August 27, 2014

The Data Center Overlords

Learn what Russ Fellows Doesn’t Know

So how’s this for a condescending tweet? @tbourke @elonden @sbdewindt ; Learn what Tony doesn’t know. See why 2 * 8 != 16. (And yes, 2 * 10 < 16 also). — EGI Russ (@russtystorage) August 27, 2014 It’s from Russ Fellows, author of the infamous FCoE “study” (which has been widely debunked for its many […]

by tonybourke at August 27, 2014 07:40 AM

Cisco IOS Hints and Tricks

Toolsmith @ Netflix on Software Gone Wild

I first met Elisa Jasinska when she had one of the coolest job titles I ever saw: Senior Packet Herder. Her current job title is almost as cool: Senior Network Toolsmith @ Netflix – obviously an ideal guest for the Software Gone Wild podcast.

In our short chat she described some of the tools she’s working on, including an adaptation of pmacct to environments with numerous BGP exit points (more details in her NANOG presentation).

by Ivan Pepelnjak ( at August 27, 2014 06:18 AM

Packet Pushers Blog/Podcast

HTIRW: Provider Peering Types

One of the confusing aspects of Internet operation is the difference between the types of providers and the types of peering. There are three primary types of peering, and three primary types of services service providers actually provide. The figure below illustrates the three different kinds of peering. One provider can agree to provide transit […]

Author information

Russ White

Russ White

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking on Software Defined Networks at The Future Internet in Denver in Late August, and in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, and is currently working on a new book in the area of network complexity with Addison Wesley, as well as a book on innovation from within a Christian worldview.

The post HTIRW: Provider Peering Types appeared first on Packet Pushers Podcast and was written by Russ White.

by Russ White at August 27, 2014 05:06 AM

Show 202 – Avaya & The Critical Importance of the SDN Underlay – Sponsored

"The most interesting part of building our house was choosing the brick and trim," explains Randy Cross, Director of Product Line Management at Avaya, "but in Texas with clay soils, the most IMPORTANT element was the foundation." This podcast explains that much of the SDN hype today centers on the outer elements of SDN - API’s, controllers, and SDK’s. However, Avaya’s contention is that the most important architecture element (and the greatest source of complexity) of SDN is in the underlying network. In fact, an SDN implementation that does not remove complexity simply shifts the complexity problem from the CLI jockeys to the programmers -- yeah, it sounds better, but there is no net simplicity benefit. Ethan, Greg, and Randy have a lively discussion around how Avaya’s SPB-based underlay actually removes complexity and becomes a great foundation for an SDN implementation. Take a listen, be entertained, and perhaps even learn something. About Avaya Avaya is a leading global provider of next-generation business collaboration and communications solutions, providing unified communications, real-time video collaboration, contact center, networking and related services to companies of all sizes around the world.

by Packet Pushers Podcast at August 27, 2014 12:13 AM

XKCD Comics

August 26, 2014

Honest Networker

Redistributing routes between two OSPF processes on the same router to connect distinct IGP domains

Redistributing routes between two OSPF processes on the same router to connect distinct IGP domains

by ohseuch4aeji4xar at August 26, 2014 09:20 PM

Cisco IOS Hints and Tricks

VMware EVO:RAIL – One Stop Shopping for Your Private Cloud

Building a private cloud infrastructure tends to be a cumbersome process: even if you do it right, you oft have to deal with four to six different components: orchestration system, hypervisors, servers, storage arrays, networking infrastructure, and network services appliances.

Read more ...

by Ivan Pepelnjak ( at August 26, 2014 12:25 PM

Security to the Core | Arbor Networks Security

IPv4 Is Not Enough

Last week in Chicago, at the annual SIGCOMM flagship research conference on networking, Arbor collaborators presented some exciting developments in the ongoing story of IPv6 roll out.  This joint work (full paper here) between Arbor Networks, the University of Michigan, the International Computer Science Institute, Verisign Labs, and the University of Illinois highlighted how both the pace and nature of IPv6 adoption has made a pretty dramatic shift in just the last couple of years. This study is a thorough, well-researched, effective analysis and discussion of numerous published and previously unpublished measurements focused on the state of IPv6 deployment.

