This is the first step towards sitting for a practical examination that will hopefully be released this October. And, in response to Micheal Morris’s blog post – Yes Mike, I can pass the CCDE written.

The second big item on my todo list was to recertify my CCIE. Thankfully, Cisco counts the CCDE written towards my recertification requirements. I am waiting for the system to update, but I think this will set me up to be certified till June of 2011.

There is one interesting side effect of passing my CCDE written the week before networkers. I had originally planned on using the free exam at networkers as a “safety” exam in case I struck out on this attempt. Now of course, that is not necessary. Since I am already a CCIE, there isn’t much incentive to take a professional level exam.

So, after weighing my options, I have decided to take the CCIE Service Provider written. It covers much of the MPLS / IP Next Generation Networks material that I have been studying. I only have 7 days to prepare, so the odds are against me. However, with the heavy service provider focus in the CCDE blueprint, I have a feeling after I battle the CCDE practical I will be set to roll right into the CCIE Service Provider lab.Similar Posts:

• It’s on like Donkey Kong – CCDE practical registration is open
• CCDE Practical – Beta candidate deadline August 1 2008
• Cisco Certified Architect – Board examination above the CCIE and CCDE
• My experience taking the CCDE Practical Beta
• Cisco Certified Design Expert – CCDE – officially released by Cisco
• What does it take to pass the CCIE exam?

--Colin McNamara

Passed CCDE written and Recertified my CCIE – Killed two birds with one stone

1. Layer 2 Tunneling Protcol (V3) static and hairpin configuration example - my buddy Rick was nerding it out in the lab and sent a great configuration doc for L2TPv3 my way. L2TP(V3) is used to create a layer 2 psuedowire across layer 3 routed links. This is a great service provider tool that you can use in your own network, no MPLS needed .

2. SNIA Education – Fiber Channel Over Ethernet – There is a lot of buzz going around right now about Fiber Channel Over Ethernet (FCOE). There is also a lot of misunderstanding about the fundamentals of this architecture. This Storage Networking Industry Association (SNIA) does an outstanding job of covering FCOE at both at an architectural level, as well as going over low level messaging structures.

3. Trill (Rbridge) architecture – IETF internet draft – I think the last time I was this interested in an internet draft was when iSCSI was first being proposed in the IP Storage working group. Trill, in my opinion is basically a light weight version of MPLS / VPLS. It has as far as I can tell most of the advantages of this architecture, without some of the configuration and hardware requirement drawbacks. Fair warning, reading this document started a doc hunt that killed my Saturday.

4. Cisco’s Security Response to Sebastian Muniz’s IOS rootkit – Security is a very important aspect of network design. Sebastian’s IOS rootkit demonstration is going to force some customers who in the past have been “OK” with having older, possibly vulnerable IOS versions floating around to update their operational practices and start keeping their routers and switches operating systems as often as they do their servers. Thankfully, Cisco has been embracing technologies such as kernel virtual machines, in service software upgrades and more to lesson or remove the impacts of software upgrades.

5. Turning Wounded Warriors into Network Ninja’s – As a former Marine (well, always a Marine, formerly employed by the USMC) this program goes straight to the heart. Cisco is partnering with Naval Medical Center San Diego (NMCSD, or Balboa Naval Hospital for us locals) to provide technical training to Marines and Sailors who have recieved service ending wounds in Afghanastan and Iraq.Similar Posts:

• Fibre Channel over Ethernet is taking off
• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Zone based IOS firewalls
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0

--Colin McNamara

Link Round Up – L2TPv3 FCOE Trill Wounded Warriors

IOS-XE is takes the best elements out of Internet Operating System (IOS) which has its roots in a closet at Stanford, and combines them with the most successful open source technology ever – Linux. Cisco is leveraging Linux virtualization technologies such as Kernel Based Virtual Machines to protect against operating system failures as well as to allow for In Service Software Upgrades (ISSU).

To really appreciate this, we first have to dive down into the overall architectural changes of the ASR1000. The largest change that Cisco has made was to implement separate forwarding and control planes. In the past, Cisco routers would have the processes responsible for forwarding traffic, and the processes responsible for configuring the router running on the same root operating system. The side effect of this is that if you want to upgrade the root operating system of your router, you are going to have interrupt the traffic flowing through it to do so, or have a physically separate route processor to take over while you rebooted. This is a big headache operationally, and effectively forced engineers to design in separate physical chassis to meet high uptime requirements.

What Cisco has done to address this, was to mirror changes made in their storage and carrier routing portfolios. Both of those product lines utilize the operating system to push commands into advanced processors that exist on the line cards themselves. The ASICS on the line cards are designed to work in a distributed fashion, so that production traffic never goes into up into the router processor (or sup engine). This in effect ensures that the control and forwarding planes can exist as independent elements.

