Category Archives: Networking
I’ve been doing more musing than usual recently on where I think technology evolution in the Network arena is heading over the next few years, and the concept of a Virtualised CE Router keeps popping in to my head. This entire post is a bit of blue-sky thinking, but it’s not that far away from where we are today.
I think of the idea as a logical next step in the Hybridisation of Virtualisation and Network Function Virtualisation with that of Software Defined Networking.
Virtualisation has already taken over the Data centre, with VMWare and others having the capabilities to provide logically discrete Virtual Switching, Routing, and Firewall instances within the cloud infrastructure, so why not take it to the next step and start to consider Virtualisation for some of the additional services we might want to use? Indeed the IETF has a draft considering exactly this for MPLS VPN’s.
Current WAN networks follow a fairly traditional delivery model in that the edge of the carrier network is terminated on to a local piece of Customer Premise Equipment (CPE), which in turn is connected to a “Customer Edge” (CE) device usually provided by the Network Operator. Domestic DSL services follow a similar model.
My vision of a Virtual CE device fits both the conventional WAN solution, and in particular MPLS type deliveries, and a consumer grade DSL service.
Ethernet is increasingly becoming the bearer of choice for MPLS and Enterprise WAN services, either using Copper or Fibre, and terminating on an RJ-45 Ethernet port on the CPE. Since this is literally an Ethernet service delivery, why not shift the “intelligence” back to the other end of the circuit? Enabling the Service provider to virtualise the physical and provide a logical instance delivered from a shared hardware platform. This reduces the equipment that could “go wrong” on a customer site, reducing (but not totally eliminating) the potential need for engineer visits, break/fix maintenance, and ultimately to save costs. The carrier can also standardise the services that the customer takes, and capitalise on investment in centralised CE equipment. It would still be possible to use tagged Ethernet to deliver traffic to different Networks/VLAN’s for the more sophisticated requirements, and doesn’t really change the scope for screwups which could cause traffic to be delivered in to the wrong logical networks due to mis-patching, (although I do know of a solution that might help there too! 🙂 )
Extending this line of thought in to the Consumer market, I think that It has massive potential there too. It may still be necessary to have an intelligent black box of a sort as a CPE to provide a Layer 2 connection back to the intelligence in the Virtualised CE environment, (using something like L2TP over DSL to the virtual CE router?). Of course local WiFi breakout services will also still be required (Cisco already have the Meraki Cloud-managed Access Point range) but nevertheless similar benefits around centralisation, management, and economy of scale could apply. Consumers could still manage their own CE device via a browser, but the carrier could have a far greater degree of influence/control over the make/model of CE device the customer uses enabling standardisation as well as opening the door to many more value-added services that the carrier could provide. Some possibilities include:
- Central, Redundant, Backed up Network Attached Storage
- Media Centre/TV and related services (XBMC/Netflix/Plex/Sky Plus/Virgin TIVO etc)
- Remote Access/VPN
- Firewall & Security
- Shared Access (Data Sharing, Gaming, etc)
- Content Filtering
Taking those points in order:
Network Attached Storage: How many high-tech families (read: geeks) have sophisticated home networks with Network Attached Storage capabilities, used to backup Photos/Music/Documents, or other locally stored Data? This type of virtualisation could allow the carrier to provide (sell!) Exchange or Data-centre based NAS/SAN capacity.
Media Centre: What about those people using Media Server(s) running on a NAS or dedicated server Hardware? iTunes or Airplay servers to stream music to a SONOS or similar? Centralised access to subscription based TV services such as Netflix or Amazon Prime Video, or even inbound access to your Sky Plus or Virgin TIVO? Local storage (maybe on NAS?) of your own movies using Plex or XMBC?
Remote Access/VPN: I can only predict this area will grow and grow. I currently have the capability to establish a private VPN connection to my Home Network in order to access data stored on my NAS etc. As the trend towards the “internet of things” accelerates, I predict that this trend will only increase over time as we access additional home based solutions including Lighting, Home Security, Central Heating, Electric/Gas meters, even Cookers and Freezers etc going forward.
Firewall & Security: We all hear about the latest and greatest zero-day exploit and such, wouldn’t it be great if we could sit back secure in the knowledge that our service provider was protecting us against these threats centrally. Integrating this measure of control behind an easy to use UI to facilitate:
Shared Access: Already we find the younger generations gaming together within the same house on their respective games consoles with LAN enabled gaming, and of course MMORPG’s are extremely popular too! Why not have the neighbourhood kids playing Minecraft together on a private server that only they can get to? This is about the ability to selectively extend parts of the Network between entities (on a selective and controlled basis of course). Want to access that particular music track at home while you’re visiting a friend? no problem!
