pigeon faster than the internet - official!

This is blatantly taken from Private Eye - originally spotted by David Dallison who saw it in Gulf News, 11/9/09.

"Internet speeds are hopelessly slow in South Africa," a spokesman for Unlimited IT told reporters in Pietermaritzburg, "because Telekom controls most of the phone lines, and the won't make the necessary investment to upgrade them. There's a national bandwidth shortage, so speed and connectivity are poor, and the internet is also expensive. That's why we decided to stage a contest, to see who could transmit data fastest - the Telekom internet system, or a carrier pigeon. "At the same moment we began trying to transmit data to our Durban office, we strapped a data card to theleg of an eleven-month-old pigeon walled Winston, and released him from our office here in Pietermaritzburg. He took one hour and eight minutes to fly 80 kms to our office in Durban, where the data card was removed from his leg and the information was downloaded. The total time taken was two hours, six minutes and fifty-seven seconds, by which time only four per cent of the same data had been transferred using a Telekom line. We've asked Telekom to comment, but so far they haven't replied"

Brilliant!

laptops - failures and warranties.

having recently had a laptop fail on me i was interested to notice annual stats showing that a third of all laptops fail over a three year period. I have allways been an advocate of extended warranties (as much as it pains me), and this definately re-inforces that view.

whilst the stats are put together by a company that sells warranties there is some useful information on what is the most reliable make. Its worth knowing that laptop parts can be insanely expensive - a logic board or screen can cost almost the full initial value of the laptop. Accidental damage is also relevant. Some insurers include accidental damage, but not computer malfunction. Make sure you read the small-print as some insurers cover malicious damage only, but not other damage.

The study can be downloaded here:
http://www.squaretrade.com/htm/pdf/SquareTrade_laptop_reliability_1109.pdf

2008 r2 virtualisation

At the same time as windows 7 release, windows server r2 has also been released. Many have overlooked this as the 2003 r2 release provided little in the way of features. This time this is very much not the case.

Whilst 2008 added hyper-v virtualisation many criticised it for a lack of advanced features such as automatic high availability. The lack of these features has forced the implementation of costly 3rd party solutions (vmware/xen).

r2 addresses these issues by implementing them at no additional cost. The enterprise version allows you to run four virtual copies of winows server at no additional cost. This means you can install a second domain controller, fileserver, mailserver etc. all on one machine. Now the obvious issue here is that the single point of failure is the physical machine that the systems are running on. Here comes the clever bit. using supported storage medium. Now this traditionally means an expensive fibre channel SAN system, but these days high level kit is much cheaper and there are lots of options. Whatever route is chosen the result is a reliable box of storage space. It is then possible to plug into this shared storage two servers (removing the previous single point of failure) running R2. As they are running R2 which supports "live migration". What this means is that the virtual machine runs on machine 1. A mouse-click can cause the machine to move to the second physical machine without any reboot.

What is less well publicised is that as well as manual migration R2 also brings automated migration, so if a server dies then its machines will automatically move to the other active server. Obviously there are licensing implications in this, but clearly this is a must-have feature. What this means additionally is that old-school active/passive clustering suddenly becomes pointless, as paying money to have a server ready to jump into action is not needed. Instead the second server can run useful services.

This probably marks the beginning of a price war between the different offerings.

http://www.microsoft.com/hyper-v-server/en/us/default.aspx

windows 7 released tomorrow!

Its the release everyone has known about for ages, and as of tomorrow its finally available for retail purchase. I have been using as my main desktop since the release of the rtm both on my laptop and my media center pc at home.

Happily i can report (for the first time in a long time after being burnt in the past by new releases) that i'm still not having any major issues. The only current problem i am seeing is with firefox freezing. This is only a minor issue, and i believe its primarily going to be fixed by release 3.6.

its worth taking a look at Chrome Plus - http://www.chromeplus.org/ This takes the great google chrome browser and adds ietab. This is particularly useful allowing you to use the browser interface to access ie based websites such as Microsoft CRM or Outlook webaccess etc.