If you look at the graphic above, you will notice 3 main zones. The upper zone is what we would normally describe as the control plane. This is where the higher level functions such as your routing processes, ssh daemons, snmp daemons, and shells live. In short, if you you configure or read something, you are going to do it here. The only time traffic flows through this plane is when you are doing a thing called process switching. keep in mind this is a rare occurrence and usually occurs because of an oversight in your network designs.

By separating the control and forwarding planes, this allows Cisco to basically run a management station on the router, that programs chip sets in the line cards on the fly. This in my opinion is where the true power of this architecture comes through. By separating the two functions the software engineers are free to utilize powerful open source technologies such as Kernel-based Virtual Machines, and the Linux kernel, while letting the integrated circuit engineers design blazing fast chips which allow full functionality at line rate.

What benefits should we receive from a virtualized control plane? First, in larger routing and switching chassis (including the top end of the ASR1000 line) you normally have physically redundant route processors (RP)/ supervisory engines(SUP). The operating systems on these RP’s synchronize many things, including configuration, process state, routing tables, security associations and much more. The primary reason for this, is if you have a failure in the active RP, you can failover to the standby RP without interrupting traffic flows.They also can be used to streamline the software upgrade process by only upgrading one RP at a time, and then gracefully transferring traffic to it. Once proper operation is verified, the backup RP can be brought up to the same code revision.In any production environment this is highly desirable, and helps immensely in the battle for five nines.

The ASR1000 takes the redundant RP concept seen in high end chassis, and allows you to implement redundant upgrades, as well as protection against software failure, with only one physical route processor. This is done by utilizing Linux kernel virtualization. Instead of running the control plane directly on the production hardware, a small kernel is inserted. Booting from that are two copies of IOS-XE. These run independently, and synchronize state and configurations just as if you had two physically separate route processors. What this means in operational English, is that where in the past, you would have to either have two devices, or a larger device with redundant RP’s to upgrade without disruption, you can now have that same ease of maintenance, in a much smaller (and at the end of the day, less total cost) package.

Below this is the forwarding plane.It plugs into to a high speed interconnected fabric which all line cards and RP’s are redundantly connected to. In the diagram above, this is the bottom level. Items in this plane include buffer memory, Cisco Express Forwarding (CEF) ASICS, and now the new QuantumFlow processor. This is normally where you would find your DCEF enabled line cards, fibre channel and Nexus7000 line cards, as well as the modules for the ASR1000 routers. When properly utilized, traffic should be relatively isolated to this tier, and function independently from the control plane.

The shining star of the ASR1000′s forwarding plane is a group of chips that is referred to as QuantumFlow. The QuantumFlow architecture itself merges Cisco’s strength in integrated circuit design, with its strengths in IOS software design. In the past, Cisco would design ASICS’s for specific functions, and then write commands down into them. This has worked very well, until they point that a new feature came out that couldn’t leverage the fixed configuration of an older ASIC. Your choice at that point was generally to process switch for that feature (which is slower, and honestly bad form), or upgrade your cards to the newer ASIC design. The QuantumFlow chipset approaches this problem from a new angle. The first chip in the set (Popeye) is designed to be field programmable in C, as well as no fixed internal pipelines. This combined with utilizing 40 cores running between 900 and 1200 megahertz allows the programmers to utilize parallel processing techniques to utilize an immense amount of processing power in real time.

To put things into perspective, remember when you got your first multi core laptop or desktop. You were able to say watch a DVD, as well as compile code at this same time, while continuing to have a responsive workstation. Now imagine what you could do with a 40 core processor. This is the kind of power that we are talking about. Now imagine, that not only is your workstation immensely powerful, but you could also offload common jobs such as running daily builds, or encoding videos to another machine (or in this case processor.

In the ASR1000 this processor is called Spinach (yellow are in the graphic above). And of course just like the cartoon, Popeye’s potential really comes to light when combined with Spinach. Spinach is a separate chip, that is used a a traffic manager. This chip handles queueing and quality of service, ensuring that the proper packets arrive at the proper time, as well as interconnecting with cryptographic offload engines so it can equally apply services to encrypted flows.

At the end of the day, the most important question is not how fast something is, or how cool it is. The question is what can it do for me? By leveraging this new architecture the ASR1000 is now able to do line rate inspection of traffic using Network Based Application Recognition (NBAR), Support 128,000 queues for deep quality of service, secure and encrypt data using zone based firewalls and embedded crypto engines, segregate traffic using MPLS, integrate advanced voice and video functionality, as well as providing fulling Netflow v9 support for all of the above. It provides all of these services in an always on solution utilizing Linux virtualization, as well as leveraging an flexible chip set architecture that allows for field programmable improvements in the future.