Content Filtering: How about being able to deliver different levels of filtering, maybe to different Wifi SSID’s or LAN ports on the black box locally? How about separate SSID’s for “Adults”, “Teenagers”, and “Children” each with differing levels of content filtering, maybe even logging applied.
And of course that’s before we start entertaining the ideas of Desktop-as-a-service, or the shift of compute workloads to the cloud. I’m pretty sure it’s only a matter of time before we shift the work behind our games consoles away from black boxes in the home, and just use a virtual-screen display type solution for it all! (nVidia SHIELD?)
I know that much of this can be done today, but it requires a particularly persistant technical person to make it all work, and even then it’s not yet as seamless as we’d all like! I think that the idea of Virtualising the CE takes us a step towards my vision, and is a potentially lucrative area for the carriers to invesigate.
What do you think?
Any Networking/IT types out there that happen to come across this website might also want to take a look at http://www.sergeantclip.com
Please help me spread the word, I truly think this product is brilliant – it’s so simple and effective at what it does, and it’s amazing that it’s not been thought of before!
There’s a little known tool that’s provided as part of a Windows installation, it’s certainly available under XP and Vista which seems to be overlooked in Network troubleshooting.
pathping, it’s a command-line utility that will help you to troubleshoot intermediate hops between your source and a destination host. Something of a combination of ping and tracert (or traceroute for the *Nix users out there).
Tracert will show the intermediate hops between you and a destination, together with the link latency, and packet loss rate. In other words it will very likely show you where a problem lies between two nodes on the network.
The command itself takes some minutes to run, dependant of course on the number of hops between you and a destination host. The below example takes for me 475 seconds to run because Google is 10 hops away, via my corporate internet connection. Sample output is shown below (but of course the IP Addresses have been changed to protect the innocent!)
Usage is simply
pathping [destination host or IP]
C:\>pathping www.google.com Tracing route to www.l.google.com [18.104.22.168] over a maximum of 30 hops: 0 mydesktoppc [192.168.1.10] 1 mydefaultgw [192.168.1.254] 2 internal-local-ce-router-01 [10.0.0.1] 3 service-provider-pe-router-01 [172.16.1.10] 4 internal-remote-ce-router-01 [172.17.24.1] 5 remote-core-switch-01 [192.168.254.254] 6 remote-inner-perimiter-firewall [192.168.0.100] 7 rate-shaping-switch-perimiter [192.168.74.12] 8 remote-outer-perimiter-firewall [192.168.75.6] 9 isp-router 10 unspecified-00.ukcore.bt.net [22.214.171.124] 11 unspecified-01.ukcore.bt.net [126.96.36.199] 12 unspecified-02.ukcore.bt.net [188.8.131.52] 13 184.108.40.206 14 220.127.116.11 15 18.104.22.168 16 22.214.171.124 17 126.96.36.199 18 188.8.131.52 19 nf-in-f104.google.com [184.108.40.206] Computing statistics for 475 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 mydesktoppc [192.168.1.10] 0/ 100 = 0% | 1 0ms 0/ 100 = 0% 0/ 100 = 0% mydefaultgw [192.168.1.254] 0/ 100 = 0% | 2 0ms 0/ 100 = 0% 0/ 100 = 0% internal-local-ce-router-01 [10.0.0.1] 0/ 100 = 0% | 3 6ms 2/ 100 = 2% 2/ 100 = 2% service-provider-pe-router-01 [172.16.1.10] 0/ 100 = 0% | 4 11ms 0/ 100 = 0% 0/ 100 = 0% internal-remote-ce-router [172.17.24.1] 0/ 100 = 0% | 5 12ms 0/ 100 = 0% 0/ 100 = 0% remote-core-switch-01 [192.168.254.254] 0/ 100 = 0% | 6 12ms 0/ 100 = 0% 0/ 100 = 0% remote-inner-perimiter-firewall [192.168.0.100] 0/ 100 = 0% | 7 12ms 0/ 100 = 0% 0/ 100 = 0% rate-shaping-switch-perimiter [192.168.74.12] 0/ 100 = 0% | 8 13ms 0/ 100 = 0% 0/ 100 = 0% remote-outer-perimiter-firewall [192.168.75.6] 0/ 100 = 0% | 9 22ms 0/ 100 = 0% 0/ 100 = 0% isp-router 0/ 100 = 0% | 10 21ms 0/ 100 = 0% 0/ 100 = 0% unspecified-00.ukcore.bt.net [220.127.116.11] 0/ 100 = 0% | 11 21ms 0/ 100 = 0% 0/ 100 = 0% unspecified-01.ukcore.bt.net [18.104.22.168] 0/ 100 = 0% | 12 22ms 0/ 100 = 0% 0/ 100 = 0% unspecified-02.ukcore.bt.net [22.214.171.124] 0/ 100 = 0% | 13 29ms 0/ 100 = 0% 0/ 100 = 0% 126.96.36.199 0/ 100 = 0% | 14 26ms 0/ 100 = 0% 0/ 100 = 0% 188.8.131.52 0/ 100 = 0% | 15 26ms 3/ 100 = 3% 3/ 100 = 3% 184.108.40.206 0/ 100 = 0% | 16 37ms 0/ 100 = 0% 0/ 100 = 0% 220.127.116.11 0/ 100 = 0% | 17 34ms 0/ 100 = 0% 0/ 100 = 0% 18.104.22.168 0/ 100 = 0% | 18 39ms 0/ 100 = 0% 0/ 100 = 0% 22.214.171.124 1/ 100 = 1% | 19 35ms 1/ 100 = 1% 0/ 100 = 0% nf-in-f104.google.com [126.96.36.199] Trace complete.
