Tag Archives: cisco

Replacing Meraki with TP-Link Omada for the new year

Posted on by
Reply

[This post was originally teased on Medium – check it out and follow me there too.]

I’m a big fan of Meraki, but now that I haven’t been an employee of Cisco for over two years, I no longer have the free license renewals or the employee purchase discounts on new products and licenses. So October 28, 2022, was the end of my Meraki era. (Technically a month later, but I needed a plan by October 28 just in case.)

The home network, mostly decabled, that got me through the last 4-5 years.

I needed a replacement solution that wouldn’t set me back over a thousand dollars a year, and my original plan was to use a Sophos SG310 either with the Sophos home firewall version or PFsense or the like. I even got the dual 10gig module for it, so that I could support larger internal networks and work with higher speed connectivity when the WAN links go above 1Gbps. I racked it up with a gigabit PoE switch with 10gig links, and now a patch panel and power switching module.

The not-really-interim network plan. The Pyle power strip and iwillink keystone patch panel stayed in the “final” network rack.

But I didn’t make the time to figure it out and build an equivalent solution in time.

How do you solve a problem like Omada?

Sometime in early to mid 2022 I discovered that TP-Link had a cloud-manageable solution called Omada.

It’s similar in nature to Meraki’s cloud management, but far less polished. But on the flip side, licensing 12 Omada devices would cost less than $120/year, vs about $1500/year (or $3k for 3 years) with Meraki. So I figured I’d give it a try.

The core element of the Omada ecosystem is the router. Currently they have two models, the ER605 at about $60-70, and the ER7206 at about $150. I went with the ER605, one version 1 without USB failover (for home, where I have two wireline ISPs), and one version 2 model with USB failover (for my shop where I have one wireline ISP and plan to set up cellular failover).

You’ll note I said cloud-manageable above. That’s a distinction for Omada compared to Meraki, in that you can manage the Omada devices individually per unit (router, switch, access point), or through a controller model.

The controller has three deployment models:

  • On-site hardware (OC200 at $100, for up to 100 devices, or OC300 at $160, for up to 500 devices)
  • On-site or virtualized software controller, free, self-managed
  • Cloud-based controller, $9.95 per device per year (30 day free trial for up to 10 devices I believe)

I installed the software controller on a VM on my Synology array, but decided to go web-based so I could manage it from anywhere without managing access into my home network.

Working out the VPN kinks

The complication to my network is that I have VPN connectivity between home and the shop across town. I also had a VPN into a lab network in the garage. Meraki did this seamlessly with what you could call a cloud witness or gateway – didn’t have to open any holes or even put my CPE into bridge mode. With Omada, I did have to tweak things, and it didn’t go well at first.

I was in bridge mode on Comcast CPE on both ends of the VPN, and did the “manual” setup of the VPN, but never established a connection. I tried a lot of things myself, even asked on the Omada subreddit (to no direct avail).

I came up with Plan B including the purchase of a Meraki MX65. I was ready drop $300-500 to license the MX65 at home, MX64 at the shop, and the MR56 access point at home to keep things going, with other brands of switches to replace the 4-5 Meraki switches I had in use.

As a hail-mary effort, I posted on one of the Omada subreddits. The indirect help I got from Reddit had me re-read other documentation on TP-Link’s site, wherein I found the trick to the VPN connectivity – IKEv1, not v2. Once I made that change, the link came up, and the “VPN Status” in Insights gave me the connectivity.

The trick to the manual VPN connectivity was IKEv1, not v2

The last trick, which Meraki handled transparently when you specified exported subnets, was routing between the two. I had to go to Settings -> Transmission -> Routing and add a static route with next hop to the other side of the tunnel. Suddenly it worked, and I was able to connect back and forth.

Looking at the old infrastructure

My old Meraki network had 12 devices, including three security appliances, four switches, a cellular gateway, and four access points. The home network used the MX84 as the core, with a MS42p as core switch, a MS220-24 as the “workbench” switch on the other side of the room, and a MS220-8P downstairs feeding the television, TiVo, printers, MR42 access point, and my honey’s workstation, connected via wireless link with a DLink media access point in client mode. I also had a MS510TXPP from Netgear, primarily to provide 2.5GbE PoE for the Meraki MR56 access point.

