As a junior network engineer at a university I wrote a lot of management scripts in Perl. I had scripts to do things such as check switchport configurations and upgrade switch code. Times have changed a lot since then. The university’s web server now runs in the cloud, rather than on my personal workstation, and Python has surpassed Perl as the scripting language du jour. Network automation now has a major focus with Python as an extremely important tool.Today I’m going to show you how to use Python scripts hosted on the box and integrated into IOS. This is far more powerful than my earlier-career scripts, and I have some simple examples for PCI compliance, Dynamic DNS ACL updates, and configuration validation.As with many things in IT, we seem to be continually oscillating between “centralized” and “distributed.” On-box hosting of Python scripts is an example of moving back toward distributed. My view on the argument … [Read more...] about How to Use On-Box Python Scripts for Cisco Devices
It’s easy to get typecast in the tech industry. Flagship products and services often become the focal point for how we know and relate to companies and brands. Intel is known for processors, but a closer look at both the company’s website and google search results quickly proves otherwise. The same goes for Microsoft, Oracle and many others.Cisco Systems is known for its gold standard networking hardware. When people think of Cisco, they tend to think of routers and switches. However, the company is much more than that. Cisco is also a software company.Cisco owns DevNet, a developer community led by the one of the tech industry’s brightest and most inspiring women, Cisco VP Susie Wee. She also serves as DevNet’s CTO. At Cisco’s DevNet Create Conference in San Francisco, Wee and her colleagues produced Cisco’s first IoT and cloud developer conference where they unveiled their incredible developer ecosystem that uses the Cisco network, and a broad … [Read more...] about Cisco’s DevNet alters collaboration playing field
On June 20th, Cisco unveiled “The Network. Intuitive.” and with it is "Introducing an entirely new era of networking." If you're like me, you’re likely intrigued and asking yourself, “How do I get started?”A great first place to start is to read the overview of what’s new in IOS XE written by my co-worker, Jeff McLaughlin in "The New Network – It’s for Developers!" In his article, Jeff talks about four features of IOS XE that provide developers new capabilities and options for working with IOS XE. They are: Zero Touch Provisioning NETCONF/YANG On-Box Python Application Hosting With these new features, one might say “the sky is the limit” or “you’re only limited by your imagination.” While true, it can be a bit daunting for an experienced network engineer new to network programmability. I’ve been working in the “Software Defined Networking” space for a while now and I still find myself … [Read more...] about The ‘New’ Network? But I Grew Up in the ‘Old’ Network. How Do I Get Started?
With Open IOS XE, Cisco is changing the gameOld-school network engineers probably remember the Cisco 2500-series router. It ran a slow Motorola 68000 CPU, the monolithic IOS operating system, and did one thing only: route packets.Routers and switches have certainly sped up since then, and the operating system has been modernized, but networking hasn't changed much otherwise. We still use CLI and SNMP to manage our networks the same way we did in the 1990s.With Open IOS XE, however, Cisco is changing the game. We now support powerful programmable interfaces like NETCONF and YANG. We can easily on-board devices without tedious manual configuration, and we can host Python scripts and applications all directly on the box.Day 0 Provisioning If you were given 50 switches to configure, how would you do it? If you're like most network engineers, you would configure one, paste its configuration into Notepad, tweak a few values, paste that back into the next switch, and repeat. Aside … [Read more...] about Programming the Network: It’s a Whole New World
With Open IOS XE, Cisco is changing the gameOld-school network engineers probably remember the Cisco 2500-series router. It ran a slow Motorola 68000 CPU, the monolithic IOS operating system, and did one thing only: route packets.Routers and switches have certainly sped up since then, and the operating system has been modernized, but networking hasn't changed much otherwise. We still use CLI and SNMP to manage our networks the same way we did in the 1990s.With Open IOS XE, however, Cisco is changing the game. We now support powerful programmable interfaces like NETCONF and YANG. We can easily on-board devices without tedious manual configuration, and we can host Python scripts and applications all directly on the box.Day 0 Provisioning If you were given 50 switches to configure, how would you do it? If you're like most network engineers, you would configure one, paste its configuration into Notepad, tweak a few values, paste that back into the next switch, and repeat. Aside … [Read more...] about The New Network – It’s for Developers!