My hope is that after reading this article that you are in a better to understand how Cisco is leveraging open source technology and integrated circuit designs to improve the foundation of the internet. In upcoming articles I will be discussing design scenarios utilizing this features in this product, as well as highlighting other areas where Cisco is embracing both open source technology, as well as open architectures that can properly leverage projects such as Linux, Ntop, Wireshark and more. If this article has you interested in learning more about some of the technologies mentioned today, then I encourage you to check out some of the links below, or shoot me and email to be highlighted in a future readers questions article.

Learn more about Linux Kernel-based Virtual Machines

Learn more about Cisco’s ASR1000

Learn more about Cisco QuantumFlowSimilar Posts:

• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Application Extension API notes – Cisco Live 2008
• Zone based IOS firewalls
• Arista Networks – Their approach to cloud networking
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Altor Virtual Network Security Analyzer (VNSA) integrated with Cisco’s Nexus 1000v for VMware

--Colin McNamara

Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers

Mike Writes -

“Hi Colin,
I’m an avid reader of your blog and had a question that I figured you could answer. I don’t have CCIE knowledge like I’m sure a lot of your readers do. I have worked for the same company for 6 years and during that time had been promoted into the Network Group where I was sent through class and earned my CCNA. The company I worked for decided to relocate across the country and so I have been looking for a new job. Finding a new job doesn’t seem to be that big of a deal but I noticed a lot of job descriptions are asking for BGP experience. We didn’t use BGP at my last job and I thought BGP is used primarily by ISPs for routing between Autonomous systems? If that is the case why do so many non-ISP companys list BGP experience in Networking job descriptions? What are they doing with it? Shouldn’t the ISP be doing the BGP routing for them?
Thanks!
-Mike”

Well Mike there are 3 primary reasons why a company would require (or want) BGP knowledge from its candidates.

Scenario 1. The company has an redundant Internet edge.

In this case lets call our company sample_company. Sample_company has its website hosted in a publicly facing DMZ and wants to make sure that its web servers are available in the case of an ISP failure. Normally in this case the company would request and Autonomous Systems Number (ASN) from ARIN and would get assigned a block of publicly routeable IP address’s (normally /24) that they can advertise. Sample_company would then peer with multiple ISP’s for example one connection to AT&T and the other to Sprint. Sample_company would advertise their ASN through both these ISP’s, and in the case of a failure of one of their ISP’s, the rest of the Internet would be able to calculate a path to sample_company’s web servers via the backup ISP.

Scenario 2. The company is utilizing MPLS for its WAN connectivity.

From a customer perspective MPLS is a private BGP based WAN where all edge devices connected to the MPLS provider utilize BGP to inject and learn routes. One note, some providers do support advertisement of routes via OSPF and even EIGRP now, but the most common scenario is to use BGP as your internal WAN protocol while running MPLS. One trend I am starting to notice, is that since companies are already using BGP on the MPLS WAN, they have started utilizing BGP as their primary routing protocol for their sites to avoid running multiple routing protocols and having to redistribute into BGP to cross the WAN.

Scenario 3. The company is using MPLS inside their data centers for segregation of business units.

In essence they are using the same tools and technologies that MPLS service providers are, however applying it inside of their data center and campus networks. In this case, BGP is the routing protocol necessary to carry the routes between the seperate MPLS VPN’s that are running inside the corporate data center. While this sounds pretty complicated, it actually simplifies many of the designs that you would normally implement to attain the same goals.

Learn more about BGP - Of course, there are many other reasons why you may see BGP on a job listing, but I think the previous covers the most common. If you are curious, and want to learn more about BGP I recommend buying Routing TCP/IP volume 2 by Jeff Doyle. This covers many great scenarios and configuration examples in EGP protocols. It is also written in plain English which can be a challenge with many technical books.

Learn more about MPLS in the enterprise - If you are feeling like learning about how you can implement MPLS inside of your own enterprise network then I would recommend buying Network Virtualization by Kumar Reddy and Victor Moreno. I was lucky enough to have Rick Davis translate the whole idea of utilizing MPLS in a campus environment into plain English for me a couple years back. From that point I was able to really expand my knowledge base and start asking the right questions from a firm foundational understanding of the technology. Kumar and Victors book took my understanding to the next level, showing how to incorporate many very cool features to make a MPLS network stand on its head if you want to. I can say (and actually have said to Kumar Reddy) that this book redefined my data center designs for large corporate and enterprise customers. I really recommend that you add this to your collection.Similar Posts:

• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Identity aware networking using Cisco TrustSec
• Challenges integrating VMware into Cisco networks
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Jayshree Ullal takes the helm of Arista Networks
• Arista Networks – Their approach to cloud networking

--Colin McNamara

Reader question – Why are corporations looking for BGP experience?

