In the interest of disclosure…

Not everyone is fully aware of what I do at the moment, where I work, and where the money comes from. I need to remain forthright about it, particularly when I have been, do, and will be blogging about companies that have to do with my paycheck, however remotely.

Here’s the scoop. I’m currently acting as an independent contractor for Gestalt IT, which runs Tech Field Day. I perform duties specific to event management of the Tech Field Day events, and some very light system administration.

This is important, because some of Gestalt IT’s money comes from the vendors who appear at Tech Field Day. The way the event works is that there are eight slots over two days. Each of the slots costs a certain amount. The money paid by the vendors goes to fly the delegates from all around the world into whichever city the event is hosted in, it pays for their hotel rooms, for the transportation to and from any airports, plus around the city as we travel from company to company, plus all of the meals, including a party on Thursday evening. I am also paid, and Stephen Foskett, who owns and runs Gestalt IT is paid.

We try to run the events such that they don’t have a highly positive cash flow – the money is reinvested into the event for the most part, with some carrying over to help events in which we don’t sell all of the vendor slots.

Now, this brings us to the idea of disclosure. I am paid by Gestalt IT. Some of that money comes from vendors…vendors such as Gigamon or Brocade, both of whom I mentioned in posts recently.

Normally with Tech Field Day, delegates need to disclose that the vendors they’re talking about paid for the event, although they weren’t paid directly, and no Tech Field Day delegate has ever been told that they have to write about something specific, nor will they be, but most delegates see interesting things and want to write about them genuinely.

I, on the other hand, AM paid, but very indirectly, but most certainly not to write blog entries about companies presenting at Tech Field Day. If I write something about a company, it’s because whatever I’m writing about is interesting to me, and I think it may be interesting to you.

I was accused of filling my stream with marketing-related materials on twitter this weekend. I probably took that a little bit personally, to be honest. I am in a position right now that exposes me to a lot of new products – I am going to think that some of those products are interesting, because they are. The reason that Gigamon was at Tech Field Day was because I found them on the VMware show floor, talked to them, and was immediately enamored with the product. I didn’t write a blog entry about them right then and there because I would have a lot more information after a Tech Field Day session. So I waited, and the post came out last week. There’s almost no chance that HyperGlance would be a sponsoring company, but the product was so awesome that I lavished it with praise immediately following VMworld.

So here’s where we stand. I will continue to write about system administration-related topics, just like I always have. I will also get to write about interesting new products that I am exposed to, because I think that posts like that have some value. I understand that not all of you feel that way. I don’t want to lose you as readers if you feel this way, so I’m trying to make it easy on you.

I haven’t previously used WordPress’s categories like I should have, but I am now. If you want to only receive System Administration-related posts, then you should subscribe to my SysAdmin Category Feed. I will only be putting sysadmin-specific things in this category. The post you are reading, for example, will be excluded, as it goes to Administrivia. I’m in the process of going back through my nearly-700 posts and properly categorizing them, but this will take time. I will also encourage the various sysadmin planets which redistribute my blog to use my sysadmin feed. Those of you who want to get the full feed can continue with no change if you’re already subscribed.

Also, when I do write about a company in some way in which I imagine that it could be construed that I have given some sort of preferential treatment because they paid for an event, I will put the following disclaimer at the bottom of the post:



Disclosure:
This post mentions a company which paid my employer to partake in an event. I was not paid to write this post, nor was it requested of me. This company has provided me nothing of value besides things which would be considered normal conference swag, such as memory sticks, bags, or pamphlets of information. I write this entry of my own volition and stand by the contents. As always, if I say something is good, it is because I think it is good, not because someone asked me to say it is good.

I think that the combination of these efforts should be sufficient to placate people in general. But you know what they say…

Brocade Ethernet Fabric Races

We visited Brocade today and they were showing off some of their new ethernet switches (if this sounds old-hat, remember that from its beginning until recently, Brocade has been storage-fabric-only *edit*…although Lisa Caywood tells me that they bought Foundry in 2008). They’re competing with the Ciscos and Junipers (and many other companies) of the world. But they’ve built well respected storage switches for a while, so time will tell how their ethernet offerings do.

As a way to introduce their ethernet switches to the Networking Field Day guys, they broke the 10-person group into teams of 2, gave each team some pieces of hardware, and held a contest to see who could get a working network up and running first.

As a non-delegate, this was an interesting thing from my perspective. I’ve learned something important.

Rule One: Secure your infrastructure first
With people this intelligent, following rules gets boring, so the game quickly devolved from the goal of “winning” to the goal of “making sure your neighbor loses”. Network cables were unplugged, passwords changed, routers rebooted, all in the name of screwing with your friends. If I’m ever in a competition like this, step one is changing my admin password and putting a guard on my equipment.