The study examined a decade of data reporting twelve measures drawn from ten global-scale Internet datasets, including several years of Arbor data that represents a third to a half of all interdomain traffic.  This constitutes one of the longest and broadest published measurement of IPv6 adoption to date. Using this long and wide perspective, the University of Michigan, Arbor Networks, and their collaborators found that IPv6 adoption, relative to IPv4, varies by two orders of magnitude (100x!) depending on the measure one looks at and, because of this, care must really be taken when looking at individual measurements of IPv6.  For example, examining only the fraction of IPv6 to IPv4 traffic, which is still just shy of 1%, is misleading, since virtually all other indicators show that IPv6 is much more ready for use and able to grow very quickly.


Measurement of IPv6 Adoption (solid green line refers to Arbor Network’s ATLAS Traffic Statistics)

In the study, differences in IPv6 deployment across global regions were also apparent. This suggests that both the incentives and obstacles to adopt the new protocol vary in different parts of the world.

Most surprisingly, the team found that over the last three years the nature of IPv6 use, in terms of traffic, content, reliance on transition technology, and performance, has shifted dramatically from prior findings, showing a maturing of the protocol into production mode.  For instance, Arbor data shows that the increase in IPv6 traffic relative to IPv4 over each of 2012 and 2013 has been phenomenal, growing more than 400% in each year — a more than quintupling. Arbor data also helped show that *how* people are using IPv6 has likewise evolved immensely, to the point where IPv6 is now largely used natively and mostly for content, neither of which was the case just three years ago.


Summary of Traffic per Customer derived from Arbor Network’s ATLAS Traffic Statistics

Interestingly, this study offers a thought-provoking rationale for the high incidence of NNTP and rsync in the IPv6 application mix.  Based on the data,  the high volumes of NNTP and rsync is likely partially due to synchronization of NNTP and software distribution data between a relatively small number of IPv6-enabled servers that resided within the research and education communities. The significant increase of HTTP and HTTPS traffic in the IPv6 application mix could correlate with a much broader increase of IPv6-connected end-user computers accessing IPv6-enabled web servers.

Screen Shot 2014-08-25 at 8.46.51 AM

Comparison of IPv6 application breakdown and convergence at similar ratios as IPv4 signaling adoption,
derived from Arbor Network’s ATLAS Traffic Statistics

These changes in adoption rate and the nature of IPv6 use come on the heels of several important IPv4 exhaustion milestones (such as the IANA address depletion event), which began in 2011. Thus, the team believes that this new phase of IPv6 rollout might have been spurred, in part, by a growing shortage of IPv4 addressing.

The study’s conclusions regarding the prevalence of untunneled native IPv6 traffic in today’s Internet are significant in that they imply a level of infrastructure readiness for IPv6. Transition technologies played an important “early adopter” role in the evolution of IPv6 technology and it now appears that IPv6 deployment has entered a stage where Internet infrastructures can support native IPv6 traffic.

In closing, the team noted that, together, IPv6′s very fast recent growth and how its use has shifted signal a true quantum leap. Twenty years after it was standardized, it looks like IPv6 is finally becoming real.

For the full presentation shared at SIGCOMM, click here or on the image below to download.

Many thanks to Jakub Czyz, Scott Iekel-Johnson, Bill Cerveny and Roland Dobbins for assistance with this post!

by Marc Eisenbarth at August 26, 2014 09:00 AM

August 25, 2014

The Networking Nerd

Moscone Madness


The Moscone Center in San Francisco is a popular place for technical events.  Apple’s World Wide Developer Conference (WWDC) is an annual user of the space.  Cisco Live and VMworld also come back every few years to keep the location lively.  This year, both conferences utilized Moscone to showcase tech advances and foster community discussion.  Having attended both this year in San Francisco, I think I can finally state the following with certainty.

It’s time for tech conferences to stop using the Moscone Center.

Let’s face it.  If your conference has more than 10,000 attendees, you have outgrown Moscone.  WWDC works in Moscone because they cap the number of attendees at 5,000.  VMworld 2014 has 22,000 attendees.  Cisco Live 2014 had well over 20,000 as well.  Cramming four times the number of delegates into a cramped Moscone Center does not foster the kind of environment you want at your flagship conference.