Cisco TrustSec starts at the edge by negotiating a secure link if both hosts support it (802.1ae). This is similar to wireless encryption schemes, where a secure handshake is established and the L2 path become impervious to sniffing. This is user configurable, and to my knowledge the asics available to support line rate encryption are currently only on the Nexus 7000 blades.

The next step is to start 802.1x negotiations. For the people not familiar with 802.1x, it is a way of passing username / password information from your computer up into the network infrastructure. Once this is completed, the switch can not only utilise tools like NAC to place you into the appropriate quarantine, or access vlans, but it also know knows your identity.

Now the “network” is aware of your identity, a new level of granular security control can be deployed across your infrastructure. These security policies can map into “user x can connect to webserver y” instead of being restricted by ip and port. This allows you to utilize true roles based administration similar to what you use in your Windows and Unix file systems, but now you can do this across the network.

How is this done ? I like to think of this as a mix between dscp and mpls tags. Which in a nutshell means that when traffic enters the network it is tagged with a small amount of additional “identity: information which is retained as it traverses the network. This information can be used to augment or completely replace your current ACL based security controls in a way that enables you to more effectively comply with complex regulatory environments such as PCI, SOX, GLBA and HPPA.

Over the past few years we have learned how to leverage intelligence in the the network by utilizing tools like QOS, MPLS VPN’s, and many others. Expect to add Cisco TrustSec to your quiver of tricks to address the ever growing compliance needs faced by today’s network designers.

Learn more about Cisco TrustSecSimilar Posts:

• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Encrypting your backup tapes with Cisco Storage Media Encryption (SME)
• Altor Virtual Network Security Analyzer (VNSA) integrated with Cisco’s Nexus 1000v for VMware
• Cisco releases Nexus 1000V virtual switch for VMware
• Zone based IOS firewalls
• Cisco Nexus 4000 Blade Switch

--Colin McNamara

Identity aware networking using Cisco TrustSec

I was wrong, the Green Data Center is not about saving baby seals, it is about saving cold hard cash. Saving the world is just a nice side benefit.

That being said, saving cold hard cash is a very important discussion item in any IT Operations group as they are normally seen as a cost center. For them, a penny saved is literally a penny earned. Not only can you save money by not paying for power, but PG&E will actually has a budget to pay you NOT to use their power. Most people here this and get a puzzled look on their face. “why would the power company, who makes money on power, not want me to buy it from them?” The answer is that Californians use more power then PG&E can produce at peak times. When they have to buy it from another state it can cost them 10 times or more then they charge us. This is the reason why PG&E will pay you to use less. Each penny they give to the consumer for saving a watt, saves them 4 pennies (80% return on investment).

Great, PG&E saves money by giving it to me. How do I get this cash? Well there are a couple ways to get this.

1. Incentives for new buying new energy efficient servers
2. Rebates for moving to virtualized servers
3. Rebates and incentives for moving to thin client desktop systems
4. Audit teams for cooling and power if your Data Center is 10,000 square feet or more
5. Incentives for airflow control systems
6. Incentives for high efficiency UPS and power distribution systems
7. Technical services for cooling system evaluation (PG&E funded)

That is a pretty comprehensive list of how to get money from the power company, but you can save even more money buy not using the power in the first place. Not unsurprisingly this starts with the server.

First thing you can do, is virtualize, virtualize, and virtualize some more. For most people this means VMware. For others this may mean Xen, or Microsofts virtualization product. Whatever flavor you chose, the key message is to consolidate from many servers to few. A server sitting “idle” still pulls 50% of its max current. Now, howe many servers do you have that are just sitting there? My guess is a large amount. By virtualizing these servers, you allow them to be stacked onto high performance server that can be run at a higher utilization. This lowers the over all power utilization for your DataCenter. Another side benefit is that ever watt that you remove from a server, you get another watt removed from your cooling.

These same virtualization techniques can also be applied to your network devices, which account for 6 to 12 percent of your datacenters power draw.

Ask yourself a few questions

• ” Do I need 4 different firewall clusters?”. It is likely that these are leftovers from organic growth, and that you could consolidate them into virtual firewalls on a more efficient chassis (ASA comes to mind).
• ” Do I need to maintain physically separate infrastructure?”. There are technologies like MPLS, VFR-Lite, Virtual Switching and more that allow you to consolidate onto a shared network infrastructure, taking a service provider approach to providing transport in your network.
• ” Am I running old inefficient gear?”. Power supplies have increased in efficiency over the last few years. There may be a good return on investment for you to upgrade.
• ” Can I consolidate into larger chassis?”. Ask the question, which is more efficient – a closet full of 3560′s or a 4507? There is efficiency in scaling out.

