What the heck is SDA? Cisco Champion Radio

During Cisco Live! I sat down with Shawn Wargo @shawn_wargo and Brandon Carroll @brandoncaroll to talk about SDA, DNA and how SDA works and why you want it.

The episode is up, go get it!

https://blogs.cisco.com/perspectives/ciscochampion-radio-s4ep15-what-the-heck-is-sda

Advertisements

Cisco Champions Radio – Tech Field Day

As you know, I was previously a Tech Field Day delegate, many people have asked me “What is Tech Field Day” and how did it start?

Well, I grabbed Stephen Foskett at Cisco Live this year, and asked him those questions in my in-depth interview.    Check out the link and the audio below..

https://blogs.cisco.com/perspectives/ciscochampion-radio-s4ep-14-all-about-tech-field-day

Cisco Champions Radio – The Importance of Flexible Infrastructure

Back at Cisco Live in June, I had a chance to sit down with David Zacks – Distinguished Engineer at Cisco Systems and talk about Catalyst 9K, and the importance of Flexible Infrastructure.

It was a great honour to get a chance to sit with Dave and talk about Cat 9K and microsegmentation and how Cisco has really changed the way they create hardware.

Check out this episode here!   

https://blogs.cisco.com/perspectives/ciscochampion-radio-s4ep10-the-importance-of-flexible-infrastructure

Podcast Discussion Topics

  • Introducing the Cat9K platform and next gen of chip set.
  • The power of the single code base in the new Catalyst Platform 9300, 9400 and 9500.
  • The ability to empower people with analytics at the edge.
  • Focusing on the flexible infrastructure and looking 1-3 years out.v
  • Encrypted threat analytics.
  • The power behind Network Intuitive.
  • The importance of flexible evergreen hardware as Cisco moves into being a software company.
  • Working with the design team to build a flexible infrastructure.
  • Moving to intent based networking.
  • Elevating the conversation in SDA and why it was built it in the first place.
  • Micro-segmenting.
  • How to do identification through context.
  • Coming out of the starting blocks with SDA.
  • CLI is not going away.
  • Building blocks for a new network implementation.
  • Moving networks into the 21st century.
  • Explaining cryptographic compliance.
  • SPLT packet review.

Listen to the episode below…

My Weight Loss Journey…

Disclaimer:   Before modifying your diet, speak to your doctor, do not do anything I am talking about without talking to a medical professional.

I have always just consumed whatever I wanted.   Then when life got busy, my diet got really bad.   Tons of fast food, always on the go.  The problem is that the more I ate, the more I wanted to eat.   When work got busy, I would eat more.   I realized I was eating when life got busy – but there wasn’t much I could do.

It is easy to grab a pizza slice, or a burger at a fast food restaurant.   The entire world pushes us to eat horribly.   Every TV advertisement, or billboard talks about the amazing Big Mac, or Asiago Range Chicken Club – who doesn’t like cheese, on fried chicken with bacon.    It was nothing for me to just devour an entire bag of potato chips in an evening.

Then one day, I had problems going from my basement office, upstairs without getting winded, I had to hold my breath to tie up my shoes and I simply could not keep up with regular life anymore – I felt horrible.   I had reached an all time high weight of 258lbs.

With a new baby on the way, some kind of a switch flipped inside me – and I realized I had to do… something.

After talking to my good friend Adam, who recently went on a similar journey, he helped mentor me into the Ketogenic Lifestyle (KETO).

Before I get into what I did and how – this is my opinion on the matter, and what you will come to realize is that many people agree, and disagree with many of the things I will say here.  Please read, learn and understand for yourself and make your own decisions – again, seek medical advice.

I started my journey on June 4th, 2017 – I was simply not proud of who I had become.