The main keynote hall in Moscone North is too small to hold the large number of audience members.  In an age where every keynote address is streamed live, that shouldn’t be a problem.  Except that people still want to be involved and close to the event.  At both Cisco Live and VMworld, the keynote room filled up quickly and staff were directing the overflow to community spaces that were already packed too full.  Being stuffed into a crowded room with no seating or table space is frustrating.  But those are just the challenges of Moscone.  There are others as well.

I Left My Wallet In San Francisco

San Francisco isn’t cheap.  It is one of the most expensive places in the country to live.  By holding your conference in downtown San Francisco, you are forcing your 20,000+ attendees into a crowded metropolitan area with expensive hotels.  Every time I looked up a hotel room in the vicinity of VMworld or Cisco Live, I was unable to find anything for less than $300 per night.  Contrast that with Interop or Cisco Live in Las Vegas, where sub-$100 are available and $200 per night gets you into the hotel of the conference center.

Las Vegas is built for conferences.  It has adequate inexpensive hotel options.  It is designed to handle a large number of travelers arriving at once.  While spread out geographically, it is easy to navigate.  In fact, except for the lack of Uber, Las Vegas is easy to get around in than San Francisco.  I never have a problem finding a restaurant in Vegas to take a large party.  Bringing a group of 5 or 6 to a restaurant in San Francisco all but guarantees you won’t find a seat for hours.

The only real reason I can see for holding conferences at Moscone, aside from historical value, is the ease of getting materials and people into San Francisco.  Cisco and VMware both are in Silicon Valley.  Driving up to San Francisco is much easier than shipping the conference equipment to Las Vegas or Orlando.  But ease-of-transport does not make it easy on your attendees.  Add in the fact that the lower cost of setup is not reflected in additional services or reduced hotel rates and you can imagine that attendees have no real incentive to come to Moscone.

Tom’s Take

The Moscone Center is like the Cotton Bowl in Dallas.  While both have a history of producing wonderful events, both have passed their prime.  They are ill-suited for modern events.  They are cramped and crowded.  They are in unfavorable areas.  It is quickly becoming more difficult to hold events for these reasons.  But unlike the Cotton Bowl, which has almost 100 years of history, Moscone offers not real reason to stay.  Apple will always be here.  Every new iPhone, Mac, and iPad will be launched here.  But those 5,000 attendees are comfortable in one section of Moscone.  Subjecting your VMworld and Cisco Live users to these kinds of conditions is unacceptable.

It’s time for Cisco, VMware, and other large organizations to move away from Moscone.  It’s time to recognize that Moscone is not big enough for an event that tries to stuff in every user it can.  instead, conferences should be located where it makes sense.  Las Vegas, San Diego, and Orlando are conference towns.  Let’s use them as they were meant to be used.  Let’s stop the madness of trying to shoehorn 20,000 important attendees into the sardine can of the Moscone Center.

by networkingnerd at August 25, 2014 11:10 PM

Honest Networker

How To Find A Lost Article In Google’s Cache

I had moment of confusion when a 1,200+ word analytical piece I’d written on HP networking utterly disappeared from my WordPress site. I still don’t know what happened. The piece was written, published, and linked all over social media. It was picking up page views immediately after publication. I’d seen some re-tweets and […]

by Ethan Banks at August 25, 2014 05:51 PM

Missing Synergies & HP’s SDN

As someone who’s been monitoring HP’s SDN strategy for years now, news that Bethany Mayer is headed to Ixia is rather interesting. Despite HP’s networking division having had some successes and gaining small bits of market share here and there, the fact they they are leaders in the SDN space seems to go unnoticed by the […]

by Ethan Banks at August 25, 2014 05:03 PM

My Etherealmind

Rant: VMware vCheese Becomes vChAir – Logo Parody

VMware announced the vCloud Hosted Services a while back and it was mostly known as vCheese for short. This week it was rebranded as "vCloud Air Network" and that is too much of a mouthful to keep saying as well. Don't these marketing people live in the real world ? Lets me share my suggestion .......