There was a SG550XG-8F8T in my core “rack” (a 4U wall-mountable rack sitting on top of the MS42p switch) but it was not in use at the time – I didn’t have any 10GBase-T gear, and the MS42p had four 10GbE SFP+ slots for my needs.

The garage lab had a SG500XG-8F8T behind the Z1 teleworker appliance. TP-Link powerline feeds that network from the home office.

The remote shop had a MX64, MS220-8P, and MR18, as well as the MG21E with a Google Fi sim card.

So there was a lot to replace, and complicate in the process.

Looking at the new infrastructure

The new core router is the TP-Link ER605, feeding the MS510TXPP switch for mgig and 10gig distribution (including WiFi), with another downlink to a TL-SG2008P switch ($90 at time of purchase) which offers 4 PoE+ ports and integrated monitoring with Omada.

The ER605 has front-facing ports, so I have those cables going into the patch panel to connect Internet uplinks and the PoE switch. On the SG2008P, ports are on the back and LEDs are on the front, so I have all 8 ports going to the patch panel and they feed things from there.

The MS510TXPP has downlinks to the powerline network, a SG500-48X switch across the room connected by 10 Gigabit DAC, and a few other things in the office.

I have the wireless needs fulfilled by a Netgear Nighthawk router in AP mode, and a TP-Link Omada EAP650 access point that needs some tuning. I expect to replace the Nighthawk with the EAP650 at some point, and I have a Motorola Q11 mesh network kit coming soon which could replace much of the wifi in the house.

The downstairs network is still fed by the DLink wireless bridge (as a client of the Nighthawk), but now it has a random Linksys 8 port switch serving the first floor needs.

The garage lab still has the SG500XG, bridged via powerline, and very limited hardware running due to California electric prices.

In the shop, I have the ER605v2, feeding a random 8-port TP-Link unmanaged switch for now. I’m thinking about getting an Omada switch there, and I recently installed a UeeVii WiFi6 access point (acquired through Amazon Vine, review and photos here) which is more than enough to cover the 500 square feet I need there.

Why’d it take so long to post?

I had found an Etsy seller who made 3d printed rackmount accessories, and I ordered a cablemodem mount, router mount, and a 5-port keystone patch panel. I ordered December 15, shipping label was issued December 21, and I expected it right after Christmas. Alas, after a month and two shipping labels being generated, I had no gear and no useful response from the seller, so I got a refund and went with rack plan B.

I took a 14″ 1U rack shelf like this one (but fewer slots and about half the price) and used zip ties to attach the router and 8-port switch to it. Not a great fit, but inside the CRS08 carpeted rack it’s not so visible.

Where do we go from here?

Right now the networks are stable, except for no wifi in the garage and occasional wifi flakiness in the house. So my next steps will be fixing the home wifi, and probably moving another AP to the garage (possibly even setting up a wireless bridge to replace the powerline connection).

I am looking at some more switching, possibly upgrading the Omada switch to replace the Netgear at home, and then take the existing 8 port Omada to the shop to provide more manageability (and PoE+) over there.

The front runners for the new switch right now are the SX3008F (8 port SFP+ at $230; 16 port SX3016F is $500), SG3428X (24 port gigabit, 4 port SFP+), and the SG3210XHP-M2 (8 port 2.5GbE copper PoE + 2 SFP+ slots at $400, pretty much the same as the Netgear except with no 5GbE ports).

There are a couple of other options, like the $500 SSG3452X which is equivalent to the MS42p, but I’ll have to consider power budget and hardware budget, and what I can get sold from the retired stash this month to further fund the expansion.

I also need to work out client VPN to connect in to both sites. I had client VPN on my travel laptop to the shop for a couple of years, but haven’t tried it with the new platform yet.

TP-LInk supposedly has a combination router/controller/limited switch coming out this year, the ER7212 which also offers 110W PoE across eight gigabit ports. It’s apparently available in Europe for 279 Euros. Hopefully it (and other new products) will be released in the US at CES Las Vegas this week.

I was going to bemoan the lack of 10G ports, but then I saw the ER8411 VPN router with two SFP+ ports (one WAN, one WAN/LAN). Still doesn’t seem to support my 2.5Gbit cable WAN, but it’s at least listed on Amazon albeit out of stock as of this writing.