Image may contain: 1 person, standing and textImage may contain: one or more people, cloud, sky, mountain, ocean, outdoor, nature and water

 

 

Weight: 258.4lbs
Body Fat: 39%
BMI: 37.1 – Obese
Resting Heart Rate: 86
Resting BP: 135/90
Fasting Blood Sugar: 6.3
Starting Waist Size: 44

 

 

 

 

These numbers were alarming, I was seriously overweight, and my fasting blood sugar was pre-diabetic.   I have a history of diabetes in my family, I was not on a good path.

I went down the road of the Ketogenic lifestyle.   With a focus on weight loss and eating healthy.

 

 

What is Keto ?

Keto is a scientifically based food regimen.   I say it is scientific – because this is not something you can just half-ass.   You need to take it seriously, you cannot “cheat”.  The key for success is understanding the ketogenic process in your body.

If you do Keto properly, you actually learn a ton about what you are eating, and the affect of that food on your body, and on your health.

Ketogenic diets are low in carbohydrates, and high-er in fats.

Fat is not your enemy – our bodies are fat burning machines, they are actually designed to burn fat.   They can burn other substances for energy – like sugars in the form of carbohydrates, but our bodies are designed to burn FAT.

Keto is all about putting your body in a fat burning state, something called “Nutritional Ketosis”  The idea is that we feed our bodies FAT, to burn for energy, but when we don’t eat enough fat, our body goes looking for fat to burn — and hey, I had close to 100lbs of it on my body at the time.

Your body burns consumed carbohydrates, or sugar, then when it runs out of that (if it even does!)  it burns any consumed fats, and then AFTER that, it starts to burn off body fat.

The idea is running on ketones instead of blood sugar.   Your system still needs blood glucose to operate important things like the brain – but your system will generate what it needs from the proteins in your system.   There is no need to take in significant

Carbohydrate Addiction

The American Journal of Clinical Nutrition concluded through studies that eating carbohydrates stimulates the addiction centres in the brain.   If you look at the typical North American diet, or worse the poor North American diet, what you typically see is tons of pasta, bread, sugars but the bottom line is carbohydrates.   Tons of processed food, all filled with very cheap to manufacture carbohydrates.

Image result for effect of eating carbohydrates on blood sugar

See the red line?  That’s what happens when you eat significant carbohydrates – your blood sugar spikes like mad.  This causes your brain to feel happy, and you feel full – but only 240 minutes later, you crash hard and start feeling hungry.  You never reach nutritional ketosis, because you ran for more food.   This means you don’t often burn the fats you are consuming – instead you pack them on.

The Low Fat Scam

What is with the war on fat?   Did I not just say we are fat burning machines?   Well, it has to do with fat around our bellies.    People think “Oh I don’t want to be fat, don’t eat fat” so the “low fat” industry was born.   However if you compare many “low fat” alternatives,  they pack in the carbs to make up for the missing fat.   How is this helping?   It isn’t.   High carb, low fat foods, generally processed are super easy for the industry to manufacture, at very cheap prices.

Fat is not your enemy.

Keto has benefits!

Enhanced mental focus:  You will be able to focus on tasks without getting as distracted

No more sugar spikes:  You feel fuller longer, without the hunger pains or the drive to run and eat.  Skipping a meal happens by accident because you just don’t have the up and down sugars in your system.  Your system will normalize, you can actually reverse type 2 diabetes or pre-diabetes.

Better health:  This goes without saying

More Energy!

What are the results?

Here are my results…   Results may vary, and it depends on your unique situation.  My results came with a little more exercise than normal (which became easier once I started)  I feel way more energy, amazing concentration.    My results are dramatic, and your can be too.    The best part is not how I look, but how I feel.

As of September 24th

Weight: 198.9 lbs — Lost 59.5
Body Fat: 28.4% — Lost 10.6
BMI: 28.6
Resting Heart Rate: 54
Resting BP: 120/80
Fasting Blood Sugar: 5.2
Finish Waist Size: 36

Image may contain: 1 person, smiling, outdoor and nature

No automatic alt text available.

 

How can I do this?

