After 15 precious years with many ups and some downs (personally) I sadly decided to leave the mothership of Sue and be part of another company. I will announce which company later on, I need to make it a bit exciting to read right? ;-)

Leaving after so many years is a difficult thing, or at least for me. Sue has been part for 3/4 of my professional life, 2 out of my 3 kids where born during my time at Sue. I was seriously ill a few years ago, which made me partially deaf, all during my time at Sue. It feels like close family!

So why leave?

If you have read the above, it does not make much sense to leave right? Yeah, you are entirely correct. In my last two years at Sue, I opted to become one of the three Technical Field Managers (TFM), which I was chosen to do so. I enjoyed that a lot. The coaching part was part of my assignments more or less but never on such scale. I really like that. I am still technically up to speed, I recently recertified my CCNP. At the same time though I was also following a “Coaching” training, which I recently certified for as well.

Sadly my role was coming to an end and Sue and I could not find a role that would fit my ambition. I found another role in a different company that allows me to coach directly from start, and use my technical background as well.

I look back with many many pleasant memories. Snow (Sue when I started working there) had always been a good and pleasant employer and allowed me to evolve where I am now. A big thank you for the company but even more for the people that work there, they supported me and where there when things went wrong on my side (see above); when my kids where born etc. So with pleasant memories and a tear, I will be saying goodbye officially at the end of August.

Dear people of Sue/Snow, colleague’s, friends, thank you very much for every smile, tear, friendship, up and down for the last 15 years. You have been great! I was lucky to work with all of you!

‘Recently’ Cisco changed the CCNP track quite a lot. In the past it was composed of vertical colums so to say with Routing, Switching and Tshoot as seperated colums. This had the advantage that you could focus on pure Routing and pure Switching and no need to worry about bringing many different knowledge into the exam. To recertify you needed to pass one of the colums to pass and extend the certification for another three years.

That is no longer the case, instead of being vertical it is now horizontal. Meaning you need to bring a lot of broad knowledge to the table to be able to do the exam. There are many topics being passed and I will try to write some words about the topics. In order they are:

• Software Defined Networks, SD-WAN, SD-Access
• Wireless
• LISP
• Python
• Routing
• Switching

But first I want to tell something about the changed world.

Changes

So as said the world is changing, and it is changing rapidly. We all can see and know that. But that goes for networks as well. When I started working (back in the dino days.. 2001) the world was rather easy. There were a few switches and a few routers and the network was logically devided. ACL’s where in place to protect things and life was good. We could “easily” oversee things and manually update them and everyone was mostly happy.

But then things changed, things like Virtual Machines started to appear, networks grew, demand grew. Wireless networks were introduced, people could connect from everywhere, with every device. No one is willing to connect to a cable anymore and our servers are placed everywhere and could live in Datacenter A, B, C or D. Automation appeared, we could spin up machines and configurations when needed and automatically deploy them. If there is need for more machines or facilities the cloud can auto scale and do magic things. That basically asks for connectivity that is all over. And if you move from location A to B, or a machine gets live migrated it still needs the same connectivity and be reachable on the same addressing. This is where SDN comes in.

Software Defined Networking, SD-WAN, SD-Access

The network is still build from routers and switches, but that is just a transport layer in the SDN world. SDN provides an overlay network, which in my view is organic and grows and shrinks where needed, but moves with devices and users. A user is no longer bound to an IP address, but instead is an object in the network which can live everywhere. As long as the user is reachable, the same connectivity is possible. The same goes for servers, as long as the server is reachable it doesn’t matter where the device lives. As long as the overlay network can find it, it works. If a wireless devices ‘roams’ (moves between access points) it doesn’t matter if that is in building a or b, smart setups tunnel the traffic to the proper controller and process it.

Cisco created SD-WAN, SD-Access and uses VXLAN with VNI and VNID extensively for this purpose. It is a large piece of the CCNP ENCOR exam. You need to know what the previous terms are and how they are build and communicate.

Wireless

In the previous incarnations of the CCNP exam, I never had much to do with WiFi networks or hardware like WLC’s. But people dont want cables anymore, they want quicker and better WiFi and get the best experience without that annoying cable that is always to short or limited in movement. So CCNP grew WiFi topics. But as Administrator you want it to be practical as well, so you connect it to the SD-fabric. You also need to pick the right antenna and need to understand what kind of interference you have and what all those magic numbers mean in the statistics and/or WLC. You need to study Wireless well!

LISP

I first assumed that this was a programming language, but is also a router locator/node locator protocol. Since devices can roam on multiple places and cross (in legacy thinking) boundaries, the network needs to know where to find an object. The LISP set of protocols and functions come into play to quicky find an EID and redirect traffic to the proper place. Or use border nodes / gateways to communicate to and from external networks.