The post Rant: VMware vCheese Becomes vChAir – Logo Parody appeared first on EtherealMind.

by Greg Ferro at August 25, 2014 01:35 PM

Packet Pushers Blog/Podcast

Community Show – CCNA Data Center Part1 with Anthony Sequeira and Orhan Ergun

In this first part of CCNA Datacenter sessions , Anthony Sequeira and Orhan Ergun are talking about the topics in the blueprint. They identify all the technologies which you should know for the CCNA Datacenter exam. Topics include : DCICN exam which is the first exam. DCICT exam which is the second exam. Datacenter Fundamentals, Unified Computing, Unified Fabric, Storage Networking, Virtualization and Datacenter Network Services sections of the exam will be explained.   They talk about the strategy for studying and the important technologies for the CCNA Datacenter exam. This talk should be considered as preparation for the many other Datacenter related session , and obviously Anthony and Orhan are planning many other podcast for the packetpushers. Let us know which topics you would like to learn from them.

by Packet Pushers Podcast at August 25, 2014 09:34 AM

Cisco IOS Hints and Tricks

Interview: Reduce Costs and Gain Efficiencies with SDDC

A few days ago I had an interesting interview with Christoph Jaggi discussing the challenges, changes in mindsets and processes, and other “minor details” one must undertake to gain something from the SDDC concepts. The German version of the interview is published on; you’ll find the English version below.

Read more ...

by Ivan Pepelnjak ( at August 25, 2014 08:26 AM

XKCD Comics

August 24, 2014

Cisco IOS Hints and Tricks

Finally: a Virtual Switch Supports BPDU Guard

Nexus 1000V release 5.2(1)SV3(1.1) was published on August 22nd (I’m positive that has nothing to do with VMworld starting tomorrow) and I found this gem in the release notes:

Enabling BPDU guard causes the Cisco Nexus 1000V to detect these spurious BPDUs and shut down the virtual machine adapters (the origination BPDUs), thereby avoiding loops.

It took them almost three years, but we finally have BPDU guard on a layer-2 virtual switch (why does it matter). Nice!

by Ivan Pepelnjak ( at August 24, 2014 11:35 AM

August 23, 2014

Honest Networker
Cisco IOS Hints and Tricks Is on CloudFlare (and IPv6)

After a week of testing, I decided to move the main web site ( as well as some of the resource servicing hostnames to CloudFlare CDN. Everything should work fine, but if you experience any problems with my web site, please let me know ASAP.

Collateral benefit: is now fully accessible over IPv6 – register for the Enterprise IPv6 101 webinar if you think that doesn’t matter ;)

by Ivan Pepelnjak ( at August 23, 2014 12:21 PM

August 22, 2014


Replacing Traditional TV & DVR with Little Streaming Boxes

After nine years with Dish Network, I’ve replaced it with an AppleTV and Roku 3 ($99 each, last time I looked). Having done that, what’s life like without traditional TV & DVR? In a nutshell, it’s just fine. My kids watch a lot of YouTube, and did before I retired Dish. I was bored […]

by Ethan Banks at August 22, 2014 10:02 PM

What is an Automatic Transfer Switch (Power)?

In response to the power redundancy article I wrote yesterday, a few comments came in. One of them (thanks, Mike!) mentioned an automatic transfer switch (ATS), a useful tool in a redundant power strategy. What is an ATS? There are many types of electrical transfer switches whose primary purpose is to divert the […]

by Ethan Banks at August 22, 2014 07:11 PM

Cisco IOS Hints and Tricks

Cloud Orchestration System Is an Ideal Controller Use Case

A while ago I explained why OpenFlow might be a wrong tool for some jobs, and why centralized control plane might not make sense, and quickly got misquoted as saying “controllers don’t scale”. Nothing could be further from the truth, properly architected controller-based architectures can reach enormous scale – Amazon VPC is the best possible example.