I hope that reading this has caused you to ask some questions, and maybe look at the larger impact of your network operations on both the ecosystem and your operational expenses. With these questions in hand, you might want to talk to PG&E and your Cisco / HP parter about going “Green” in the data center.Similar Posts:

• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Cisco’s Cloud Computing Offering
• Usability features in Cisco’s Nexus 7000
• Cisco introduces the C-Series Rack Servers
• New features in VMware 3.1
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR

--Colin McNamara

Moving towards a Green Data Center – Truth behind the hype

One feature that is new, and frankly extremely exciting is Virtual Device Contexts. Each virtual device runs with its own process, vs the use of tagged differentiators in technologies such as VRF-Lite. This provides for paravirtualized management instances, and clear lines of delineation for both software and hardware for a resource that can be shared between different groups within an enterprise.

Chassis that run NX-OS will support In Service Software Upgrades (NSSU) to allow operations groups to upgrade operating systems with zero downtime. This is accomplished through a combination of modular software architecture, and the decoupling for the control and forwarding planes.

One of my favorite features in SAN-OS is the embedded is fabric analyser. This is a tool that can sniff management traffic without having to plug in a sniffer, or provision a span port. You can dump in real time to a tcpdump like interface in the command line, output to a local file, or map to the ip of a wireshark instance that layer 3 access to the management port. Cisco again has taken the best of SAN-OS and bundled it with NX-OS. You will be able to remotely span management traffic without having to set up rspan, or trudge down to the datacenter to set up a sniffer.

Now, your router can call home right now so that is not a totally new feature. Smart Call Home was released recently into IOS. But that still doesn’t stop it from being a great feature. This allows you to configure NX-OS powered devices to mail an xml formatted troubleshooting email to TAC, and / or your support staff. This has been proven to drop the average time to resolution from 16-30 hours to 6 hours.

Now the drum roll…… All IP routing features are VRF aware. This has been a point of contention with me for a while. As Cisco and the market in general has embraced virtualization as an answer to pressing business concerns of leveraging shared infrastructure, while retaining security controls segregating disparate environments technologies such as MPLS and VRF within the datacenter have become more and more prevalent. That is great, however it never fails that the feature you need at that moment always seems to be coming out in the NEXT IOS release. With Cisco NX-OS 4.0 this is no longer a question.

Now, if I was a CIO and I was reading about all these new technologies that Cisco was pushing with NX-OS, I would frankly be cautious, and rightfully so. The thing is, most of these features are not new, they have been in use, and in production under the most stringent uptime conditions in the world – storage networking. They have been tried and tested on Cisco’s MDS line of storage networking switches. So get comfortable, get educated, but most importantly get on board for DataCenter 3.0.Similar Posts:

• The emergence of MDS features in Cisco’s datacenter networking equipment
• Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers
• New features in VMware 3.1
• Link Round Up – L2TPv3 FCOE Trill Wounded Warriors
• Arista Networks – Their approach to cloud networking
• About Colin McNamara

--Colin McNamara

Cisco NX-OS 4.0 | Next Generation Internet Operating System

CERTIFICATIONS / ACCREDITATIONS HELD

• CCIE – Cisco Systems Internetwork Expert #18233
• VCP – VMware Certified Professional
• CDCUCSS – Cisco Data Center Unified Computing Support Specialist
• VSP – VMware Sales Professional
• VTSP – VMware Technical Sales Professional
• TSS – Cisco Technical Solutions Specialist, Data Center
• GCIH – GIAC Certified Incident Handler
• CCVP – Cisco Certified Voice Professional
• CSNSSS – Cisco Storage Networking Solutions Support Specialist
• CSNSDS – Cisco Storage Network Solutions Design Specialist
• CADCNSS – Cisco Advanced Data Center Networking Infrastructure Support Specialist
• CCIE Storage Networking
• RHCE v4/5 – Redhat Certified Engineer #804006368822511
• RHCT v4/5 – Redhat Certified Technician #804006368822511
• EMCPA – EMC Proven Professional Associate – Information Storage and Management
• NSCA – Netscaler Certified Administrator #2005072
• NACE – Network Appliance Certified Expert #12912
• NACP – Network Appliance Certified Professional #12017 – Data Protection
• NACP – Network Appliance Certified Professional #11985 – Storage Area Network
• NACP – Network Appliance Certified Professional #12911 – High Availability