There was a lot of screwing with each other, but everyone had a great time. The exercise worked really well, and all of the guys felt really comfortable with the interface. Here are some quotes:

@tonhe:
RT @ecbanks: I just built a TRILL-based fabric with Brocade VDX … << and had fun doing it!! #NFD2

@TheRealLisaC:
“Impressed so far. I haven’t been able to break it yet, but I’ll keep trying.” —@networkjanitor #Brocade #NFD2

@EtherealMind:
The Brocade CLI is very comfortable since it’s exactly what I’m used to. #NFD2

I’m really glad that Brocade did what they did today. It was a lot of fun after some long slideshows and sitting still. The guys thought it was a good break, and I enjoyed it too.



Disclosure:
This post mentions a company which paid my employer to partake in an event. I was not paid to write this post, nor was it requested of me. This company has provided me nothing of value besides things which would be considered normal conference swag, such as memory sticks, bags, or pamphlets of information. I write this entry of my own volition and stand by the contents. As always, if I say something is good, it is because I think it is good, not because someone asked me to say it is good.

Gigamon…fixing problems you didn’t know about

Yesterday, we stopped by the offices of Gigamon, a company that I first came across at VMworld. When I talked to them and learned what they did, I kind of slapped my forehead, and I thought, “wow. That’s awesome. Why didn’t *I* think of that???”

So I laughed when, during their presentation at Networking Field Day 2, my friend Kurt Bales said:

So yeah, apparently that’s the standard response. They’re in the unfortunate place of only having two categories of marketing contacts…there are people that have bought stuff from them, and there are people who haven’t heard of them.

In order to best explain what they do, it might be better to describe how the industry functions without them.

Suppose you have a rack full of servers with a switch. You need to monitor a specific server’s traffic, and say, to pipe it to an Intrusion Detection System. What are your options?

Well, on the low end, you could just plug in a hub to the server’s port on the switch, then plug both the server and the IDS into the hub. Everything gets all of the traffic.

Of course, there are a lot of drawbacks….namely that if your server is moderately busy, you get collisions from the hub only being half duplex, so your throughput drops. Also, it doesn’t scale….what if you need to monitor two servers? Get another hub? That’s just not a good idea.

Most managed switches include a feature allowing a specific port to be a “monitor” or “mirror” port (on Ciscos, they’re frequently referred to as SPAN ports). This means that you can plug the IDS directly into the switch, and specify that IDS’s port as the mirror port, and suddenly it gets a copy of all of the traffic destined for that other server.

This scales slightly better – some switches allow you to mirror multiple source ports. The downside is that you are limited to the mirror port speed. If it’s a 1Gb/s port, and you’re mirroring 4 1Gb/s ports…it doesn’t take a lot of concurrent traffic before you start to get dropped traffic on the mirror port.

Also, suppose you’ve got a couple of switches. In this case, you need an interface on the IDS for each of the switches. This might scale if you run small networks, but anything approaching more than half a dozen monitoring ports starts to need a seriously heavy set of CPUs to process everything, and the monitoring server becomes a HEAVY expense, plus it only scales so far.

In the end, in order to monitor the network, you need to either have a lot of IDS-type machines, or you need to make it a part-time only endeavor.

Gigamon apparently looked at the way things were and said, “We can do better”.

What they’ve done is build machines that are essentially programmable pipelines for monitored data.

That sounds weird, so here’s how it breaks down. You have a Gigamon device, say a GigaVue 212:

You take a SPAN port from your switch, and you plug it into one of those ports. Then, you take your IDS and plug it into another port. Then you configure the Gigavue to send traffic from the SPAN port to the IDS.

So far, 100% compatibility. Here’s where things get awesome.

Suppose the reason you’re monitoring is because you need to evaluate, say, HTTP traffic over time. You can configure the Gigavue such that ONLY HTTP goes to the IDS (or whatever the target is – you could use anything). You can finely tune it, too!

Suppose you’ve got an IDS going which receives all non-encrypted traffic, then some kind of weird network error crops up and you want to examine DNS packet headers. You can add a rule that redirects all DNS packet headers (yes, you can strip out the data and just look at headers) to another machine plugged into the Gigavue. That traffic doesn’t impact the original monitoring whatsoever.

You can use as many ports as you have on the Gigavue, too, with all kinds of rules. You can have multiple input sources into multiple output ports, slicing and dicing according to the rules you set up. It’ll also strip packet metainfo like VLAN tags and MPLS labels that sniffers usually have problems with.

There’s kind of an amazing video that you should watch that covers a lot of stuff, which I’m embedding below:

I’m really impressed with them. If I ran a large infrastructure, you can bet that these devices would be part of my build-out. It wouldn’t be recommended, it would be built into the fabric. I didn’t know that tools like this existed, but now that I do, I’m going to recommend them.

Read more about them and check them out, because the technology is really sweet, and I can see them being a big thing in the future.



Disclosure:
This post mentions a company which paid my employer to partake in an event. I was not paid to write this post, nor was it requested of me. This company has provided me nothing of value besides things which would be considered normal conference swag, such as memory sticks, bags, or pamphlets of information. I write this entry of my own volition and stand by the contents. As always, if I say something is good, it is because I think it is good, not because someone asked me to say it is good.