Energywise - Cisco's award winning energy saving technology

Cisco Energywise (http://www.cisco.com/en/US/products/ps10195/index.html) is a technology that allows owners of catalyst switches to monitor and actively reduce power consumption. With the correct application this allows a system administrator of a cisco based network to implement policies to manage power usage. Policies can be applied to throughout the network via catalyst switches. Here's a relatively painless flash demo: http://www.cisco.com/cdc_content_elements/flash/netsys/energywise/demo.html

Whilst with a smaller business this may seem a relatively unnecessary, Cisco has built energy efficiency functionality into its small business range of switches (formerly known as linksys).

object firewalls in cisco ios

Cisco firewalls were traditionally based on the old pix (currently the asa series), but a lot of people don't realise that the cisco ios firewall has the same capabilities and more including the same security certifications.

whilst the ASA series is an excellent option, many companies will save by implementing Cisco IOS based devices, because of the cheaper costs, but also because of the enhanced features available throughout.

More recently 12.4.20T onwards marks the integration of object based firewalls. These simplify access lists by allowing the reference to groupings of IP/networks and services.

We recently deployed this for a particularly complex set-up and were very pleased with the significant time savings, as were the internal IT team at the client.

here's an example of how it works:

object-group network MYSERVERS

description bank of smtp servers

host 192.168.1.2

host 192.168.1.5

!

ip access-list extended OUTSIDE

permit tcp any object-group MYSERVERS eq smtp

deny tcp any any eq smtp log

permit ip any any

!

interface fastethernet0/0

ip access-group OUTSIDE in

android phone

recently i've been playing with phones and have been lucky enough to get hold of the new android g3 devices the htc hero. From a business perspective these are essentially cheaper iphones using google's open source operating system. They are usually available for free on a business contract and unlike the iphone (currently although this is changing by the end of this year) they are available from multiple providers.

From our perspective they have the following important business features:
synchronise with microsoft exchange (htc have written an application that allows activesync to work through the internet - not all android devices have this). Importantly this removes the need for e.g. blackberry enterprise server or email subscriptions from your provider

built in wireless including bluetooth - obvious requirement to reduce data costs - reliability and ease of use is a factor here and i found some issues initially - upon unlocking the screen it would sometimes fail at connecting the bluetooth or wireless. This was fixed by a firmware update which has improved overall reliablity - check the version is 2.73 or above. Both before and afterward i found it would connect to my aging parrot bluetooth carkit wireless was easy to use and has worked first time on every connection.

phone use - no problems reported - seamlessly works with 3g and standard - its easy to disable data services whilst roaming (single checkbox in the settings) preventing unexpected bills. Call quality is fine. Battery usage is acceptable at a couple of days. The unusual looking charging input is actually a standard mini-usb so it can use standard charging methods. The touch screen is responsive and speaker volume acceptable. The buttons and lip at the bottom of the phone are actually handy on a phone.

applications - android marketplace has a wealth of free applications. It is definately worth considering a navigation package as the onboard compass and gps is very accurate. Google maps works very well, but i am not keen on paying for the data. Copilot 8 and sygic mobile maps work very well. My preference is definately the sygic option as its maps are superior. Both are cheap and useable with pedestrian options - i was able to use to find locations in Barcelona and London. Beware if navigating the alps in winter though as some higher roads become ski pistes!
There are also plenty of business applications including a free cisco vpn client. Internet browsing is also very good with the newer generation browsers allowing native internet browsing including facebook etc. two-fingered zoom in and out make browsing a breeze. overall navigation is very good including the on-screen-keyboard which can be calibrated if you have fat thumbs like me. Its worth noting that contacts can be integrated with facebook and its easy to implement multiple contact info per user. sms etc

It also automatically chains together sms from the same contact which is handy

overall therefore an excellent phone - easy to use, reliable and whilst overall it would benefit from a slightly larger screen i have no problem recommending for business use.

linksys switches have cisco cli!!

after getting very frustrated with the linksys gui speeds over a vpn i was surprised to find out that linksys switches have a cli that is very very similar to cisco telnet! Suddenly we could see the logs easily and ascertain the issues we were having to fix them.

to access this:

1. logon to the ip of the switch by telnet
2. from the central admin screen type "ctrl z"
3. "?" from this point will show available commands as per cisco, logs will also display - type "lcli"
4. authenticate
5. you are now in and can use ? and tab completion - use "configure" as opposed to "conf t"

windows 7 rtm upgrade surprisingly smooth!

last weekend i upgraded my laptop (vista business) to windows 7 professional. Although it took ages it was a surprisingly good experience. The only problematic software was cisco vpn client (fixed by uninstall/reinstall), and itunes which it warned about (needed to de-authorize before the upgrade). so far (touch wood) i haven't had any issues of any kind. I have been impressed by the new simple look and the new aero interface features. If anything the only annoyance was that i could not upgrade from x32 to x64 which is relatively minor.