Read more ...

by Ivan Pepelnjak ( at August 22, 2014 09:09 AM

XKCD Comics

August 21, 2014


Street Power vs. UPS Power In Redundant Power Supply Devices

A question came into the Packet Pushers mailbox along these lines. If a unit has two power inputs, should one go to UPS and one to street power, or is it better to have both power supplies fed by the same UPS? The issue with raw street power is that it isn’t conditioned. […]

by Ethan Banks at August 21, 2014 05:55 PM

Packet Pushers Blog/Podcast
Networking Now (Juniper Blog)
Packet Pushers Blog/Podcast

Windows ISATAP Client, Part 2

In Part 1 we discussed how to turn off ISATAP on Windows host—which is a great idea.  Turning off unnecessary components of your network simplifies everything.  But ISATAP can be useful in certain scenarios.  For instance, if you want to test an application on IPv6 you clearly don’t want to turn on IPv6 everywhere and […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Windows ISATAP Client, Part 2 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

by Dan Massameno at August 21, 2014 01:24 PM

My Etherealmind

Musing: First thoughts on how Cisco ACI Works

I've been reading the Cisco Application Centric Infrastructure Design Guide. Sometimes I see a product of genius and wondrous use of technology, other times I'm like 'did they do it the hard way or what' ?

The post Musing: First thoughts on how Cisco ACI Works appeared first on EtherealMind.

by Greg Ferro at August 21, 2014 12:19 PM

Cisco IOS Hints and Tricks

The Impact of Data Gravity: a Campfire Story

Here’s an interesting story illustrating the potential pitfalls of multi-DC deployments and the impact of data gravity on application performance.

Long long time ago on a cloudy planet far far away, a multinational organization decided to centralize their IT operations and move all workloads into a central private cloud.

Read more ...

by Ivan Pepelnjak ( at August 21, 2014 09:55 AM

August 20, 2014

Cisco IOS Hints and Tricks

Pmacct – the Traffic Analysis Tool with Unpronounceable Name

SDN evangelists talking about centralized traffic engineering, flow steering or bandwidth calendaring sometimes tend to gloss over the first rule of successful traffic engineering: Know Thy Traffic.

In a world ruled by OpenFlow you’d expect the OpenFlow controller to know all the traffic; in more traditional networks we use technologies like NetFlow, sFlow or IPFIX to report the traffic statistics – but regardless of the underlying mechanism, you need a tool that will collect the statistics, aggregate them in a way that makes them usable to the network operators, report them, and potentially act on the deviations.

Read more ...

by Ivan Pepelnjak ( at August 20, 2014 09:33 AM

XKCD Comics

August 19, 2014

Networking Now (Juniper Blog)

Security for the Cloud Data Center



Securing cloud data centers is an ongoing challenge. Your adversaries—cyber criminals, nation state attackers, hacktivists—continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape.


Because clouds are dynamic in nature, with new application and services being spun up or taken down and virtual workloads being moved, security for the cloud should be dynamic also. That poses the question, are traditional firewalls that are focused on layer 3 and 4 inspection sufficient in today’s threat environment? Also, next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks being created every day. In today’s world, shouldn’t firewalls be able to take immediate action based on known or emerging intelligence?


With the shift to cloud architectures, traditional firewall administration has become burdensome and fraught with human error due to the sheer complexity of distributed security. What’s needed is an effective network security solution that fights cyber criminals head-on and can adapt to emerging threats without exerting excessive load on the enforcement point.

  1.      Do you know if your infrastructure is under attack at this very moment, and by whom?
  2.      Are you concerned about the performance impact to the cloud if you use advanced security services available from your firewall?
  3.      Are you expanding your network and able to ensure there are no security gaps that can make the network susceptible to exploitation?

What other fears or concerns about securing the cloud data center keep you up at night?


Stay tuned to my blog for ideas on how to address these challenges.

by skathuria at August 19, 2014 12:07 PM

Packet Pushers Blog/Podcast

A History of Load Balancing

A visual representation of the company and, to a lesser extent, product history of the load balancing/application delivery field. My usual F5 bias is present but it seems justified considering their long-held market leading position. I’ve been itching to post this for a while but simply couldn’t stop changing the formatting. I can’t say I’m […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post A History of Load Balancing appeared first on Packet Pushers Podcast and was written by Steven Iveson.

by Steven Iveson at August 19, 2014 11:09 AM

Cisco IOS Hints and Tricks

Revisited: Layer-2 DCI over VXLAN

I’m still getting questions about layer-2 data center interconnect; it seems this particular bad idea isn’t going away any time soon. In the face of that sad reality, let’s revisit what I wrote about layer-2 DCI over VXLAN.