First, tell yourself you can do this.  The bottom line however is that you have to want to do it.   Whatever your reason is, not because someone told you to, but because that magic switch in your head flipped one day and said “I want to be healthy, I need to be healthy”

If you are waiting for me to link you to some magic diet pill, or magic recipe to make this work – move on, you won’t find that here.   This requires work, and sacrifice – I won’t sugar coat it (besides, those are carbs)

I am going to provide some reading, why re-invent the wheel, I will provide you with the amazing things I have read to learn about Keto before I went on this journey.

The biggest advice I can provide you with, is to learn and read before you do anything.  The key to success is understanding the science of Keto.

Beginners Guides – Read both, and understand

https://www.ruled.me/guide-keto-diet/

https://www.dietdoctor.com/low-carb/keto

Learn about what is high and low carb

There are great visual guides on dietdoctor.com – check these out, learn what works and what does not.

Courtesy of dietdoctor.com

Some great guides over at DietDoctor that show you what is good and what isn’t on Keto…  Below is a good sample of keto friendly foods..

Keto diet foods: Natural fats (butter, olive oil); Meat; Fish and seafood; Eggs; Cheese; Vegetables that grow above ground

https://www.dietdoctor.com/low-carb/keto#food

Not everything you think is safe — is safe on Keto.   Here is a good example of vegetables, because not all are built the same.   Photo again courtesy of Dietdoctor.com

Low Carb veggies

My tips…

  1.  Track.   You must track everything you eat in order to learn about your foods.  I use a tool called Cron-o-meter to track because it properly supports Net Carbs.
  2. CALCULATE YOUR MACROS CORRECTLY!   Highly recommend this calculator

 https://keto-calculator.ankerl.com/

2.  Read.  I said this already, but you need to learn how your body works, and read up on what you can and cannot eat.

3.  Learn your body.   Learn to understand your body, you will be learning new cues, new feelings.

4. Stick with it.  Keto flu is real, you will read about it, and it sucks.    It goes away

5. Water.  Drink it, lots of it.  Constantly, the Ketogenic process needs more water to operate than you probably consume today.

6. Supplements.  You will probably need some supplements, see your doctor but generally you need to consider magnesium and potassium supplements.

7. Calories MATTER!  – lots of people will disagree here.  However your body is an energy consumption machine – calories in, calories out, calories stored.  You need to run a deficit in order to lose weight.  PERIOD

8. You cannot eat unlimited fat.   See #7

 

 

KRACK – Key Reinstallation Attacks against WPA2

Recently released at http://www.krackattacks.com – a serious weakness in WPA2 has been found by the team there.   For all the heavy technical details, go there.

The krack itself basically hacks the encryption ITSELF within the Wi-Fi WPA standard, when clients negotiate, they perform a multi-step encryption key.   By recording, and replying some packets, we can trick devices into using encryption keys more than once – which means now we can decrypt their traffic, and/or hijack TCP sessions and inject traffic into the network.

The key here is that we are attacking CLIENTS – not infrastructure, so we can go after an individual client and steal their data.    This means the majority of the updates will be against CLIENT operating systems.

The bottom line is that here is what you need to know.

  1.  The vulnerability means almost all modern Wi-Fi networks are affected, doesn’t matter if you have WPA1, WPA2, AES, it is all affected.  The issue is in the actual standard.
  2. The only way to protect yourself against the vulnerability – is a code related update
  3. Some attacks are better than others, Android and Linux are apparently quite badly affected, and give up their encryption easily.  Others can be done, but are more of a challenge.
  4. If you are using HTTPS or other encrypted methods on your device, this will protect you.
  5. Update your equipment, especially client operating systems as soon as possible
  6. Disable Wi-Fi if you are in a sensitive environment.

Justin’s Thoughts

This is a problem, but for many this is a bump in the wire.    Wait am I crazy for saying this?     In our modern world you shouldn’t be trusting your network anyway – yes that is right, trust no-one.   Even your corporate LAN.  We think nothing of connecting at a Starbucks, or at home where our children have virus-laden machines.  Why would we trust the wild west that is the corporate LAN/Wi-Fi these days.  Especially when you consider that most attacks these days occur inside.

