crazy than you guys think we are.” We got a good introduction to the problems they are working on solving, some of the problems they’re not focused on, and yes, we did learn they might be pretty crazy. But it just might work.

Prosimo was founded in early 2019, the second startup for many of the team (hence their CEO Ramesh Prabagaran’s crazy quoted confession above). The connection I didn’t make at the time is that his first startup was Viptela, who were acquired by Cisco in 2017. So after developing an SD-WAN solution, Prabagaran and his team moved up (or down) a layer to address another element of WAN in the clouds. Maybe we could call it CAN, or Cloud Area Networking. Or maybe not.

To get to the good stuff… Prosimo focuses on multicloud transit (the third lozenge pictured above), an element between the users and edge networks and the applications a customer has in any of the three major clouds or their own datacenters/private clouds.

Continue reading

When POHO isn’t psycho enough – a home network update in progress

If you’ve been around for a while, you will know that POHO, or Psycho Overkill Home Office, is an ongoing theme of this blog. I’ve described it more than twice as “two comma technology on a one comma budget.” It stands to reason that my home network is in the “psycho overkill” range, with three sites connected by VPNs and internal 10 gigabit networking (40 gigabit on its way).

Disclosure: Much of the gear in this post is Cisco Meraki, and much of that was obtained using employee purchase program benefits as a Cisco employee. As a system engineer I was eligible for free renewals on my licenses for the Meraki gear, but the original licenses and most of the hardware purchases were out of my own pocket. Any other gear mentioned was purchased out of my own pocket through mainstream methods (i.e. eBay) unless otherwise noted. Cisco has not reviewed, influenced, or endorsed this post or this blog, and they most likely won’t.

A photo before everything was recabled. There are a lot more ports in use now.

What’s the POHO like today?

In the past two years I’ve been running a somewhat crippled network, despite having pretty good employee purchase benefits at work. Still, with gigabit fiber and 500 megabit cable, I’m at about 2.5x the capacity of my core router.

I’m running a Meraki MX84 as the core of my home network, with AT&T / Sonic fiber as primary, and Comcast as secondary. It downlinks to an MS42p 48-port switch with four ports of 10 Gigabit Ethernet. On the upstream side, it connects via Meraki’s auto-vpn to an MX64 in my shop across town, and to a Z1 Teleworker unit in my garage that keeps some lab gear protected from the world (and simplifies IP addressing).

I have a couple of MS switches around the networks, as well as a Cisco Small Business SG500XG-8F8T, a Netgear MS510TXPP (for mgig POE) and a couple of other brands in use from time to time. Wireless is handled by MR56 and MR34 in the house, MR18 in the garage, and MR16 in the shop.

Unfortunately, the MX84 is limited to 500mbps of stateful firewall or 320mbps of advanced security throughput. I’m getting pretty close to that, but the other half of the uplink is idle unless I switch over to the other side of the MX.

Continue reading

I didn’t think I’d be able to say this so soon… (He’s baaack at Tech Field Day!)

As many of my readers know by now, my time at Cisco came to an end last month. When I decided to leave Disney and come to Cisco 6 1/2 years ago, there were two main things I knew I would miss about being in the “real world” — Disney cast member discounts, and being a Tech Field Day delegate.

Well, there’s no change on the Disney discount front, but this week I’ll be back as a TFD delegate for Tech Field Day 22 the latter half of this week.

Riding in the limo at SFD5 in 2014 – four of the five people pictured will be at TFD22 this week with me

How did you get to this point?

In May 2014, I posted a two part post on storage vendors (“These 3 hot new trends” part 1 and part 2) from Storage Field Day 5, my last full event as a delegate. A month later, I moved to San Francisco for most of a week thanks to TFD sponsors, to participate in my second Cisco Live event and to interview for a position with Cisco.

I was offered the job the day I got home from the event, and a little under a month later I got badged at Building 9 and began the 6+ year adventure in mega-vendor sales engineering. But as a vendor, I wasn’t terribly welcome among the Tech Field Day delegations, although I was still invited to the parties, and managed to qualify for the roundtable at SNIA’s Storage Developer Conference in 2017. I did continue my participation with Interop over the years, leaving my Cisco ears (instead of my Disney ears) at home, and even attending a Cisco briefing during one of the events, in the former Playboy Club at the Palms in Las Vegas.

What is Tech Field Day? Do I need a ham radio?

If you’re new to Tech Field Day, the idea is pretty much the same as it’s been for over ten years, even if the participation venue has moved from conference rooms to Zoom. Stephen Foskett, founder of Tech Field Day and Gestalt IT, brings together independent analysts, practitioners, geeks, and javelin catchers to meet with companies producing something in the tech sphere.

From the huge established names (like Dell, HPE, Cisco) to companies just coming out of stealth and talking to the public for the first time, you get to see companies facing unstaged questions in realtime, discussing the product or service, the decisions behind them, and how people who might actually use the product or service see it rather than how the company’s marketing and PR team want it to be seen.