I didn’t think I’d be able to say this so soon… (He’s baaack at Tech Field Day!)

Posted on by
1

As many of my readers know by now, my time at Cisco came to an end last month. When I decided to leave Disney and come to Cisco 6 1/2 years ago, there were two main things I knew I would miss about being in the “real world” — Disney cast member discounts, and being a Tech Field Day delegate.

Well, there’s no change on the Disney discount front, but this week I’ll be back as a TFD delegate for Tech Field Day 22 the latter half of this week.

Riding in the limo at SFD5 in 2014 – four of the five people pictured will be at TFD22 this week with me

How did you get to this point?

In May 2014, I posted a two part post on storage vendors (“These 3 hot new trends” part 1 and part 2) from Storage Field Day 5, my last full event as a delegate. A month later, I moved to San Francisco for most of a week thanks to TFD sponsors, to participate in my second Cisco Live event and to interview for a position with Cisco.

I was offered the job the day I got home from the event, and a little under a month later I got badged at Building 9 and began the 6+ year adventure in mega-vendor sales engineering. But as a vendor, I wasn’t terribly welcome among the Tech Field Day delegations, although I was still invited to the parties, and managed to qualify for the roundtable at SNIA’s Storage Developer Conference in 2017. I did continue my participation with Interop over the years, leaving my Cisco ears (instead of my Disney ears) at home, and even attending a Cisco briefing during one of the events, in the former Playboy Club at the Palms in Las Vegas.

What is Tech Field Day? Do I need a ham radio?

If you’re new to Tech Field Day, the idea is pretty much the same as it’s been for over ten years, even if the participation venue has moved from conference rooms to Zoom. Stephen Foskett, founder of Tech Field Day and Gestalt IT, brings together independent analysts, practitioners, geeks, and javelin catchers to meet with companies producing something in the tech sphere.

From the huge established names (like Dell, HPE, Cisco) to companies just coming out of stealth and talking to the public for the first time, you get to see companies facing unstaged questions in realtime, discussing the product or service, the decisions behind them, and how people who might actually use the product or service see it rather than how the company’s marketing and PR team want it to be seen.

And unlike most press conferences and analyst events, anyone on the planet (pretty much) can tune in, watch and learn, and pose their own questions through social media to be answered. There’s no registration required, no event fees, and if you missed a company you can go back and watch within a couple of days.

Pro-tip: If, like me, you’re on the tech job market, Tech Field Day’s archives can be a great resource for learning about companies you might be interested in working for. Just go to the main page and search for a company name. Not everyone is in there, but you can get a good feel for the companies that are, from what they do and how they’ve evolved over the years to how well they understand their product and the market they’re competing in.

So what’s different for you this time?

Tech Field Day 9 in Austin, Texas (June 2013)

After five full delegate events in person, and seven roundtable/TFD Extra events (details), I’ll be back as a different kind of delegate, for obvious reasons. TFD22 looks to be the largest event yet, with twenty-five delegates. No, really, 25 delegates. The nine presenting companies will be split up into early and late shfits to accommodate delegates from around the world, and since none of us are traveling to an in-person location, we can focus on presentations in our own time zones… and some of us will be hopping onto the other shift’s events as well.

The early shift, for my European and Eastern colleagues, will feature Commvault, Veeam, VMware, Quantum, and Red Hat. Their sessions run from 5-10am Pacific, and while I’d love to see them live, I’m not sure 5am is a time I believe in just yet.

You’ll find me in the late shift (11am-3pm Pacific), meeting with MemVerge, Riverbed (who I last visited here in Sunnyvale for SFD2), Illumio, and oddly enough, Cisco. I only see three names among the other 24 who I’ve shared TFD events with, but about half of them are in my online circles and I’m looking forward to meeting the others.

If you’d like to watch along with us, check out the TFD page for livestreams on several platforms starting Wednesday morning, December 9th. You can click on this garishly-large TFD logo to get there if you like. And if you miss the sessions you wanted to watch, they’ll be posted on the same link within a couple of days for you to watch at no cost.

Feel free to follow along on Twitter and ask your questions – tag with the hashtag #TFD22 and the delegates will try to relay your questions to the presenters.