Retired Certifications

• Cisco Qualified Specialist – IP Telephony Support
• Cisco Qualified Specialist – IP Telephony Design
• Cisco Qualified Specialist – IP Telephony Operations
• Cisco Wireless LAN Design Specialist
• Cisco Wireless LAN Support Specialist

PROTOCOL PROFICIENCY

EIGRP, OSPF, RIP, BGP, MPLS,  Spanning Tree, Rapid Spanning Tree, VPC, VSS, VDC, TRILL, Fabric Path, OTV ATM, RTP, SIP, H.323, LWAPP, RADIUS, TACACS+, Ethernet, Fibre Channel, iSCSI, NFS FCIP, FCP, FSPF, NDMP 802.11a, 802.11b, 802.11g, RBE, ISDN, SNMP

Virtualization , Parallel and High Performance Compute Platforms

VMware ESX, Kernel Virtual Machine, Xen, Platform LSF, Sun Grid Engine, Hadoop

VOICE and VOICE OVER IP

CallManager, Unity, ICS7750, PBX Trunking, SRST, Active Directory Integration, Extended Services, Call Detail Recording, Automated Attendant, Extension, Mobility, Asterisk, Callware and VSR VM.

HARDWARE

Cisco Unified Computing System (UCS) 6100, 2100, 5100, Nexus 7000, Nexus 5000, Nexus 2000 and Nexus 1000v switches, Catalyst 1900-6509 switches, 1600-7500 series routers, Cisco PIX firewalls, Cisco Load Balancers, Cisco

MDS , F5 Load Balancers, Netscreen / Juniper Firewalls, Cisco VPN3000 VPN concentrators, Cisco ASA Adaptive Security Appliances, Nortel Contivity VPN Concentrators,  Aironet Access Points and Bridges, Airespace LWAPP

concentrators. 3com TotalConnect racks, Ascend dial concentrators, Netscaler Load balancers, SSL accelerators, SSL VPN concentrators. Brocade Silkworm, HP Eva Storage

NETWORK MANAGEMENT

Nagios, Cacti, NTOP, IPswitch What’s Up Gold, BIG Brother, Spectrum Network Management, Kiwi Syslog,, MRTG , HP OpenView, Cisco Secure Intrusion Detection system,

Cisco Network Based Application Recognition, Snort IDS, Netscreen Firewall Manager, Unified Compute System Manager

OPERATING SYSTEMS

Redhat, Suse and Ubuntu Linux, Windows 2000, Windows 2003, Windows 2008, Windows XP, NT4.0, BSD, Solaris, OSX

BUSINESS ENVIRONMENTS

Consulting, Valued Added Reseller, Large Enterprise, Startup, Banking, Service Provider, Software Development, Manufacturing, Military

EMPLOYMENT

6/11 -  Present , Nexus IS

Director, Data Center Practice

Responsible for got to market strategy for Nexus IS, a national Cisco DVAR.

Accomplishments

• TBD

1/07 – 6/11, ePlus Technology

Consulting Systems Engineer – Data Center (10/08 – 6/11)

Transformed ePlus western region from a #3 and #2 ranked voice and campus partner to the #1 ranked Data Center partner in Northern California

Accomplishments

• Changed regional sales focus from technology silo’s to solutions based selling covering network, systems, storage and applications under one umbrella
• Developed and deployed go to market strategy for Cisco’s Unified Computing System resulting in significant competitive advantage in the western United States.
• Deployed the first Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.

• Increased Data Center revenues year over year in the worst economy in a century.
• Attracted and retained top industry talent.
• Leveraged unique technology positioning to win multiple key global clients.
• Partnered with business units inside of Cisco, resulting in key product enhancements as well as increased revenue for both ePlus and Cisco.
• Passed multiple certifications resulting in ePlus being able to sell and install EMC Vblock.

1/07 – 6/11, ePlus Technology

Senior Systems Engineer (1/07 – 10/08)

Accelerate Technical Sales, design and implement network, storage, voice and systems solutions for ePlus Southern California customers.

Accomplishments

• Changed regional sales focus from technology silo’s to solutions based selling covering network, systems, storage and applications under one umbrella.
• Established a trend of Advanced Technology account wins.
• Accelerated ePlus’s southern California sales by providing high-end engineering support.
• Integrated MPLS service provider designs into cutting edge Enterprise and Casino Gaming solutions.
• Filled PM and lead network engineer roles for large publicly traded company data center migrations.
• Created modular Cisco design / quote format and menu based hardware and services options to address rapidly changing customer needs.

