Looking ahead to 2013

With 100+ post in the last 3 years tracking my progress and adding a little bit more to the contents to this blog, I want to thank you all for your support and comments. Special thanks to those who have been following me on twitter.


I want to thank all the people with whom I have worked with. It has been an absolute pleasure.
I look forward to contribute more to the networking world.

Highs of 2012

I have worked for 3 different organizations in this years. I have had the pleasure of working with greg ferro. I have worked across a range of technologies but Routing, Switching, MPLS & Datacenter technologies being the center piece. I was in the UK the entire year not missing the games held this year. The amount of technical learning I have had was immense and the amount of learning in corporate politics was also huge. I have built some great relationships during this year both personally and professionally.

Lows of 2012

I have not lived life to the fullst. I have not had the amount of fun I should have had. I should have planned better for some projects and a little less for others. The biggest was missing out on preparing fully for CCIE Security

Looking ahead to 2013

I am looking forward to attain 2 more CCIE in the span of next 3 years i.e Triple CCIE by 2015.
I am looking at CCIE Datacenter and CCIE Security. But Datacenter will be the core.
I will be blogging a lot. There will be a lot more technical writeups.
I will be co-authoring some posts on DCN360 which will be datacenter only  posts.
I am looking forward for your continued interest to ccie-dash blog and more interactions.
I  hope and pray the year ahead brings lots of joy and success.

I pray and wish each and everyone reading my blog a fantastic year 2013 .

Network Security & the year ahead - Part 1

I have been tremendously busy sculpting away design for datacenter spanning across the globe. I have been working across timezone to the point that I sleep and wake up at different time everyday. My body is taking the toll but the sheer pleasure of visualizing and implementing the DC keeps me going.

I truly believe network security will be the primer for me the year ahead along with the datacenter  designs. Security has become important as it was never before. With the innovation in technology and devices the amount of restriction you can pose has gone down, which means you need to watch every packet and beef up the security but at the same time not compromise on the throughput of your network.

Cisco and other vendors are constantly coming up with new devices and technologies to keep the networks safe. But every customers network is different and every customers ability to invest is different. This is where we need to understand how and what to deploy with a certain product or should i say products.

Think of security and the first obvious thing to pop in the head is the firewall. The first line of defence is always the firewall. It is always best to visualise a multi vendor firewall design so that if one gets compromised the other will protect and vice versa. In other words one firewall to keep all the nonsense of the internet out and the other to inspect the assumed legitimate traffic is legitimate.

Going in with a multi-vendor approach increases the investments to be made, but again there is a option of using vendors or ISP themselves who provide managed perimeter security.

Firewalls are not the only security measure,With security requirements at its peak, I beleive security needs to be  classified into different categories namely;

• Datacenter Security - This is a broad classification but mainly deals with a core DC being setup
• Branch Office network Security - This might be small to large branch office where only users work out of
• Enterprise network Security - This will comprise of large enterprise with a large variant of users and equipments being used
• Remote Access Security - This comprises of security when remote users connect to the office
• Inter Connectivity Security - This might be a layer 2 or layer 3 link that connects two offices or DC
• Access Security - This deals with the ability of users and equipments to access the network
• Communication Security- This deals with messaging

It may not be fancy terms but this is the way I  dice up security whenever I design networks. It is imperative that each of this has varying needs, except for that they need to be as secure as possible.

Network Security is a Horizontal that spans across different types of networks.

It is very interesting to see the videos of hackers looking for information on the honeypot systems. It is very important to understand the weakness of the protocols, which will help us enable secure them.Using case studies of networks which were compromised, we can try and understand what the weakness was, how they exploited it, what defence was in place & what was the solution/workaround.

I have noticed that once there is a weakness or flaw in the security that is exploited this information seems to spread rapidly across the blackhats. But unfortunately the same is not true with people who secure the network. Anybody can become the victim of the same exploit.

Being the best Network Architect

Certifications, six month goals......... I was being too near sighted. Taking one thing at a time is fine but i really need to work toward my bigger goal, which is being the best " Network Architect ". Its not merely about knowing & learning technology, although that plays the significant role. I really need to go on a intense leaning curve next few months & couple of years. My steps should set me up for the next 20years where I can really work on world class & cutting edge networks.