I also upgraded my media center pc (ultimate to ultimate) which is where the most (un)noticeable changes have occurred there are some cosmetic changes - everything is a little cleaner and the toolbar access and sidebar gadget is actually useful.

the media center power pack improvements (red button etc) are all there and tuner-free mce works fine. avi's dont fast-forward still which is annoying.

i used to have problems with thumbnail generation in the video's folder which seems to now work fine and in general i would say the main improvement is responsiveness and reliability. All media functions seem reliable whereas in the past i have had many problems with cpu spikes indexing crashes etc etc.

Media center now just works! (apart from avi fast-forward).

eservice portal for dynamics crm deployment

i've been brushing up on my ASP.net skills recently. We have been using c360 portal for a while but needed something more flexible for a while. First of all we used this project - the free crmqueue service - very good! http://crmqueuemanager.codeplex.com/

Then i installed the basic eservice accelerator - http://www.codeplex.com/crmaccelerators/Release/ProjectReleases.aspx?ReleaseId=19956

The video is an excellent guide to the setup. Thereafter i used installed frontpage extensions (i used to dread these, but was very impressed) combined with visual studio to customise the deployment to our needs. I have since added a user management section, integration with our main site and am in the process of writing customised tools and reports for customers and our intranet.

You can't see much without becoing a customer, but here's the link anyway - http://support.pirantech.co.uk

crm and certifications

what have i been up to - well a slow month of chasing tails really:

crm update rollup 5 has been released including some fixes for the outlook client stability

we spent a long time fixing issues with crm:
1. when changing the account owner in crm it cascades changes to all child objects - as regards our system it changed all cases to be owned by the account manager and updated the modification (closure) date to be yesterday (all cases ever worked on were closed yesterday by an an account manager - great) obviously this messed our statistics up completely. luckily we were able to access the underlying database using a msdn blog hint and update the modification date based upon the date of the resolution.

The important thing is to change the default settings in the customise entities section for each entity so that cascade is disabled which prevents entity changes affected childs. What a horrible default setting - cant wait for crm v.5

2. another strange one is the smart matching - we use a program to convert emails to cases and send automated replies etc to let the customer know the case ID and about updates. the default crm action is to smart match based on the subject - if he customer emails our support address using the same subject it links it to the previous case (often closed sometime before). Another horrible default that will be fixed in v.5 (the hash timeout of the subject and sender will be configurable). The fix in this case is to disable smart matching which means a new case is always raised. If its a previous issue its possible to easily re-link the email, but at least the engineers see it. More details here: http://blogs.msdn.com/crm/archive/2009/06/23/how-to-toggle-smart-matching-in-microsoft-dynamics-crm-4-0.aspx

CCNP activities slowed down as some problems at cisco certifications meant much confusion about our partnership levels. Luckily we are fairly careful and pro-active in this area. Partnership speciality requirements have changed over the last year, but we are maintaining all ours - 4 exams had to be passed by me on my own let alone our account manager and other engineers here. We now maintain the following specialities:

• smb partner
• select partner
• premier partner (foundation express)
• unified communications express partner

and coming soon (now that i can get on with the real exams):

• routing and switching partner
• unified communications master partner

642-812 bcmsn

passed at last - fair few hsrp/glbp question, lots of lwapp - my lab had a problem after i had done all the work and wouldnt let me "copy running-config startup-config" which had me convinced i'd failed - but i scraped through all the same. Definately a much harder exam than i was expecting.

i have already started on the bsci (642-901), but got an email that i need to do a load of specialisation exams (ccna voice and the related specialisation exam) so a break whilst i do my ccna for the 4th time - at least it will not voice related questions!