9/05 – 1/07 ID Analytics

Lead Network Engineer

Lead team of four engineers, Define network and application integration architecture for large SaaS (financial cloud) analytics deployment , Leverage networking technology to increase security and availability, and decrease development and product deployment timelines

Accomplishments

• Led team of engineers responsible for all Production and Back Office systems in 2 offices and 3 datacenters
• Designed and Implemented ID Analytics Phase2 datacenter, processing 1.8 million financial transactions daily.
• Designed and Implemented Contents Switching and SSL offloading solution, enabled non-disruptive scaling of core products
• Integrated ID Analytics product with the largest card processors in the world – Equifax, Visa, TransUnion, etc.
• Designed and integrated centralized Fiber Channel and ISCSI SAN solution, increasing application speed and decreasing production database refresh times from 4 weeks to 1 week.
• Managed and maintained over 130 terabytes of storage
• Created lights out server imaging and deployment solution for remote datacenters
• Deployed and integrated monitoring solutions utilizing open source technology
• Created user emulation probes for real time application monitoring and trending of production systems
• Worked with development and Analytics to create structured Development and QA environments
• Spearheaded project to change Analytics / Informatics environment from “unix for workgroups” to high performance computing environment (HPC)
• Provide structured documentation to US Government and Corporate auditors
• Utilized project management skills for international rollouts

2/04 – 8/2005 Openwave Systems
Senior Network Engineer, Strategic Design and Integration Group
Provide technical leadership, Define network architecture, Establish standards and technical vision. Responsible for researching, developing, and architecting technical solutions to business needs.

Accomplishments

• Designed Openwave’s new Pacific Datacenter Networks, with 900 production, and 2000 development servers.
• Designed Openwave’s Pacific Shores Campus Networks, and Showcase Datacenter.
• Responsible for hardware acquisition budget of 1.7 million dollars
• Established ISCSI IP based SAN infrastructure with DR components in 4 major datacenters worldwide
• Promoted from the ranks, moving from running our VOIP phone systems, to Network team lead, to Senior Network Engineer in the Strategic Design and Integration team.
• Active and engaged member of multiple boards covering design review, change control, and security
• Negotiated with Cisco and SBC regarding datacenter purchases saving $906,000 off list price.
• Renegotiated Cisco support saving Openwave nearly $600,000 over our three year term
• Established improved data center controls, allowing Openwave to pass Sarbanes Oxley (SOX) audits
• Wrote and ran multiple RFP, RFQ, and RFI’s
• Utilized project management skills for international rollouts
• Managed, Piloted, and Installed new wireless systems for our Customer Briefing Center
• Responsible for 6 VOIP clusters around the world
• Recipient of multiple awards recognizing dedication and quality work.
• Attended continuing training for security management (CISSP)

2/03 – 1/04 USMC Reservist activated in support of Operation Enduring Freedom
Information Services Coordinator
Implement and maintain Tactical Data Networks, Provide consulting services to hosting units. Maintain Microsoft Exchange servers in both tactical and garrison environments. Perform security audits and remediation. Train support personnel.

Accomplishments

• Performed Disaster recovery of routed ATM LANE environment for Marine Corps Air Station Yuma enabling over 3000 users to resume work (awarded the Navy and Marine Corps Achievement Medal for that event)
• Performed security audit and created a security and performance remediation plan for MCAS Yuma
• Provided project management and security audit skills to 3^rd Marine Air Wing Yuma server support teams, managed server security audit, security remediation, and SMS rollout.
• Designed and implemented Nagios network monitoring system at Marine Corps Air Station Yuma.
• Implemented Norton Antivirus server for MWSS 473
• Provided training on to data teams from MWSS 473, MCAS Yuma Station IT, and 3^rd Marine Air Wing Yuma server teams.

12/02 – 2/04 2 Cups Solutions, Pleasanton , Ca
Principal Consultant
Founded 2 Cups Solutions to provide cutting edge Voice, Data, Wireless and Security services to clients in the San Francisco bay and Fresno areas.

Accomplishments

• Implemented WAN failover solution at two City of Hayward fire stations.
• Implemented email and web solution for Express Mobile Notary.
• Developed and implemented business plan focusing on State and Local Government contracts.

2/02 – 12/02 ExtraTeam, Pleasanton , Ca
Senior Systems Engineer
Design, Installation, Configuration and Maintenance of network systems consisting of Cisco CallManager, Unity, Cisco Secure ACS, LEAP secured wireless, Aironet, Cisco routers and switches, PIX firewalls, and VPN3000 concentrators. Integrating all systems with Active Directory. Performed VOIP feasibility studies. Managed the entire business cycle including sales, design, installation, training and maintenance.