Its more about seeing the big picture, planning & the approach we take. In simple terms we can call it design, but I am interested in both the HLD & LLD of things. I really need to analyse lots of network requirements. Put in my own thoughts of how I would approach a network build, how they are actually built, what are the best practices.

I have had the opportunity to do a lot of planning for DC build, which is excellent. The kind of exposure I have had in the last 12months after being a CCIE is phenomenal. I have had a honeymoon period where I had the time to do things at my own pace. But I am sure going forward I wont be having that luxury.

I see that I am gaining everything I need to be a network architect. Its only a matter of how I build on it & improve myself. I am very excited & really looking forward to a successful move toward being a network architect.

I think this post will hold truth & value when I get a job which on paper gives me the designation as 'Network Architect' for a fantastic network & obviously with a nice fat paycheck.

A year of being CCIE

I complete one year of being a CCIE.
After 3 failed attempts & countless hours of labbing & reading I finally became a CCIE.I have enjoyed the respect and the responsibilities I have been getting as a CCIE. It has taken me half way across the world to new land of opportunity. Not much of a spike in terms of cash inflow though :-)

I have been enjoying the luxuries of life & the things CCIE has given me !! But its time to boot up & move on. Take up more responsibility & not rest on my laurels. The aim is to move on get my CCIE Security followed by CCDE. This is the long term goal. This is where I see myself. I need to blog a lot. Need to come up with a plan to get rolling with my plan. I cant be intense in my study post this year because I need to spend time with my family. So I need to make this 6 months count.

I will blog more & more technical content, which is the way i can contribute to the network community. All said and done back to the Euro2012 game :-)

CCIE Security prep will just get expensive

Well if you are like me relying on online racks to prepare for the lab then you are not going to be too happy !! With the introduction of CCIE Security v4 exam there comes the need for addition & refresh of the equipments used.

It is still a question as to how many will cater to the new format with workbooks & scenarios. But when you look at the Rack Rental side, things will get pretty expensive with an hour worth of rack rental costing you as much as the current whole session itself !! Yes, procuring new equipment & software is expensive but with demand comes the need to price them competitively. I did reach out to my favorite rack rental company... was happy to know they will support the new format & equipment ..but was a lil worried when I got to know the pricing.

It will be interesting if some of the vendors can continue to provide the v3 only labs alongside the v4 labs. This way if you are practising scenarios that do not include the new equipment it will go light on your pocket.

This has got me to think .. what is the best way forward & how much i need to invest in this !!

Cisco Firewalls ... Here I Come

I will be offcially starting with my Firewall concepts of CCIE Security journey from 1st of June. As a first step, I got the Cisco Firewalls book by Moraes. I read lot of good reviews about this book & instantly decided to buy it. This book is very current & covers design & implementation of cisco fiewalls. The book seems to be well balanced with lot of descriptive scenarios. However, this book only covers the network protection aspects, it does not cover the VPN & other features that can be enable using the cisco firewalls.

My goal of progressing towards CCDE, CCIE Security & CISSP is in focus. After effectively wasting April & May ,I hope to make some productive inroads by spending 4 productive hours per day studying.

After 1 year of enjoyment, here we are again for CCIE DASH

Network Chaos & Storm control

I ran into a little bit of network issues about a week ago. The core of the network was strained because of some broadcast storms. Dint realise it initially, it was kind of start-stop. But eventually when I di identify the root cause, I isolated the problem point & applied storm control. Well, if you are reading this & thinking isnt storm control supposed to be part of your basic config for core switches.... It is !! But here ,it was a case of someone stripping the config off and making some bad connection & bad configs(its a big boring story lets forget it for now)

Now the intersting part of storm control is that if you get too aggressive you get no packets flowing !!I wanted not broadcast storms & tried to control the broadcast to 0.1%. But what I realise was that I was telling the switch the number of PPS that it could pass through & when you mention it as 0.1 it takes it as '0'.

So the cli I used was storm-control broadcast level pps 0 which in haste  was  clearly wrong. What this does is that it blocks even the ARP requests that are sent as broadcasts. So eventually your network is alright but no data flows because the arp is not happening.

I eventually modified it to allow the desired level to pass thorugh. It was funny and intersting though how when you get too aggressive with the controls the packet flow is interupted.