And unlike most press conferences and analyst events, anyone on the planet (pretty much) can tune in, watch and learn, and pose their own questions through social media to be answered. There’s no registration required, no event fees, and if you missed a company you can go back and watch within a couple of days.

Pro-tip: If, like me, you’re on the tech job market, Tech Field Day’s archives can be a great resource for learning about companies you might be interested in working for. Just go to the main page and search for a company name. Not everyone is in there, but you can get a good feel for the companies that are, from what they do and how they’ve evolved over the years to how well they understand their product and the market they’re competing in.

So what’s different for you this time?

Tech Field Day 9 in Austin, Texas (June 2013)

After five full delegate events in person, and seven roundtable/TFD Extra events (details), I’ll be back as a different kind of delegate, for obvious reasons. TFD22 looks to be the largest event yet, with twenty-five delegates. No, really, 25 delegates. The nine presenting companies will be split up into early and late shfits to accommodate delegates from around the world, and since none of us are traveling to an in-person location, we can focus on presentations in our own time zones… and some of us will be hopping onto the other shift’s events as well.

The early shift, for my European and Eastern colleagues, will feature Commvault, Veeam, VMware, Quantum, and Red Hat. Their sessions run from 5-10am Pacific, and while I’d love to see them live, I’m not sure 5am is a time I believe in just yet.

You’ll find me in the late shift (11am-3pm Pacific), meeting with MemVerge, Riverbed (who I last visited here in Sunnyvale for SFD2), Illumio, and oddly enough, Cisco. I only see three names among the other 24 who I’ve shared TFD events with, but about half of them are in my online circles and I’m looking forward to meeting the others.

If you’d like to watch along with us, check out the TFD page for livestreams on several platforms starting Wednesday morning, December 9th. You can click on this garishly-large TFD logo to get there if you like. And if you miss the sessions you wanted to watch, they’ll be posted on the same link within a couple of days for you to watch at no cost.

Feel free to follow along on Twitter and ask your questions – tag with the hashtag #TFD22 and the delegates will try to relay your questions to the presenters.

Straying into Ubiquiti territory for a home network experiment, part 1

As many of you know, I run my home, lab, and store networks primarily on Meraki gear. Employee discounts and internal system engineer promos make it a reasonably priced platform for me, but I can understand why non-Cisco employees might not build out a substantial home network on their own dime with Meraki.

Having cut directly over from the Linksys WRT1900AC as a router to a mix of MX security appliances, MS switches, and MR access points, I didn’t really take the time to evaluate other options. However, with many friends getting into Ubiquiti, I figured it was worth trying that platform out, especially when some of the devices went on sale at a local computer store.

In this post I’ll talk about the initial deployment and the gear I’ve purchased. I do have a few items from Ubiquiti that I won’t be using for this environment (like the EdgeRouters and a couple of relatively ancient 24v POE access points).

Spoiler: I’m still a big Meraki fan, and if I were deploying in a business environment where I didn’t want to tweak much or where I wanted enterprise-grade features, I’d still lean toward that platform. However, for a home network, home office, or early stage  startup, the Ubiquiti option is definitely worth a look.

Initial Bill of Materials

ubnt-cloudkey-aa-1.jpg

UC-CK Cloud Key, with two AA batteries for scale

Note that Amazon offers some combos with multiple elements, like this $349 combo with Cloud Key, Switch, and Security Gateway. You may be able to get quicker shipping and/or save a buck or two that way, but look around at the combos to see what makes the most sense. If you decide to buy multiples, there may be discounted packs of devices (like this 5-pack of AP-AC-PRO which saves you about $15 per device).

You’ll also find the items on Newegg, including Newegg on eBay, Central Computers (if you’re in the SF Bay Area), and direct from Ubiquiti. If you use the Amazon or eBay links above, we get a few bucks that will go back into gear to review here and on rsts11travel.

Why did I choose this particular gear?

ubnt cloudkey

UniFi Cloud Key

Like Meraki, Ubiquiti uses the concept of a “cloud controller.” Unlike Meraki, you can place the controller on your own private cloud, or purchase a “Cloud Key” to run on your own network for management. There is still a “public” website to view and manage the network, but you can access the local controller via ssh, https, or a mobile app.

