Lindsay Hill network control, visibility, management

APNIC - final 'final' /22 now available

APNIC entered their “final /8” phase in April 2011. From that time, new and existing APNIC members could request a maximum of one IPv4 /22 prefix. Once you had requested your final /22, that was it. No more IPv4 addresses for you. Or was it?

(Read more...)

Using Paramiko/Python with FortiMail

Fortinet makes an email security/anti-spam appliance called FortiMail. I wanted to collect spam and virus statistics from it, to integrate with our Network Monitoring Systems. Unfortunately the data is not exposed via SNMP or API, so I had to resort to some ugly code to get it working. Here’s what I did:

(Read more...)

Cisco Political Comments - Why?

I freely admit to not truly understanding the American political/economic system. Sure, I get the general mechanics of it, but I don’t understand the subtle plays, and why people do certain things.

(Read more...)

Getting More Information From Your Logs

Packet Pushers normally focuses on networking, but episode 192 covered “Logging Design and Best Practices.”  I often think about logging in the context of network management, so it was good to hear an episode devoted to it. There’s a lot of valuable information in logs, and it’s an important part of managing your network.

(Read more...)

Is Cisco Struggling with Their ACI Messaging?

Cisco ACI represents a significant shift in the way we approach networking. This sort of shift will need massive customer education to explain their new vision. I’m getting the impression that Cisco is frustrated that their new messaging is not well-understood, and they feel that public perception is wrong, particularly in regards to NSX. Cisco seems to be blaming customers and analysts for this - should they instead be looking at themselves?

(Read more...)

Comparing Employment Relationships

I periodically re-evaluate my career, and my current position, and try to decide A) Should I change, and B) What sort of change should I make? One part of evaluating options is looking at what type of employment suits you better: Employee, Consultant, Contractor.

(Read more...)

War Stories: Proxy ARP Auto-Configuration

(Read more...)

Proxy ARP Sucks

Proxy ARP was often used in network designs 10–15 years ago, to enable NAT. It helped get around some specific challenges, but it was always an administrative hassle, and caused significant scaling issues. There’s very little reason to use it these days, but sadly it still lingers on, just waiting to catch out junior engineers.

(Read more...)

HP IMC 7.0 E0202: Steady Improvements

When I’m evaluating products, I’m more interested in their progression and development, than the exact feature list currently shipping. I like products that have a frequent release cycle, with a clear feature roadmap, even if they have a few rough edges. Better that than an OK product that hardly ever sees updates. HP IMC is a product that has been steadily, visibly improving over the last few years, with a release cycle around 6 months. IMC is a key part of HP’s overall SDN strategy, and there’s been a lot of focus on delivering major new components. But there’s also a number of smaller improvements and tidy-ups going on. Here’s some of the improvements in the most recent release, 7.0 E0202:

(Read more...)

Monitoring IPv6 vs IPv4 Traffic on Juniper SRX

I use a Juniper SRX 110 at home, and my ISP is enlightened enough to offer IPv6 by default to all customers. My devices are dual-stack, and I know that a lot of content is now available via IPv6 and IPv4. I’ve been trying to figure out how to measure the volume of IPv6 traffic, and I think I’ve got it figured out.

(Read more...)