VXLAN hasn’t changed much since the time I explained why it’s not the right technology for long-distance VLANs.

Read more ...

by Ivan Pepelnjak ( at August 19, 2014 09:58 AM

August 18, 2014

Peter's CCIE Musings and Rants

Cisco CUCM - Self Provisioning, Feature Groups, User Device Templates, User Profiles - What it all means and how to use it to get zero-touch deployment!

How to enable self-provisioning for CUCM 10.5

The problem

A customer once asked me to enable LDAP integration for their CUCM deployment.

"How long will it take?" they asked, "maybe an hour max" I replied. The customer was suprised it was so easy and I found it funny they thought it would take a while!

I enabled it for them, and the disconnect quickly became apparent: They thought enabling LDAP sync would have it so their phone info was automatically pulled from LDAP! Back then this was note the case.

CUCM 10.0 finally gives us this ability! In combination with a feature that has been available since CUCM 9 that allows you to add phones/lines in a template-like configuration. The feature can still be useful for those of you not using LDAP integration.

Building Blocks

Let's look at the parts involved so we can work out what all these new options are and what they do for us. When you create these "building blocks" you would basically create one for each separate set of discreet users, in my example I live in New Jersey, so I have created a collection of these building blocks to represent the settings of the New Jersey site users.

Universal Line Template
The universal line template is where we configure the settings for the line such as partition, call forward settings etc. You can access this via User Management -> User/Phone Add -> Universal Line Template. The settings are shown below

As you can see you can edit the call forward settings, calling search spaces etc. You will also notice the #FirstName# and #LastName#, these are called tags and allow you to have these fields filled in by information pulled down about the user from LDAP or entered by you manually when you create the user in the quick phone/add page (if you don't use LDAP.) I personally feel not enough "tags" exist, for example there is no DirectoryNumber Tag which would be useful, I personally like to put the directory number into the description of each device and each line.

Once you have saved this, it's onto the next building block

 Universal Device Template
Here is where you configure the device itself's CSS, MRGL, Device pool etc. These settings can be customized to what KIND of device your adding (example, you would have a separate universal device template for soft phones and remote destination profiles as an example)

These settings can be found under:
 User Management -> User/Phone Add -> Universal Device Template

User Profile
The user profile can be found under User Management -> User Settings -> User Profile. This links together the device and line template as well as controlling if the user is allowed to self provision or not. As you will see in the screenshot below, you can specify a separate user template for each type of device.
Feature Group Template
Finally, a feature group is used to set some restrictions for the user and to tie their user profile to us

Non-LDAP Users Quick Phone/User add

Let's assume for a minute that your either not using LDAP, not interested in self-provisioning OR your stuck on CUCM 9. All the settings you just configured where not in vain, you can still get great use out of the templates you just created

You can either create a new user with a new username and details:

Or click on either a non-LDAP integrated user or an LDAP integrated user (as per the screenshot below)
Once you have clicked on an existing user and/or created a new user, you can assign that user an extension

Once an extension is assigned you can then click "manage devices" and either move an existing phone over to them (cool! Great for changes) or add a new phone:

Part 2 of the blog will cover how to integrate this with LDAP 

Sources: I got some really good information from the following blog Entry

by peter_revill ( at August 18, 2014 07:40 PM

Cisco CUCM - Self Provisioning, Feature Groups, User Device Templates, User Profiles - What it all means and how to use it to get zero-touch deployment! - Part 2

CUCM Self Provisioning

Hi Guys

In part 1 of CUCM provisioning we talked about the new features available in CUCM 9 to make life easier for adding users, in continuation of this theme we are going to look at Self-provisioning, which allows the user to provision their own phone. LDAP is used to provide this information.

The feature is available in CUCM 10 and is quite nifty.

If you have not read part 1 of this blog, I strongly recommend you do so before continuing.