Since I don’t currently have a full-time system running that would host the controller, I chose to buy the older Cloud Key. They have newer versions, with more powerful controller hardware, battery  backup, and more features, but since this is meant to be a basic deployment on a budget (and I wanted to pick up the cloud key locally), I went with the first gen device. This device is about the size of four AA  batteries; can be powered by PoE or a USB cable; and of course still requires a LAN connection even if powered by USB.

ubnt accesspoint

UniFi AC Pro

For wireless access, there are over a dozen different AP models, compared and contrasted on the Ubiquiti knowledgebase. The three devices in the “wave 1” family (UniFi AC) include the Lite, the LR (long range), and the Pro. My decision on the Pro was based primarily on “ooh, it’s on sale” but I’m pretty comfortable with the features including extended 5GHz radio rate of 1300 Mbps, and the dual Ethernet ports for redundancy.

ubnt switch

UniFi Switch 8 60W

The switch is meant to let me offload both the AP and the Cloud Key from their current home on my Meraki MS42P switch, so that I can put them behind the security gateway for more thorough testing. The AP uses 9 watts and the Cloud Key uses 5 watts, so the 60 watt PoE switch should be enough for the near term.  There is a 150 watt version (US-8-150W, for about $190) with two additional SFP modules, if you do need more power. And interestingly, the switch is the only piece in the bill of materials that has a metal shell as opposed to plastic.

ubnt security gateway

Unifi Security Gateway 3-port

Finally, with the USG security gateway, I get additional visibility into the Internet connection itself and my use thereof. Without the USG in the data path, I can see per-device information within my network, and status of the APs and switches, but I don’t have the visibility at a network level.

Starting the deployment

I bought the access point first, and went back a day or two later for the cloud key once I decided not to run the controller on my own hardware. So the CK went up first, plugged in via the tiny Ethernet cable to a port on my Meraki PoE switch.

When I logged in, of course, it was behind a few versions on the firmware. I had issues with firmware updates and “adopting” the device into my Ubiquiti cloud portal. The adoption failed claiming the device was unreachable, and the firmware upgrade didn’t seem to start, much less complete.

So I ended up doing some minor workarounds using some steps from a community post here for the firmware update. I wish I could remember the fix for the adoption, although I suspect I’ll figure it out again on a future device and can report back then.

Once the Cloud Key was recognized, updated, and working properly, I adopted the Access Point and updated it. I configured a wireless network and went downstairs from the home office to connect my iPad to the new network and test it out.

Not surprisingly, the network was as fast and efficient as it was through the MR34 at the same distance. I did learn from the Ubiquiti interface that there were at least 50 networks detected by the AP-AC-PRO, which was slightly surprising. Despite that, I’m seeing about 20% utilization on 2.4GHz and 3% utilization on 5GHz and noticeable but not overwhelming “interference” registering primarily on 2.4GHz.

I also realized that the extra MR34 downstairs, connected through an MS220-8P switch that was uplinked through Powerline networking, was definitely throttling my connectivity when I associated with it. Unplugging the AP forced my iPad to connect to the upstairs MR34, and I didn’t have any issues even at the distance. So for now, the Powerline network is driving two tiny Verium miners and my two printers, as well as an Intel NUC in the living room.

What comes next?

After reorganizing a bit of the home office, I’ll be turning up the USG security gateway and the 8-port switch very soon. At that point I’m likely to put all four pieces behind my secondary Internet connection (to enable the home network SLA to be maintained), and run some traffic through it.

I’m also giving serious thought to powering the USG through a PoE splitter like the Wifi Texas one ($18 on Amazon) so that all four devices can be powered from a single wall outlet (for the switch).

Check in soon for the second part of this journey, and feel free to share any suggestions, comments, references, designs, etc in the comments below.

 

 

Test-driving third party optics from StarTech in the RSTS11 labs

Disclosures at the end, as usual.

This fall John Obeto asked if I’d be willing to try out some third party optical modules in some of the varied and random switches I have around the rsts11 home lab. Always willing to help a friend and try some new gadgets, I accepted the challenge. Today I’ll give you an idea of why you might consider third party optics for your switching, why you might not, and how the compatible modules from StarTech.com impressed me.

2018-12-01 14.02.27WHAT ARE OPTICAL MODULES?

First, a word on optical modules. For decades, switch manufacturers have made two kinds of ports on their switches, a fixed port and a modular port. Fixed ports were long popular on line cards, where you wanted to get 24-48 (or more) optical ports for fiber cabling into a small amount of space, and you knew your customer was not going to change their optical requirements on the fly.

Modular (or “pluggable”) ports, however, made it possible to sell switches at a lower initial cost and allow the uplinks to be populated later. It also enabled customers to use different connection lengths and media with the commensurate power considerations.

In Gigabit Ethernet (and 1/2/4 gigabit Fibre Channel), the standard has been the Small Formfactor Pluggable, or SFP, module. About the size of a AA battery or a small USB flash drive, it connects to a small blade port inside the switch, and “translates” the connection to short (SR), long, (LR), or extended/extreme (XR) range optics, or even to 1000Base-T copper.

For 10 Gigabit Ethernet (and 8/16 gigabit Fibre Channel), the standard is an extension of the same module called SFP+. Many installations within a rack or in adjacent racks will use copper SFP+ cabling (with no fiber involved), sometimes called Direct Attach Copper or DAC cabling. Continue reading