Test-driving third party optics from StarTech in the RSTS11 labs

Posted on by
Reply

Disclosures at the end, as usual.

This fall John Obeto asked if I’d be willing to try out some third party optical modules in some of the varied and random switches I have around the rsts11 home lab. Always willing to help a friend and try some new gadgets, I accepted the challenge. Today I’ll give you an idea of why you might consider third party optics for your switching, why you might not, and how the compatible modules from StarTech.com impressed me.

2018-12-01 14.02.27WHAT ARE OPTICAL MODULES?

First, a word on optical modules. For decades, switch manufacturers have made two kinds of ports on their switches, a fixed port and a modular port. Fixed ports were long popular on line cards, where you wanted to get 24-48 (or more) optical ports for fiber cabling into a small amount of space, and you knew your customer was not going to change their optical requirements on the fly.

Modular (or “pluggable”) ports, however, made it possible to sell switches at a lower initial cost and allow the uplinks to be populated later. It also enabled customers to use different connection lengths and media with the commensurate power considerations.

In Gigabit Ethernet (and 1/2/4 gigabit Fibre Channel), the standard has been the Small Formfactor Pluggable, or SFP, module. About the size of a AA battery or a small USB flash drive, it connects to a small blade port inside the switch, and “translates” the connection to short (SR), long, (LR), or extended/extreme (XR) range optics, or even to 1000Base-T copper.

For 10 Gigabit Ethernet (and 8/16 gigabit Fibre Channel), the standard is an extension of the same module called SFP+. Many installations within a rack or in adjacent racks will use copper SFP+ cabling (with no fiber involved), sometimes called Direct Attach Copper or DAC cabling. Continue reading

Looking back on InteropITX 2017 – the good, the bad, and the future

Posted on by
Reply

My fifth Interop conference is in the books now. Let’s take a look back and see how it turned out, and where I think it will go next year. See disclosures at the end if you’re into that sort of thing.

Ch-ch-ch-changes…

The event scaled down this year, moving down the strip to the MGM Grand Conference Center after several years at Mandalay Bay. With the introduction of a 30-member advisory board from industry and community to support the content tracks, Interop moved toward a stronger content focus than I’d perceived in past events.

The metrics provided by Meghan Reilly (Interop general manager) and Susan Fogarty (head of content) showed some interesting dynamics in this year’s attendance.

The most represented companies had 6-7 attendees each, as I recall from the opening callouts, with an average of about 2 people per company. More than half of the attendees were experiencing Interop for the first time, and nearly two thirds were management as opposed to practitioners.

The focus on IT leadership, from the keynotes to the leadership and professional development track for sessions, was definitely front and center.

How about that content?

Keynotes brought some of the big names and interesting stories to InteropITX. There wasn’t always a direct correlation, but there was some interesting context to be experienced, from Cisco’s Susie Wee talking about code and programmability in an application world (and getting the audience to do live API calls from their phones), to Kevin Mandia of Fireeye talking about real world security postures and threat landscapes. Andrew McAfee brought the acronym of the year to the stage, noting that often the decisions in companies are not made by the right person, but the HiPPOs — Highest Paid Person’s Opinion.

With five active tracks, there was content for everyone in the breakouts this year as well. Some tracks will need larger rooms next year (like the Packet Pushers Future Of Networking, which seemed to demand software-defined seating when I tried to get in) and others may need some heavier recruiting.

Attendees can access the presentations they missed (check your Interop emails), and some presentations may have been posted separately by the presenters (i.e. to Slideshare or their own web properties) for general access. Alas, or perhaps luckily, the sessions were not recorded, so if you haven’t heard Stephen Foskett’s storage joke, you’ll have to find him in person to experience it.

Panic at the Expo?

But the traditional draw of Interop, its expo floor (now called the Business Hall), was still noteworthy. With over a hundred exhibitors, from large IT organizations like VMware to startups and niche suppliers, you could see almost anything there (except wireless technology, as @wirelessnerd will tell you about here). American Express OPEN was even there again as well, and while they couldn’t help with fixing Amex’s limited retort to Chase Sapphire Reserve (read more about that on rsts11travel if you like), they were there to help business owners get charge card applications and swag processed.