The basic premise of this feature is very similar to a technology many of you will already be familiar with: Cisco TAPS. Cisco TAPS allowed you to bulk insert phones and then, using a UCCX script have users phone a number in order to self-provision their phones. This is like TAPS but with a few important differences:

- You don't need UCCX
- You don't bulk insert the phones.


The first thing you will need to do (other than setting up the universal device template and user line template that I already outlined in blog post 1) is configure a CTI route point and assign it a number, this CTI route point doesn't have to be anything special but you should assign it a DN that is reachable by phones configured for auto-registration

Second thing, is to enable auto registration with a CSS that can reach the number you assigned to your CTI Route point

Next, you must create an application user, ensure it is enabled for "Standard CTI Enabled" access control group and also ensure that it controls this CTI device you just created

Once this is done, go to the self-provision section under User Management -> Self provisioning

 Once this is done, you will be prompted to reset the service, obviously this is a good idea.

The final step is to configure our LDAP directory:

Go to your LDAP directory page after configuring your LDAP system and specify a directory containing the users, note you could use filters here to control which users from which area in your business are imported into LDAP, so for example, if you had users in NJ who should receive a CSS that is allowed to call international, you would create a seperate LDAP directory entry for these groups that uses a custom LDAP filter that looks for membership in a particular Windows Group. Or you could place them into a separate OU, the point is that you will need to create multiple LDAP directories.
 In the example below I have just pointed to the default AD CN for simplicity

 Next, you will assign the "Feature group" that controls what universal device template and what user line template are assigned to users contained in this LDAP directory.

It's important to select "Apply mask to Synched Telephone numbers to create a new line for the inserted users" also, and enter the mask as you want it to appear based on the imported telephone number field.

Once this is done. Sync the directory, what should happen is that every entry in your LDAP directory with a phone number assigned in LDAP will now create a DN in CUCM that has not yet been associated with a phone:

 When a user first plugs in a phone, and then dials the CTI Route point number (in our case, 9999) they will be prompted to enter the extension of the phone they wish to provision. Once this is done, the phone will be created based on the settings in the line and device template!!

See below an example:

 There you have it!!! Now all you have to do to create a user is simply create it in LDAP, grab a phone, dial 9999 and enter your extension, you could even have the users do this, and the phone will be provisioned!

Finally LDAP integration worth configuring!!

I hope this helps someone out there

by peter_revill ( at August 18, 2014 07:39 PM

My Etherealmind

Blame the System For Resisting Change – Not The People

I often hear vendors and pundits proclaim that Enterprise is resisting change. In particular, they say that individuals in Enterprises can't see the change or won't discuss buying new technology. I see these objections as failure of the current system and much less due to the people.

The post Blame the System For Resisting Change – Not The People appeared first on EtherealMind.

by Greg Ferro at August 18, 2014 05:11 PM

The Networking Nerd

Do We Need To Redefine Open?


There’s a new term floating around that seems to be confusing people left and right.  It’s something that’s been used to describe a methodology as well as used in marketing left and right.  People are using it and don’t even really know what it means.  And this is the first time that’s happened.  Let’s look at the word “open” and why it has become so confusing.

Talking Beer

For those at home that are familiar with Linux, “open” wasn’t the first term to come to mind.  “Free” is another word that has been used in the past with a multitude of loaded meanings.  The original idea around “free” in relation to the Open Source movement is that the software is freely available.  There are no restrictions on use and the source is always available.  The source code for the Linux kernel can be searched and viewed at any time.

Free describes the fact that the Linux kernel is available for no cost.  That’s great for people that want to try it out.  It’s not so great for companies that want to try and build a business around it, yet Red Hat has managed to do just that.  How can they sell something that doesn’t cost anything?  It’s because they keep the notion of free sharing of code alive while charging people for support and special packages that interface with popular non-free software.

The dichotomy between unencumbered idea software and no cost software is so confusing that the movement created a phrase to describe it:

Free as in freedom, not free as in beer.

When you talk about freedom, you are unrestricted.  You can use the software as the basis for anything.  You can rewrite it to your heart’s content.  That’s your right for free software. When you talk about free beer, you set the expectation that whatever you create will be available at no charge.  Many popular Linux distributions are available at no cost.  That’s like getting beer for nothing.