Let me know if you have some intersting experiences like this or how you have utilised storm control or other mechanisms in non generic core part of your network.

CCIE Data Center

The much awaited CCIE track in the data center field is finally here !! The Beta version of the track will be avialable from may to 15th of june. The exam is also avialble in the cisco live event held in san diego.

The Track itself looks exciting & is very comprehensive. I was looking forward for this track but now its going to be a challenge preparing for it. The exam details can be found in the following link hosed in the cisco learning network.

The written exam is fairly straight forward & covers all the topics to be known. The lab exam is extravagent. It covers every concept in an datacenter environment, @least the ones I have seen !!

Looks exciting , hopefully I get enough experience & hands on to take up this CCIE !!

CCIE Security 4.0

Few months ago I had listened to CCIE Security program manager Natalie Timms in a podcast by packetpushers. She hinted about the changes coming in to the track.

Finally some formal news from cisco website on the CCIE Security 4.0. They have not released the blueprint of the tracks but definitely its going to be out this year !!

You can find the information here

Some of the highlights of the new track include securing wired, wireless, voice, video, multicast, ipv6 and other managed services.

I cant wait to get started on this new track !!

CCIE Security fully Re-loaded !!

Update on  06/06/2012

Finally the CCIE Security 4.0 blueprint is here. The exam will be available from November of 2012.
I see a lot of people panic when there is a new format of the exam released which to me is pretty weird. Enjoy the new topics you will be leaning & ploughing through your lab -- This is what makes you the expert.

The Written blueprint can be found here & the Lab exam here. The interesting part is the Lab equipment list which can be found here.

I will add  new blog post after further analysing the content of the exam. Cheers !!

why UPOE will go a long way

With cisco bringing out the UPOE with 60watts of power per port, it is laying the road to a new way of doing IT & triggering the deployment of virtualised desktops in a exponential way. IP Phones, Hi Def Surveillance equipment, wireless AP all with better power requirements and higher bandwidth will leverage this. With Virtualization being the buzz word, I am excited to look at virtual desktops being deployed all around. Not just that but power being derived from the network and not having specific power points will look good ;-). This would also enable quick setup of end user computing space. This could be the radical game changer for cisco if this works and is efficient as we all beleive it is. With the ability to switch off devices when not used and save power is an advantage all the way.


It will be avialable on the c4500E, 120 ports with 60watts each. It may be on the expensive side, but I believe organizations should be able to afford it to leverage the benefits. Agreed costs do play a vital role, but the larger corporation looking to save power will feast on this.

It was interesting to see HP response to UPOE. While UPOE may not completely necessary today ...it is for the future. I don't completely agree with HP. While there is a certain percentile of power dissipation observed not as high as stated by HP, the savings in terms of usage of power will be the key driver & Lets not forget the 802.3az EEE.

With Engerywise this will give cisco an edge over its competitors. I am sure all the other vendors will come up with their own standard of providing higher power over Ethernet or this might become the standard all other vedors would adapt.

This is definitely something to watch as it will fuel the new way of IT.

2012 The Year Forward !!

Happy New Year everyone !!!

Its already 2012 :-) and I am looking forward from both personal and professonal perspective ! Its going to be an exiting year ahead !!

6 Months of being a CCIE

Its already 6 months since I got myself CCIE certified. It has been a exciting drive down this road. I have got the opportunity to work on 2 different projects and it has been a steep learning curve. I have had the opportunity to work with the best mind in the ethereal world. From both a technical front and process front it has been enriching.
It has changed the way I think and look at the network setup. It has got me pushing to get the network setup in the best way i can.

The Road Ahead

Security is an indispensible part of any network being setup. I am looking forward to learn juniper firewalls and the various ways they can be deployed.IPv6 is the road ahead, with the depletion of IPv4 space, I am looking forward to make the ipv6 deployments & getting them to work with ipv4. Datacenter is the hottest thing & will be for the next 2 to 3 years I am really looking forward to work in this area inside out.

Triple CCIE

CCIE Security and Datacenter tracks are the ones I am looking at, well @least this is the plan. This is the area I want to be certified in, but will take it one at a time.

There is going to be a lot of blogging and studying and playing around with technology for 2012. With Cisco bringing out the newer tracks in both security and datacenter, its going to be one of the most exciting years of my life.

I wish the best of life for all my readers :-)