The mega-theatre booths of past years were gone, and this year’s largest booths were 30×30 for VMware and Cylance among others.

Some of the big infrastructure names were scaled way back (like Cisco, with a 10×10 along with a Viptela 10×10 and a Meraki presence at the NBASET Alliance booth) or absent (like Dell, whose only presence was in an OEM appliance reference, and HPE, who seem to have been completely absent).

These two noteworthy changes to the expo scene were probably good for the ecosystem as a whole, with a caveat. With a more leveled playing field in terms of scale and scope, a wider range of exhibitors were able to get noticed, and it seemed that the booth theatre model and the predatory scanner tactics were mostly sidelined in favor of paying attention to people who were genuinely interested.

The caveat, and a definite downside to the loss of the big names, was that Interop was one of the last shows that gave you a chance to see what the “Monsters of IT Infrastructure” were doing, side by side, in a relatively neutral environment. For this year at least, VMworld is probably as close as you will get to the big picture.

Some of this may have to do with the conference ecosystem itself; Dell EMC World was the previous week in Las Vegas, with HPE Discover the first full week of June and Cisco Live US the last full week of June. These events often occupy speakers and exhibition staffs for weeks if not months beforehand, and the big players also had events like Strata Hadoop World in London to cope with as well. (See Stephen Foskett’s Enterprise IT Calendar for a sense of the schedule.)

Will the “Monsters of IT” come back next year?

I’d like to see them return, as fresh interest and opportunity is a good way to sustain growth, but I have a feeling that focusing on their owned-and-operated events and away from the few (one?) remaining general IT infrastructure event is likely to continue. They may just field speakers for the content tracks and assume that people will come to them anyway.

Meanwhile,  smaller players will continue to grow. While they appear to just be nipping at the heels of the big players, they’re building a base and a reputation in the community, and they don’t need to beat the Cisco/Dell/HPE scale vendors to succeed. So maybe everyone wins.

But what about InteropNet?

The earliest memory I have of Interop, from my 2013 visit, was finding a pair of Nortel Passport (nee Avaya ERS) 8600 routing switches in the InteropNet network. InteropNet has been a demonstration platform that brought together a wide range of vendors including routing and switching, wireless, and software layers (monitoring and management in particular), and it was noticeably absent this year as well.

Part of this may be due to the smaller size of the Business Hall, but part is also due to the cost (time and money at least) of setting up and operating the multivendor environment. The absence of most of the enterprise network hardware vendors may also have played into it, although I don’t know if that was a cause or an effect. As fascinating as Extremo the Monkey was, I don’t think an all-Extreme Networks InteropNet would have really demonstrated interoperability that well.

I didn’t talk to any of the network vendors who weren’t there, but some of the software layer vendors were unabashedly disappointed by the loss of InteropNet. It’s one thing to show a video recording or demo over VPN back to a lab somewhere, but it’s a much more convincing story to show how your product or service would react to a real world environment that your prospective customer is a part of, at that moment.

There were a number of OEM/ODM type network (and server) manufacturers, as well as software-defined networking companies like Cumulus and 128 Networks, but I think at least one big name would have to be there to make InteropNet work. Two or three would make it even better.

One interesting thought to make InteropNet more interesting and practical would be for a hardware refurbisher or reseller to bring in gear from the big names and set it up. Whether it’s ServerMonkey or another vendor of that class, or even a broad spectrum integrator like Redapt, it would be a good way to show a less-than-bleeding-edge production-grade environment that might appeal more to the half of the attendees whose companies are smaller than 1000 people. It would be a great opportunity for companies like that to showcase their consulting and services offerings as well.

Looking into the rsts11 crystal ball…

I don’t remember any mention of venue for next year, but I would guess some rooms and locations would be tweaked to optimize MGM Grand for InteropITX 2018. It’s very convenient for economical rooms and minimal leaving-the-hotel-complex requirements for attendees.

The new tracks structure worked, for the most part, although I expect adjustment and evolution in the content. Don’t be surprised if more hands-on sessions come around. Even though wireless tech was in short supply in the Business Hall, it was very popular in the breakouts.

I’m not expecting the Monsters of IT to have a resurgence in 2018, although it might be a good thing if they did. More security, management and automation, and some surprising new startups, are more likely to find their way into the Business Hall.