Open, But Not Open Open

The word “open” is starting to take on aspects of the “free” argument.  Originally, the meaning of open came from the Open Source community.  Open Source means that you can see everything about the project.  You can modify anything.  You can submit code and improve something.  Look at the OpenDaylight project as an example.  You can sign up, download the source for a given module, and start creating working code.  That’s what Brent Salisbury (@NetworkStatic) and Matt Oswalt (@Mierdin) are doing to great effect.  They are creating the network of the future and allowing the community to do the same.

But “open” is being redefined by vendors.  Open for some means “you can work with our software via an API, but you can’t see how everything works”.  This is much like the binary-only NVIDIA driver.  Proprietary programming is pre-compiled and available to download for free, but you can’t modify the source at all.  While it works with open source software, it’s not open.

A conversation I had during Wireless Field Day 7 drove home the idea of this new “open” in relation to software defined networking.  Vendors tout open systems to their customers. They standardize on northbound interfaces that talk to orchestration platforms and have API support for other systems to call them.  But the southbound interface is proprietary.  That means that only their controller can talk to the network hardware attached to it.  Many of these systems have “open” in the name somewhere, as if to project the idea that they work with any component makeup.

This new “open” definition of having proprietary components with an API interface feels very disingenuous.  It also makes for some very awkward conversations:

$VendorA: Our system is open!

ME: Since this is an open system, I can connect my $VendorB switch and get full functionality from your controller, right?

$VendorA: What exactly do you mean by “full”?

Tom’s Take

Using “open” to market these systems is wrong.  Telling customers that you are “open” because your other equipment can program things through a narrow API is wrong.  But we don’t have a word to describe this new idea of “open”.  It’s not exactly closed.  Perhaps we can call it something else.  Maybe “ajar”.  That might make the marketing people a bit upset.  “Try our new AjarNetworking controller.  As open as we wanted to make it without closing everything.”

“Open” will probably be dominated by marketing in the next couple of year.  Vendors will try to tell you how well they interoperate with everyone.  And I will always remember how open protocols like SIP are and how everyone uses that openness against it.  If we can’t keep the definition of “open” clean, we need to find a new term.

by networkingnerd at August 18, 2014 01:40 PM

Cisco IOS Hints and Tricks

Do you really need to see all 512K Internet routes?

Last week the global routing table (as seen from some perspectives) supposedly exceeded 512K routes, and weird things started to happen to some people that are using old platforms that by default support 512K IPv4 routes in the switching hardware.

I’m still wondering whether the BGP table size was the root cause of the observed outages. Cisco’s documentation (at least this document) is pretty sloppy when it comes to the fact that usually 1K = 1024, not 1000 – I’d expect the hard limit to be @ 524.288 routes … but then maybe Cisco’s hardware works with decimal arithmetic.

Read more ...

by Ivan Pepelnjak ( at August 18, 2014 07:57 AM

Packet Pushers Blog/Podcast

Common Design Tools and Attributes for Everyone Part-1

There are design tools which we should consider for every design. LAN, WAN and the data center where these common design tolls and attributes should be considered. Many of the principles in this article series might be fit not only for the network part of the design  but also compute, virtualization and storage technologies also […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Common Design Tools and Attributes for Everyone Part-1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

by Orhan Ergun at August 18, 2014 05:40 AM

Show 201 – Internet Dies at 512K, Long Live the Internet

The Internet has Died at 512K routes. Ethan & Greg discuss some news and events of the last few weeks and nod nerdishly while noodling about nothing. Yeah, it's a nerd chat show this week.

by Packet Pushers Podcast at August 18, 2014 02:00 AM

XKCD Comics

August 17, 2014

Cisco IOS Hints and Tricks

Network Automation @ Spotify on Software Gone Wild

What can you do if you have a small team of networking engineers responsible for four ever-growing data centers (with several hundred network devices in each of them)? There’s only one answer: you try to survive by automating as much as you can.

In the fourth episode of Software Gone Wild podcast David Barosso from Spotify explains how they use network automation to cope with the ever-growing installed base without increasing the size of the networking team.

Read more ...

by Ivan Pepelnjak ( at August 17, 2014 06:32 PM