So what is the output showing?
In this case I’m loosing 2% of packets getting to my service-provider-pe-router-01 and a further 3% at one of the later hops (probably a network interconnect) later down the chain.
When PathPing is executed, first section shows the route for the traffic, as would be shown by
PathPing then displays a busy message which will vary based on 25 seconds per hop to the destination, during which time it will gather information from all the routers previously listed and from the links between them. At the end of this period, it displays the test results.
The two rightmost columns — “This Node/Link Lost/Sent=%” and “Address” — contain the most useful information.
The loss rates displayed for the links (marked as a “|” in the rightmost column) indicate losses of packets being forwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by their IP addresses in the rightmost column) indicate that those routers’ CPUs or packet buffers might be overloaded. These congested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software routers.
The raw data that PathPing obtains describes how many ICMP Echo Requests are lost between the source and an intermediate router. The diagram below shows how PathPing estimates the per-hop loss statistics. While at first this calculation might seem trivial, it is complicated by differences between the forwarding code path and the code path taken in responding to ping packets (ICMP Echo Requests/Replies).
The horizontal lines indicate the “fast path” of a router, which is taken by packets that are not sent to or from the local computer. That is, the fast path is the code path taken by transit packets that require no special processing other than forwarding, and is highly optimized for such packets.
In the diagram, the vertical lines indicate the extra processing taken when an ICMP Echo Request is sent to the local computer. This kicks it out of the fast path and delivers it to an ICMP module (often using separate queues and processors). Assuming no packets are dropped due to queue overflows, the ICMP module then generates an ICMP Echo Reply, which is forwarded back to the original sender.
Since packet loss can occur in the path indicated by the vertical lines (but such loss does not necessarily imply loss on the horizontal forwarding path itself), the raw numbers obtained from pings do not by themselves determine end-to-end packet loss. For example, pinging an intermediate router might create a 10 percent loss even though no end-to-end packet loss is occurring. PathPing’s algorithm uses the change in values from hop-to-hop to estimate actual per hop loss rather than losses in the higher-level router components. This actual per hop loss is the result provided in the “This Node/Link” column of the final PathPing report.
Prompted by some fellow Networksy types, (Jeff and Jeremy), who’s recent entries on the contents of their toolbags I found extremely interesting; I thought I’d go through mine as I have a few unusual items!
Starting with the fairly standard stuff:
Good old fashioned and simple wire strippers. These ones have an adjustable lock to stop you stripping too much cable unintentionally.
Then of course the RJ45 Crimps. Nothing too fancy, just cheap and practical. I have never needed to crimp an RJ-11, so all I need are RJ-45 ones.
A standard set of Cisco Console cables; I tend to have a couple of brand new ones as well as tried and tested ones in the box, as I often end up leaving them behind attached to “core” devices, so there’s at least one on any site that we touch.
A good old Krone punchdown tool. My old and trusty one is starting to be a bit tempramental now when it comes to cutting the wires, so I’ve recently added a new one which has yet to be christened. Fortunately I don’t need these THAT often!
The quite rare and exceedingly valuable lesser spotted Cage-Nut Tool. I try to keep hold of these as they have a tendancy to vanish from my toolbox when other engineers realise what they are and how useful they can be! Most decent brands of Rack seem to come with one, so I’m not sure quite how they are so rare. Maybe they live under datacentre floors along with the cage nut eating mice?