Where do we go from here?

I was asked at Interop for suggestions on how to make InteropNet more practical next year. I had some ideas above, but I could use some help. Do you feel that it was an unfortunate omission, or were you more inclined toward “I wouldn’t say I was missing it, Bob” ??

We’ll have some more coverage in the next couple of weeks, including another update on NBase-T network technology (which made a much more substantial showing in terms of available-to-buy-today offerings this year), so stay tuned to our “interop” tag for the latest.

And of course, while it’s too early for me to apply for media credentials, it’s not too early to start thinking about InteropITX 2018.

Registration isn’t quite ready yet, but you can sign up to be notified (and get updates on submitting to present next year as well!). Click above or visit interop.com to join the notification list today!

Disclosure: I attend InteropITX as independent media, unrelated to and unaffiliated with my day job. Neither UBM/InteropITX nor any vendor covered have influence over or responsibility for any of my coverage.

What verse are we on? The fifth! Back at Interop ITX Las Vegas

Posted on by
Reply

I’m back in Las Vegas for my fourth time this MLife season, and my fifth time at Interop (now Interop ITX). And it’s a little bit different this year. [Disclosures below]

Quick takes:

The most obvious change is the venue; they announced at the end of Interop 2016 that the event would move to MGM Grand’s Conference Center, one  Las Vegas block down the Strip from its previous home at Mandalay Bay. This means a smaller, more focused event, as MGM has a smaller facility than Mandalay, but it likely also means more affordable accommodations at the event hotels. (I would have enjoyed an extra Amex FHR stay at Delano, but Signature at MGM is good enough.)

Some staff changes have happened, particularly Meghan Reilly taking the reins of the event from Jennifer “JJ” Jessup, who moved on to a different company and role after last year’s event. JJ and the team encouraged me to stay involved with the event even after going to the Dark Side, and I’m grateful for her influence over the past few years. But I haven’t seen any fallout from the transition yet. The staff keeps things going, even with the traditional Monday hiccups on food and beverage logistics.

There also seems to be more of a focus on the educational content as opposed to the expo floor. Well over a dozen in-depths events will occupy each day Monday and Tuesday, with prominent names from various corners of the IT ecosystem. The “Business Hall” is still there, and will have about a hundred exhibitors according to the Interop website, but people have noticed many of the big names of past years scaled back or passing on the event altogether.  I’ve also seen some of my perennial favorites sit this one out.

I would say both of these items are good, for various reasons. While it was beneficial to have the Monsters of IT(tm) on the floor pitching their latest wares, I would expect this year to allow more of a focus on new, more agile, more adaptable players in the market. And with what seems (to me at least) to be a stronger focus on content vs exhibitors, the event becomes even more of a unique, substantially community-driven, substantially vendor-independent tech conference.

It’s true that if you want to see Cisco, Dell, and HP side by side, you’re mostly out of luck unless you find a third party proprietary conference (like VMworld or SAP Sapphire), but I expect that increased exposure to the new and rising players will have a positive effect on some of the larger companies. As each of the giants realizes they can’t differentiate based on their own true believers alone–and to be honest, that’s the core of each vendor’s own conference–perhaps they’ll come back to the table.

It’s also true that, if you are looking for more general IT and technology coverage than the USENIX events offer, especially around the business and culture side of IT, Interop ITX is pretty much the only game left in town.

Where do we go from here?

I’ll be heading into some content today and tomorrow, in between working on some other slides and writing. If you’re brave, follow me on Twitter at @gallifreyan for realtime observations, or if you’re attending Interop ITX, follow me on the app.

Disclosure: I attend Interop as independent media, on personal vacation time, not under the auspices of my day job. Tech Field Day generously brought me here my first two years, but for the past three years inclusive, I have attended on my own dime (although Interop does provide media attendees with lunch and coffee as well as full access to the conference). Any opinions in my coverage of the event are mine alone, and have not seen prior review by anyone involved in the event.

Further disclosure: autocorrect is being religious as I write this on my iPad. JJ’s last name became Jesus quite often, and apparently Apple wants Interop to have a stronger focus on convent. I’ll have nun of that, thank you.