Accomplishments

• Integrated CallManager voice system with Active Directory
• Recovered a failed CallManager implementation at Phase 2 Strategies (PR firm for Logitech). Implemented CallManager with up to date hardware and software, upgraded Unity up to reasonably current levels. Brought up remote office in Phoenix utilizing SRST.
• Implemented City wide wireless network integrated with active directory for the City of Hayward
• Implemented VPN Concentrators in conjunction with multiple levels of firewalls for City of Hayward and Hayward PD to meet CLETS requirements.
• Implemented network configuration management system responsible for the city of Hayward.
• Implemented new wan for Livermore Pleasanton Fire department moving fire stations from isdn to T1 and Gigabit fiber lines in conjunction with moving the location for the network core.
• Designed and implemented IPSEC based wan for Universal life resources, allowing nationwide secure remote office connectivity while minimizing wan connection costs.
• Designed CallManager based VOIP system for a 27 site school district
• Provided emergency support to Fire and Police agencies across the bay area
• Performed security remediation for a large bay area company
• Participated in large switched network cutover from 7500 to a 6509 with flex-wan modules for Stanislaus County.
• Achieved technical certifications for ExtraTeam to become certified under both the Wireless and IP Telephony revised specifications.

7/01 – 2/02 Infobond Inc. Burlingame , Ca
Network Engineer

Responsible for engineering duties in a leadership role. Integrated legacy PBX’s using VOIP technology. Used Quality of service to ensure VOIP service levels. Support legacy voice over IP and voice over Frame Relay technologies. Upgrade from legacy voice integrations to state of the art VOIP integrations. Create project plans and act on them.

Accomplishments

• Cut over evergreen lines shipping terminal from legacy 3com equipment to VOIP enabled Cisco routers and switches. Accomplished all work during Union stand downs.
• Contracted to Openwave, Inc. to run Remote Access while the engineer was on leave. Ran Remote Access for 5 weeks, resolving DSL RLAN issues and IPSec issues, while reducing trouble ticket backload to manageable levels. Assisted other engineers when needed.
• Implemented Cisco 6509’s to replace aging core network of a Benchmark Capital (bay area investment firm).
• Diagnosed and resolved VOIP issues that were stopping call center rollouts for Embarcadero Systems (a large bay area shipping company).

03/00 – 7/01 Knapp Publishing Corporation, San Ramon, Ca
Network Systems Administrator

Responsible for day-to-day operations of e-commerce data center, and wide area networks Performed DNS changes for both internal and external networks. Designed, piloted, and implemented network changes. Installation configuration and maintenance of NT, and Windows 2k file, print, and web servers

Accomplishments

• Improved service levels from 90% to 99.99%, enhanced security and increased bandwidth were benefits derived from implementing a state-of-the-art web hosting data center
• Implemented a network monitoring system to document, report, and notify of network status.
• Designed and implemented ISDN failover of Frame-Relay Network.
• Designed, piloted, and implemented network changes.
• Replaced NT servers with Linux based servers, integrated with the Windows network

01/98 – 03/00 DKA Computers Inc. Clovis, Ca
Manager Information Services (01/99 – 03/00 )

Ran day to day operations of a large valley ISP. Worked with systems manufacturing to bundle client software with all new PC’s. Partnered with local ISP’s to provide access numbers across the valley.

Accomplishments

• Managed web development, and professional services
• Moved web hosting from IIS on Windows NT to APACHE on Linux based servers, drastically increasing site availability
• Produced a forms based web application to configure custom systems online.
• Designed and implemented an IPSec based WAN connecting 3 stores point of sales systems.
• Managed corporate office and data center relocation project.

Senior PC Service Technician (01/98 – 01/99)

Provide on call service. Staff PC help desk. Provide direct customer systems support while maximizing company revenues. Configured all servers ordered from manufacturing.

Accomplishments

• Responsible for all day to day service activities for a 13 million dollar company. Management of 4 team members. Directly responsible for customer satisfaction
• Implemented hard drive imaging system, decreasing both warranty costs and turnaround time
• Installed and configured SCO Unix reservation system for National Park service, Kings Canyon
• Deploy Citrix Winframe Systems, Windows NT 4.0 Systems
• Designed, implemented inventory tracking database, reducing required stock on hand by $40,000

MILITARY

1996 – 2004 UNITED STATES MARINE CORPS RESERVE
Have held U.S. Government security clearance – Secret

EDUCATION

Ongoing professional education

Sans CISSP + Track

University of Oklahoma extension – Fire Science

Cisco Networking AcademySimilar Posts:

• What does it take to pass the CCIE exam?
• I’ll be at Cisco Live 2008 (networkers) in Orlando all week
• About Colin McNamara
• Cisco Certified Design Expert – CCDE – officially released by Cisco
• Challenges integrating VMware into Cisco networks
• Darrel Hinshaw – New Triple CCIE [Storage]!!!!!!!

--Colin McNamara

Resume – Colin McNamara, CCIE #18233