Some Cage Nuts/Bolts, and some Velcro ties, have to try and keep things nice and neat now! 🙂
This one is a relatively new2 addition, a freebie I picked up at Infosec this year, but it replaces a rather worn and similar one.
I usually keep a handful of these Couplers at the ready. I’ve used them for all sorts of strange purposes over the years. Everything from extending Cisco Console Cables for those REALLY hard to reach devices, to temporarily connecting cables in lieu of an IP Phone with a built-in Switch.
I probably don’t need to explain why these are here, but it’s a good “just in case”.
Always a good standby, but I keep some of these 6″ Cat5e cables, they seem to come in handy all over the place!
A mixture of Adapters, Gender Benders, Modem Eliminators, RJ45-RS232 adapters, and Loop Tools.
Now on to the slightly more interesting stuff!
I’m not sure what this is called; I managed to pick this up several years ago when doing a project involving opening and unboxing over 1200 new IP Phones which were boxed in boxes of 4. The sheer quantity of cardboard and the number of boxes to be opened quickly caused fingers to be cut to shreds and fingernails to be damaged, but this really made life so much easier.
I’m always equipped with a USB Memory Stick, simply because my lanyard with my Swipe Card on it has one built in. This was a Promotional item from a supplier a couple of years ago, and has 1Gb storage, which is plenty for most things I’m likely to need.
This one is so valuable when trying to trace cables and find those frustratingly misnumbered ! I stick with this slightly older model because it has both an RJ45 connection, and a set of Croc-Clips for wiring only checks.
Not sure if I’ve spelt that one correctly! 🙂 The Butt is becoming less useful these days in the “modern” world of IP Telephony, but it’s still useful to have for tracing Wires and Analogue lines.
A fairly standard Cat5 cable tester. I haven’t had cause to use the older BNC style cable tester for some time, but this one is a two-part unit for testing local cables or entire cable runs, and will identify Straight Through or Crossover cables.
I added these some years ago after myself and a colleague were working in a building, one of us in the Patch Panel / Comms Room, and another person at the other end of a cable run. I actually have a set of four but keep two in my Toolbox and two at home.
An all-in-one unit for most sizes of star type screw, this one is a really useful one to keep handy.
Again an all-purpose tool which has a multiplicity of uses! I tend to use the conductivity test and Voltage readings most of the time, but it has saved me from a nasty shock on at least one occasion!
This one is in the spirit of keeping things tidy! I sometimes have cause to use the plastic surround which wraps a bundle of cables in a protective sheath. This is the special head which is used to apply the covering. It opens up and is clipped around the cables to be protected, and the sheath slides over the protruding knob. You then slide the head along the cable while pushing the protective sheath on to the head and hey presto, the cable is all nice and neat and protected.
The MiFi is used to get me Internet connectivity in places where corporate network connections are not available, or too slow. You never know when you’re going to need to download a different IOS image, and if the Network is broken – well you simply have to have an alternative. It’s often also faster than Hotel Wifi as I can get up to 8Mb all to myself on this, depending on how good the 3G coverage is at the time. The USB extension cable is used to get to those really hard to reach USB ports from time to time.
Interestingly I note some of my peers keep a Flashlight in their tools; this is my equivalent. With an elasticated head fitting, it can go over my head to give me hands free illumination while working.
I’m not sure where I picked these up, or what their proper purchase is, but they are ideal for temporarily holding some cables “up” together in the back of a rack somewhere. The metal clips will hook on to all sorts of things, and the Velcro at the bottom keeps the cables secure.
Used for connecting directly to the Laptop and transferring stuff straight to/from a CF card before putting it in a Router or Switch.
This is a specific tool for a certain brand of UTM appliance. It’s credit card sized but fairly thick with a push-out USB cable head. Plugging it in to the USB port on an appliance will cause the appliance to reset to it’s factory default, so the ultimate in password reset tools I guess!
And lastly a collection of Miscellaneous Widgets including some Permanent Marker Pens, a collection of Batteries, a standard USB Memory Stick, a Wireless USB Network Adapter, and a GLC-T GBIC.
That’s all. I’ve not shown the “boring” screwdrivers, or must have label printer etc which are probably an ever present feature of most Network Guys’ toolkits. My only problem at the moment is that I don’t have a proper “box” to put all the tools in; I’d like one similar to this Stanley one, but currently this is all in a plastic crate at work which will slide in to the back of the car nice and easily if needed.
So, what’s in your Toolkit?