Separately we are working on a approx 1000 user voice deployment at work based on 4 x 4507 and around 30 2960/3750 switches. We are working with an avaya specialist and covering subnet design and configuration and deployment. The only hitch we have come up against is ...

they use a server 2003 dhcp server which is clustered. each of the vlans (around 80) has a helper address configured. This was behaving unexpectedly and returning incorrect ip assignments for the vlan e.g. it would give an ip address for the 160 subnet on the 120 vlan resulting in connectivity problems.

Normally this is because a trunk port is configured to the dhcp server, but in this case we discovered the use of superscopes caused the problems. The answer: Dont use superscopes unless you know exactly what you are doing!

stp

stp is an important part of switching and a topic that seems simple at first. Unfortunately the more you look into it the more complex it gets.
Cisco have an excellent presentation (needs registration) that covers the topic in depth.
Very handy given the number of confusing explanations out there!
https://cisco.hosted.jivesoftware.com/docs/DOC-1755

wikipedia is also a good reference point - http://en.wikipedia.org/wiki/Spanning_tree_protocol

and this diagram is very helpful - such a headache from such a simple idea...
http://www.cisco.com/warp/public/473/spanning_tree1.swf

certifications

its that time of year and i'm renewing my cisco certifications again. I recently passed the cisco foundation express exam and am now looking at the unified communications express exam. In addition its finally time to start working on CCIE via CCNP.

Despite a strong interest in the CCVP i am going to take the routing and switching (R&S) route. I'm planning on taking the new v.4 exam which will be harder, but never mind. I should crack 642-812 pretty quickly as its what i do on a daily basis, and the other CCNP exams don't look too dificult given that i'm using the technology on a daily basis.

The hard part will be the cost of the lab equipment and materials. Basically i can boot-camp, home study the written exam, but will need actual access to equipment for the lab simulations. Here is where it gets really expensive - ipexpert and internet expert seem to be the best options for rack rental - in particular the vrack option.

otherwise i have to buy several expensive bits of kit (3560 switches in particular)... either way i've seen other candidates log hundreds and thousands of hours of rack time - remember the lab exam is 8hrs long including a 2 hr troubleshooting session - there are only ten locations the lab can be undertaken in. I think it will take around 18 months in all, so time to start saving...

if only there was a reliable way of simulating all the kit!

using a pc/wii/ps3/xbox 360 with a cisco router

Ive been using my pc and playstation for a while behind the 857 router i have at home, but have been annoyed by the lack of upnp for cisco.

upnp automatically maps ports on the outside of the router to the device inside, and opens the firewall. Cisco devices despite being the most powerful (obviously this is debateable) routers and firewalls known do not have this feature. This is annoying as consoles and gaming devices need to have ports forward for lots of games (i have had annoying disconnects from call of duty and left 4 dead and many others). This is also of use for voip servers/proxy's which do not work well with nat yet.

I have known a way of mapping an external ip to an internal ip for a while but have never tested. This weekend i had a chance to play after being prompted by some annoying problems whilst playing left 4 dead.

By default you use a nat translation with a nat overload to provide internet access on a cisco device. You configure a rule to determine what traffic is translated and then choose whether to translate over the external interface or a pool of ip addresses.

In parallel you create a static translation (otherwise known as a port forward) for internal services e.g. for internally hosted email or web services.

It is possible to do this on an individual basis or alternatively you can forward an entire external address and all related ports to an internal address. The nice point i found out is that crucially if you forward all ports then you appear from that chosen external ip.

Normally if you forward an individual port e.g. http or smtp, your traffic is translated so that it appears to have come from the default external ip assigned to the router/firewall.

If you translate all ports then your traffic e.g. for your ps3/xbox/pc/whatever then the source address is translated automatically. This is really good as otherwise incoming traffic arrives at the ps3, but the remote server is unable to tell your device from any other device behind the firewall, indeed it appears to come from a different ip from that which is port forwarded.

Obviously to work successfully this needs to be combined with a static dhcp reservation (or just a simple static ip address). I have now tested for 3 days (1 ip for my laptop, 1 ip for my ps3, and 1 ip for my media center) and every application works fine - in particular i no longer get problems when migrating hosts on call of duty!