Python

So who knew that a scripting or programming language (lets not start the debate on what it is!) was going to be part of the CCNP exam? I didn’t and there it was. You need to be able to query data from REST API’s and such and be able to understand how to handle them. That includes understanding JSON and how to handle it. You can use the postman application to test api’s and such and generate pythoncode for you, but you will need to understand them all for the ENCOR exam.

Routing and Switching

This is the part that I first learned with CCNP, there are still topics like STP, VLAN, VTP, EtherChannel, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, IPv6, IPv4, NAT, Multicast. Eventhough it isn’t as focussed as the Routing and Switching exams of the past, you still need to have solid understanding about them.

Summary

As you can see, the topics grew and got broader, many new techniques are being asked and you will need solid understanding of the above. You also need to know about some security applications like Umbrella and Stealthwatch, but the above topics are the largest I think.

If you want to discuss this with me, have ideas or disagree, just email me at webmaster a.t. evilcoder.org

For a while now, my hosting company JR-Hosting, was stopped. But I still needed a way to host my mailboxes and that of several other domains that I own. It was brought to my attention that while playing with Docker I could combine that with a mailserver setup. Mailcow, or better Mailcow Dockerized. As there was a previous version which did not use Docker :-).

The setup is trivial Installation link or at least it was for me. I used one of the components before, at home, for JRHosting and at work where I created the foundation for the currently still in use rspamd setup at work.

Mailcow

Mailcow consists of several helper programs, like rspamd for antispam filtering, dovecot for hosting the mailboxes (storage and delivery/filtering), postfix for the actual mailserver, nginx and php-fpm for the webpages that are hosted on the platform.

Rspamd

As mentioned one of the applications is rspamd, this is a fast and modulair anti spam system that uses several modules and feedback from those modules to define a score to a message. It’s not soley bayes or rbls that form the strength of rspamd. It is written by Vsevolod Stakhov, a hardliner when encountering things that are just not right (outspoken), but a very pragmatic programmer. You need to convince him when there is an error, you will not always get an easy time, but given my years of seeing him in action, he always evaluates your feedback and if found proven he will fix the issues.

Grafana

One of the things that are lacking in all applications, is a dashboard for the environment. And truth to be told, you can create a dashboard for the individual applications, some of them even support prometheus exporter output. But there is no general way to see the individual state. And this is likely not to come, everyone’s needs are different. What works for me is an specific overview, and what works for you is another specific overview. Those might not align or even look a like.

Designing my own

So, there is this thing called ‘mailcow-exporter’, I use this one from Docker: thej6s/mailcow-exporter which reads your mailcow parameters via the API and exposes them as prometheus understandable format.

I then started experimenting with Grafana, I know the tool enough for my needs but I like to play around every now and then to make it even better. I am not graphically oriented though so there are things that might be better.

It worked out for the following dashboard, note that I set the timer on “5” minutes for some of the graphs because I used updated my mailcow installation and some containers where counted twice :-) :

Want more?

If you are interested in the above dashboard, poke me and we’ll see how we can arrange for you to have the dashboard. If you have suggestions, please let me know as well!

You can also find the direct json file here: https://github.com/remkolodder/mailcow-dashboard

Digital edition

As Covid is still around very much and restrictions are in place all over, we needed to host this event on our digital platform. For me that was the first time doing a talk on a digital event. Ofcourse as coach for Sue I do this daily, but not as speaker with polls and such. It is good that we practised a bit upfront to be familiar with the tools.

One of my main worries was that with live audience you can influence the setting a lot. You can interact with people and see the audience and whether they pay attention or fell asleep. With a digital audience you cannot see those signs that easily. People are not required to enable their camera for example, so things can be hidden from you. People can watch different things and pretend that they are watching your talk.

But, at the start we had a good conversation with people from the audience and we talked about the difference between live and digital education. They too find it more difficult to interact with others during digital sessions. Ofcourse there are benefits as well. You can sleep a bit longer because no need to travel.

The talks

I gave a talk about “Infrastructure and security”, zooming in on Security Essentials and using the C-I-A triad. By using several polls I tried to interact with the audience, which worked out above expectation. Since I have long term experience in the field I could use several examples from actual situations and found a few more on the internet which I used in the slides as well. During the talk we had several discussions with the audience which made the talk interactive. Thank you for that to the audience! I went a bit over time because of that and I think it is awesome to have such interaction. I was allowed to introduce my colleague Tijmen who took over the talk and went in depth with security concepts, tools and offered an actual hacking workshop with selfmade boxes.

Thanks

I think the event was a succes and feedback from the audience suggested that as well. It could not have been such a success without the help and support of Sue B.V., Laura, Tijmen, Koen, Patrick, Raimond and ofcourse the audience. I hope that I will be able to attend and/or talk at such an event again and hopefully meet you again where we can discuss during a drink.