In 1994 and 1995 it was Boyz II Men, Pulp Fiction, and the TV show Friends. I was working as a network technical support engineer, and my team had two key accounts for which we were on the hook, 24x7. One was a large financial institution, and the other was a big healthcare organization. Both kept us very busy all the time. Looking back, and thinking about where we are now, I wish I knew how to do some of the network automation available today. Our lives could have been so much easier. What’s cool is you can start learning about network automation and coding today – if you haven’t already. And that will put you way ahead of the game.In 1995, like most everyone, we configured switches and routers by using a terminal emulator on a PC, connected via the console cable. 96, 8, 1 and None – right?! For the financial institution, we had an interesting situation where we had outsourced on-site visits to a 3rd party provider, which didn’t know how to … [Read more...] about Network Automation Confessions of a Support Engineer
PENETRATION TESTING is a standard method for evaluating an organization's network security posture. These assessments can be performed from the standpoint of a malicious insider on the corporate network or a malicious outsider trying to compromise systems from the Internet. Some organizations perform these tests internally, but most hire outside consulting firms. In either case, because there is no standard method of performing a penetration test, the quality of the results depends to a great extent on the knowledge and skill of the penetration testers on the job that day. Core Security Technologies has addressed this problem with Impact, a penetration testing framework that allows organizations to share knowledge and provide consistency across testing engagements. Its ease of use, innovation, and flexibility earned it a Deploy rating in our tests. Core Impact tackles penetration tests in seven steps: information gathering, information analysis and planning, vulnerability … [Read more...] about Core makes an Impact
Regardless of the size of their enterprise, administrators worry whether the clients on their network comply with mandatory policies, which include having properly set permissions and meeting requirements for firewalls, spyware, spam filtering, and the like. Administrators must also ensure that required applications are loaded, up-to-date, and properly licensed. And, of course, they must make sure that users aren’t running prohibited software, such as MP3-sharing applications and video games. If that sounds like a lot of work, it is. Fortunately, there are products available that help with these tasks. Among them are InfoExpress CyberGatekeeper LAN 2.0 and StillSecure Safe Access V2.0, which we recently had a chance to put to the test. Both security solutions provide audit capabilities and move clients to a quarantine network as necessary. Furthermore, each has a rich reporting structure and performs deep registry inspection. Unfortunately, these two products are, at best, … [Read more...] about Keeping clients honest remains a struggle
By now you've either seen them or read about them. Companies are selling all kinds of useful appliances based on embedded Linux. Some are for small tasks like wireless APs, mobile devices, or cell phones. Others are geared towards enterprise needs like load balancers, routers, and NAS (network attached storage) and SANs (storage attached network). They all run some version of Linux or BSD. You know you have a couple of Linux geeks working for you in the IT department. Why aren't they coming up with some of these cool Linux appliances for your own company to use? The excellent Debian Router project by Vadim Berkgaut is the help that your Linux admins need to develop their very own Linux appliances. At my company, q!Bang Solutions, we provide all types of IT solutions, but our strong suit is our solutions built upon Open Source software. Our employees have used the Debian Router Project (which we refer to as "DebRouter") to build numerous solutions, including firewalls, OSPF and BGP … [Read more...] about Secure Linux Appliances in Your Enterprise
Once upon a time, using open-source servers and applications for business was frowned upon in many circles. Today, you’d be hard pressed to find any sizeable infrastructure that doesn’t leverage open-source code in some form or another, be it a few MySQL databases, Apache on the Web servers, or a pile of Perl, PHP, Ruby, or Python applications holding things together. But there’s one place in the modern enterprise infrastructure where open-source solutions have yet to make a sizeable dent, and that's in the very network that connects all of these pieces. Of course servers and network appliances such as routers and firewalls are fundamentally different animals. Servers are large, disk-laden, high-powered computers with Ethernet interfaces, running full-blown operating systems and applications ranging from light Web servers to heavy duty databases. Routers and firewalls are slim little appliances that have no disk, run highly optimized and controlled operating systems, … [Read more...] about Open source on the wire
In the real estate world, the mantra is location, location, location. In the network and server administration world, the mantra is visibility, visibility, visibility. If you don't know what your network and servers are doing at every second of the day, you're flying blind. Sooner or later, you're going to meet with disaster. Fortunately, there are a plethora of good tools, both commercial and open source that can shine much-needed light into your environment. Because good and free always beats good and costly, I've compiled a list of my favorite open source tools that prove their worth day in and day out in networks of any size. From network and server monitoring to trending, graphing, and even switch and router configuration backups, these utilities will see you through. [ Need a Linux that can boot from a pen drive, run in a sliver of RAM, rejuvenate an old system, or rescue data from a dead PC? See "Specialty Linuxes to the rescue." Read about the very best open source software … [Read more...] about Killer open source monitoring tools
The longest-running open source conference, OSCON, will be heading to the San Jose Convention Center this year. For those who have not been to OSCON, it's a great technical conference covering the whole spectrum of open source, including Linux, MySQL, the LAMP stack, Perl, Python, Ruby on Rails, middleware, applications, cloud computing, and more. OSCON always has great keynotes, tutorials, and evening Birds-of-a-Feather session. As with many conferences, a lot of the meat takes place in hallway conversations and impromptu sessions. [ Keep up with the latest open source news with InfoWorld's open source newsletter and topic center. ] [ Intel, Apache, Amazon, and more: See the 2017 open source rookies of the year. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]O'Reilly has been promoting the conference with some healthy registration discounts -- use the os09jul4 code to get 40 percent off by … [Read more...] about OSCON relocates to San Jose for July 20-24