Please note an alternative way of doing this would be to have only live ip addresses (and disable nat), but as my wireless is shared and i only have 8 ip addresses this is a better solution.

I should also note that i am able to use stateful firewall and access list to restrict traffic as required.

ip nat inside source static 10.1.2.3 4.22.33.33 extendable

update

i've been a bit quiet in the last couple of weeks as i've been revising for new Cisco Field Engineer Exam(642-383) required for the cisco foundation express partner specialisation. I passed with 94% which was good, although not surprised as its very similar to the previous incarnation. When i did it previously i had to do lifecycle services which was a horrible exam, but is now integrated with the field engineer exam. Lifecycle services related questions were not too bad and overall its pretty easy. There are some horrible questions which are debateable and its already a dated exam as it refers regularly to SDM which has been superceded by professional. Quite a lot on wireless provisioning, but nothing too difficult. Looking forward to doing some updates on the cisco wiki now that i have some free time. My express communications retake is looming soon though - very confident as its more focussed on what i do!

spectrum memories

just saw this and it bought back memories. Aaah how i remember the kempton joystick and throwing it across the room when a next level load failed...

To be completely accurate i (my dad) had an apple IIe before a spectrum and it had floppy disks which were reliable. There never seemed to be any games out.
I certainly remember being jealous of the amstrad/commodore people.

Anyway here's what triggered my thoughts - brings a tear to the eye.
and some more to bring back memories - i remember my eyes hurting from playing renegade too much....

killzone2 comment

After playing killzone2 for a few weeks, a couple of comments. I've reached general and top 10% and been very addicted. Now the initial fun is over im feeling like something is missing...

... and then i found this - it emcompasses all my thoughts, so here's the link!

http://www.destructoid.com/improving-killzone-2-s-multiplayer-124085.phtml

CRM Portal

At the moment i'm about to try and install the Dynamics CRM 4.0 e-service accelerator on Microsoft's open source site - codeplex.

http://www.codeplex.com/crmaccelerators/Release/ProjectReleases.aspx?ReleaseId=19956

I'll update this post when i have some conclusions.

==update==

The portal seems good although it takes some setting up which needs to be quite exact. As we already run the c360 portal it's very similar. Its a good start but customising the look is not easy given the complexity of the example site although it should be possible with a couple of days fiddling.

The main issues seem to be bugs in editing the configuration within crm - ensure you only edit the existing xml field, customisation difficulty and its doesnt allow users to filter their cases very well (only configurable globally).

Overall though a great addition to the CRM toolkit. I'll be taking a look at the notification e-accelerator addon later.

Related...

I've been working hard writing content for my wiki site. Over the years i have lost more cisco configs than i care to think about because of moving jobs, carelessness etc. So finally i have managed to get something sorted. Basically i am putting all our diffent deployment examples from work online (over time (we have hundreds) and after sanitisation).

Hopefully over time it will become a useful repository of info for anyone who struggles with getting up and running with Cisco devices. The format of a wiki should allow others potentially to get involved if interested.

Cisco Configuration Examples from Cornwall

wouldn't normally put this here but...

this is really handy for reference. Click to enlarge.

what i've been up to

I've been working on a new wiki containing useful and simple guides to cisco configuration: Cisco Cornwall. Its not the most exciting of pages, but as every time i learn a new bit of kit i have to wade through pages of info i think itll be useful if only as a personal repository.
http://ciscocornwall.co.uk/wiki/Main_Page.html

If anyone wants a logon to add to its contents drop me an email.

Separately killzone came out and it arrived on thursday - some controversy over the aiming style vs COD - with resident evil 5 out in a couple of weeks i'm going to be busy till COD6 comes out (New maps for COD 5 any day!).

the basics of performance tuning cisco routers/switches

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.shtml#switchports
assuming the above link keeps working - handy reference for switching performance commands

randomly "ip cef" was turned off by a customer causing high cpu utilisation of the ip input process "show proc cpu sorted" and "show proc cpu history" are handy here as well.