Network-as-an-enforcer, Network-as-a-sensor – technologies like StealthWatch, these types of technologies continue to be extremely key in the safety and security of our networks.     Technologies that watch for strange behavior (like duplicated key packets) and protect against replays.     Would these types of technologies saved you here?   I cannot speak to that right now.

How many times do we need to say this – security is a multifaceted, multi-layer approach.   You must never rely on a single security layer.   We run HTTPS, we use client-side AV, client-side firewalls.    Client devices should already protect themselves against attacks or vulnerabilities that exist in the network domain.

If you are being responsible, operating your networks and infrastructure in a responsible manner, this shouldn’t be a big deal for you.    I would still go and update your networks ASAP, but if you are following best practices in your network, you should be ok.

Cisco Champions Radio at Cisco Live! – Cisco TacOPS

Back in June at Cisco Live, we launched a special edition of Cisco Champions Radio, and with never before access to basically any Cisco resource, we grabbed the best of the best and the coolest Cisco peep’s and brought them into the Podcast Domain at Cisco Live.

Grab the episode here!
https://blogs.cisco.com/perspectives/ciscochampion-radio-s4ep12-cisco-tacops

In this episode, we interviewed Sue-Lynn Hinson from the Cisco TacOPS and talked about how they were founded, all the cool stuff they do, and what TacOPS does in the downtime.  Is this your dream job?   Yes, it is for many of us.   So we completely nerd out, and talk to Sue-Lynn about without question (IMO) the best job in Information Technologies in the world.

My amazing Co-Host for this was Aaron Conaway @aconaway

Image result for Cisco TACOPSImage result for Cisco NERVImage result for Cisco TACOPS

 

Tips for Cisco Wireless Performance on Mobility Express

Recently I was working on my lab network, and I have an 1831 access point and a 3702 AP.   My comments are specific to Mobility Express, which to be fair is just a regular WLC, running on an access point,  with all AP’s in FlexConnect mode only.   The AP’s are responsible for all packet processing, NBAR/AVC, anything you are doing goes on in the AP’s.

Naturally, I wanted to get the most out of my network, but I ran into a few challenges, and I will document them here….

First, I am far from a CLI expert on the WLC stuff,  I have spent most of my life running WLCs with the GUI – but the Mobility Express series GUI is very simple.     I got much better at the CLI during this.

The latest GUI on 8.5 has an “expert” mode now that lets you play with some of the RF settings, the 8.3 version is pretty simplistic.   So I popped in the 8.5.103 version, and was liking the new GUI.     Everything seemed like it was working….     I applaud Cisco for improving the Mobility Express GUI – it was more simple than some home Linksys offerings in the beginning, this is a step in the right direction.

Let me outline my environment….

  1.  I live in a rural area – there is ZERO wireless noise here, and I control the spectrum pretty well.  I don’t deploy stuff without considering the impact.
  2. I have about a dozen client devices
  3. For all my testing – I kicked everyone off 5ghz, and ran on just a single AP.   Nothing else was in the air – I confirmed this using a spectrum analyzer.

Running the latest bit me

Until I had a problem with my Macbook Air (Early 2014 Model).  If you go and look, many people complain about Apple Macbook Air’s and wireless issues – so many different opinions, some blame Apple, some say replace your “router” or access point but I couldn’t find any kind of real problem.

Not a surprise.  I ran 8.5.103 – and I was having weird problems.    All of my clients were fine except my Macbook Air – as long as it was on 2.4ghz, it was fine – but bump it up to 5ghz, and as soon as traffic started flowing – the AP would simply start ignoring the client.  Client thought it was associated, AP saw it as associated — but no traffic moved.     It would sometimes come back, sometimes not, if I bounced client adapter – it would come right back.  2.4 was solid.