If you happened to read my Deep End blog earlier this week, you know I'm currently in a bind with a large WAN project. Cisco's ASA shortage has been threatening to leave me high and dry, with the very real potential of live circuits in three major metropolitan areas going live with no hardware to plug into them. The immediate fallback plan is to use pfSense running on workstation-class systems to at least test the circuits. The problem is that there's little time to get this project done, and a shortage of Cisco ASAs means there will be virtually no time to stage and test the hardware before I hop on several planes. Out of desperation, I explored the current state of Cisco IOS emulation software -- specifically open source tools. I found that GNS3 has come a long, long way since the last time I used it. In fact, it's become a simply fantastic tool for network administrators of any stripe or skill level. [ So many problems, so little time -- Cisco back orders, the Terry Childs verdict, … [Read more...] about Emulating Cisco networks for fun and profit
After three years under the radar, secretive Cumulus Networks has finally emerged from stealth mode. Founded by ex-Cisco and ex-EMC VMware engineers looking to shake up switched networking by leveraging Linux and commodity network hardware, the small Silicon Valley startup turns out to be a software company. Cumulus will sell only software -- namely, Cumulus Linux -- and support. The hardware can come from any vendor you like, and Cumulus has a list of compatible switches to choose from. These aren't expensive, proprietary switches like those you'd buy from Cisco, but switches based on merchant silicon from original design manufacturers (ODMs) such as Quanta and Accton. However, you might find that these switches bear a striking resemblance to switches from major market vendors. This is because ODMs manufacture those switches that are then rebranded and loaded with software. To deploy Cumulus switches, you purchase a software license, buy your own switch from a hardware vendor, load … [Read more...] about Cumulus Networks unveils ‘Cisco killer’
SDN (software-defined networking) promises some real benefits for people who use networks, but to the engineers who manage them, it may represent the end of an era. Ever since Cisco made its first routers in the 1980s, most network engineers have relied on a CLI (command-line interface) to configure, manage and troubleshoot everything from small-office LANs to wide-area carrier networks. Cisco's isn't the only CLI, but on the strength of the company's domination of networking, it has become a de facto standard in the industry, closely emulated by other vendors. [ Also on InfoWorld: Teach your router new tricks with DD-WRT. | Get expert networking how-to advice from InfoWorld's Networking Deep Dive PDF special report. | Subscribe to InfoWorld's Data Center newsletter to stay on top of the latest developments. ] [ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan. 15, 2017: … [Read more...] about Will software-defined networking kill network engineers’ beloved CLI?
Game on: Cisco has acquired spin-in Insieme Networks for up to $863 million, depending on revenue targets, and rolled out a family of its switches that are the network giant's strategic answer to the growing software defined network movement. And as expected, that response -- ACI (Application Centric Infrastructure) -- is largely hardware-based, with a new line of application aware Nexus 9000 switches supporting custom ASICs and/or merchant silicon, depending on what you want to do with it. It also includes a policy controller called APIC (Application Policy Infrastructure Controller) for assigning service levels and access privileges to applications, a new version of Cisco's NX-OS operating system and a multiplicity of big name endorsers, including BMC, Computer Associates, Citrix, EMC, Embrane, Emulex, F5, IBM, Microsoft, NetApp, OpsCode, Panduit, Puppet Labs, Niksun, Red Hat, SAP, Splunk, Symantec, VCE, and VMware. (See our first look slideshow of Cisco's product.) [ InfoWorld … [Read more...] about Cisco takes fight to SDNs with bold Insieme launch
Why Enroll in Online IT Training? Online IT training programs have been popular for quite some time, and for good reason. Professionals need classes that can work with their busy schedules. If you are employed in the IT field, it's unlikely that you have a lot of extra time to show up on a campus or in a classroom when you may just need some additional guidance to learn a new programming language or software. Online training platforms allow you to take courses at times that suit your needs, such as evenings and weekends when you're not already in the office. Options like Microsoft's Virtual Academy, Skillsoft and Pluralsight offer training in subjects such as cloud infrastructure, IT security and creative suites like Adobe. If you are looking to move into the IT space and are working full time, online computer training provides you with educational resources and certifications that can help you get situated in a new career. All professionals and students can appreciate the convenience … [Read more...] about Best Online IT Training Services Review
Want a pay boost? Pick up a new skill. Which one? Go, Scala, and big data skills like Apache Spark and Hadoop are all good places to start, according to PayScale, a salary-tracking site for IT and other industries. PayScale used its pay-tracking database to determine which job skills provide the largest average boost in pay, and presented the results in its 2016 Workforce-Skills Preparedness Report, "Leveling Up: How to Win in the Skills Economy." [ Also from InfoWorld: 10 hard-core coding tips for faster Python. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ]Go and Scala help bring it on home It's no surprise that IT skills were among the most highly valued; that's been consistently true, even during the economy's rockier years. Of the 25 skills ranked by PayScale that provide an average pay raise of 11.4 percent or better, all but two of the top 10 were IT skills. The biggest winner, which delivers an average pay jump of 22.2 … [Read more...] about Want to boost your salary? Learn Scala, Golang, or Python
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails. [ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server. Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:[email protected]:port/file.ext. However, it turns out that the built-in … [Read more...] about Java and Python FTP attacks can punch holes through firewalls