also see below for link to ip input process troubleshooting

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

openvz vzpkg2

One of the best things to happen to openvz is the development of vzpkg2 this replaces the old one linked in all the documentation. One of the only problems with setting up and managing openvz is the installation of current versions of e.g. centos. a workaround has been to use pre-created template caches, but this makes it difficult to upgrade and install packages from repositories. This has been in part because of problems with 64-bit systems and automated DEV.

vzpkg2 is in active development, and was a breeze to install and get running using the supplied docs. worth knowing as the latest install docs hadn't been updated when i last looked, and i had to look a long time to find this link after realising that the old beta templates were no-longer available.

who am i?

ok time for a basic explanation for what will be here and why. This isn't going to be a list of random stuff - the whole point of this site is to create a useful resource in tandem with another site. The plan is that this site will contain links to where i store example config files, examples, instructions etc on how to get up and running with various projects - focussed around what i learn at work.

As a background to me:
i have been working with computers since the Apple IIe, followed by Spectrum, Atari ST then PC (and the odd console chucked in for good measure). Key to this development was

1. getting access to the internet with compuserve (i think it was about 1989 - but i'm old now and memory is not good - i can remember gopher, a very old modem and everything being verrrrry slow...
   
2. working for one of the first uk internet companies (ok it started as a business directory then became a site design/programming company then an internet marketing company - netvillage ltd, working for Paddy Bolger).
3. Whilst there i started from nothing but ended up getting my first Microsoft MCSE and Cisco CCNA qualification. At this time i also started working with Unix (DEC Alpha) and rapidly moved onto Linux (Red Hat 5.2 from memory).
4. Then i moved to Bristol for another design house (Owta.net), met Theo and Paddy and Judge at s-cool.co.uk - and via them got work at netgates.co.uk (kaliba/sovision.com) where i picked up lots more cisco knowledge and high availability networking knowhow
5. Then i moved back where i was raised. - Cornwall - first of all working at AC Systems then moving on to start up (with Mark Wright) a new company focussing on Microsoft, Cisco, Support and Networks.
   

first post - my week with cisco unified comms and microsoft

Hi there - this is my first post. Content of this blog will be cisco/microsoft stuff from work and general bits about Cornwall.

As i mostly work with Voip systems, CRM and helpdesks therell be bits n' bobs related to that.

Not much to start with except that:

1. i spend half the week with Microsoft CRM support trying to get them to look some of the problems we've found with the core deployment of cases and resolutions. Managed to get some feature requests raised, some workarounds and i have to do some work with Visual Studio 2008! Roll on CRM 5.0... (luckily we're on the beta program so should see somthing in the next few months).
2. Second half of the week was using/deploying/testing the new GUI systems for managing cisco UC500 and Callmanager Express (CME) systems. These include the Cisco Network Assistant (for managing UC500) and Cisco Configuration Professional (for Cisco ISR routers - replaces Security Device Manager (SDM)).
3. Web GUI for the above cisco devices
   

Cisco has in the past been a source of absolutely abysmal software, but are now coming into their own. The new tools are starting to fill out with features and no longer crash constantly with java errors. I started with upgrading a UC520 from a very old version of the software to the latest. Although it took a long time it was pretty successful apart from a minor issue (it didnt recognise the 7931 or 7911 phones). Theres the facility to email support directly from the program and i got a response in a couple of hours with a workaround and info on when a fixed release is going to be out.

The upgrade was pretty smooth, but if not based in the US download the regional language file and upgrade the router separately to the CUE - this gives you the option to specify the region (which has to be done during the upgrade).

Feature-wise there's plenty for basic users including parallel (blast) huntgroup. The only really useful feature missing was extension mobility (hotdesking). Thats not available on CME yet - hopefully around 3rd quarter this year.

Cisco Configuration Professional has also really come on since v.1.1 - lots of functionality, even for more exotic options such as voice configuration, DMVPN, Intrusion detection, Websense support etc... For a seasoned Cisco engineer the software is suprisingly good - erring on caution and not filling the config with loads of rubbish. Even for basic functionality it has a configuration editor an ok gui for firewall management and simple ways of backing up config etc etc.. coming soon is granular security control so you can set up a basic user and assign permission to do basic maintenance and monitoring tasks.... Now all thats needed is perhaps to start joining up all these tools - it would be nice to control asa, isr, and switches from the same place...