Doing what I always tell my clients – run the “Gold Star” release in this case 8.3.122 – So I put that version in, and let the APs upgrade.    Everything seemed better now – connectivity was solid.      After my findings below, I went back to test 8.5.103 again…

AVC Hurting Performance

So being that it was “working”  I switched to performance testing.   I run a iPERF3 server on my QNAP here at home – confirming performance I was getting 995mb/sec from my wired desktop to the NAS…  Ok we are good to test.

My Macbook Air was connected with the following…

Performance Signal Strength: -53 dBm

Signal Quality: 43 dB

Connection Speed: 867 Mbps

Channel Width: 80 MHz

Capabilities 802.11ac (5GHz) Spatial Stream: 2

Time for a test…

Connecting to host QNAP, port 5201
[ 4] local port 56551 connected to QNAP port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 15.5 MBytes 130 Mbits/sec
[ 4] 1.00-2.00 sec 16.1 MBytes 135 Mbits/sec
[ 4] 2.00-3.00 sec 16.0 MBytes 134 Mbits/sec
[ 4] 3.00-4.00 sec 15.9 MBytes 133 Mbits/sec
[ 4] 4.00-5.00 sec 16.1 MBytes 135 Mbits/sec
[ 4] 5.00-6.00 sec 15.8 MBytes 133 Mbits/sec
[ 4] 6.00-7.00 sec 15.8 MBytes 132 Mbits/sec

Ok this isn’t right…  Something isn’t working….   So I contacted my good friend @wifijanitor – Steve to bounce some ideas off him.    We quickly got to “It’s all configured correctly”
So I started disabling this and that 802.11(insert feature here) and everything one by one. Problem remained.
Finally, I disabled AVC – Application Visibility and Control…

[ 4] 71.00-72.00 sec 46.4 MBytes 390 Mbits/sec

[ 4] 72.00-73.00 sec 46.3 MBytes 389 Mbits/sec

Well look at this…    The only thing we could figure out is that the AP must be getting hammered by the AVC…   So, I investigated that….

AP CPU with AVC Enabled

Whoa, that is 100%…  This is with my iPerf, i’m getting 140-150 mbit. Ok, let’s try with it disabled.
Screen Shot 2017-09-13 at 9.46.09 PM

AP CPU with AVC Disabled – Heavy Load with iPerf

Whoa…  That’s not a good thing…    That means even the performance i’m getting now is probably being hampered by the CPU on board…   Close to 400mbit throughput, and the CPU is high.  According to the system it is nothing but packet process.  There has to be  a choke point…    I wonder what would happen if I had more CPU – i’m not able to clear up any more CPU, everything (I think) is disabled.
Screen Shot 2017-09-13 at 9.46.09 PM

AP CPU with AVC Disabled – 100 Mbit Stream

Ok so i’m trying to prove my theory…  This is AVC Disabled, 100MB Stream using iPerf.  About 30% CPU utilization…

Screen Shot 2017-09-13 at 10.17.18 PM

AP CPU with AVC Enabled – 100 Mbit Stream

Now I re-enable AVC and run the exact same 100mbit stream.   wow ok we are looking at 75%-ish cpu.    Clearly AVC is causing a CPU bump – that has to be my problem at higher speeds.

Screen Shot 2017-09-13 at 10.12.25 PM

Conclusions and Recommendations

– With AVC running in FlexConnect mode, the AP is responsible for the nBAR engine, which is limited compared to what you get in a real WLC.    If you need/want AVC – plan on installing a full WLC, between the limited AVC capability (well document) in FlexConnect mode, and the un forseen performance issues I have seen (not well documented)  It shouldn’t be used in Mobility Express or FlexConnect installs.
– Running the latest code can bite you (I knew this!)
– Always validate your installations, not just for connectivity, but for performance
– If you are using Mobility Express – Learn the CLi, because there are just some things you cannot do in the GUI.
– I did go back to the latest 8.5 release to see if AVC was the cause of my 5GHZ issues in 8.5.103 – but it was not.