Polishing up your networking skills

I don’t know about you, but I learned about IPv4 back in the olden days and “pretty much” got the gist of the major concepts. You have:

  • The classes (A, B, C, etc) and concepts around routing. This went away was replaced with the more-versatile CIDR classification.
  • The reserved IP address ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, etc)
  • Router Information Protocol (RIP) and how routers share route information.
  • Etc, etc…

Like most people, I’ve picked up more tidbits along the way too. But basically, having a baseline of network understanding can be enough for most things in IT – from being a developer, or doing systems management. Unless you are a network engineer as your profession, just knowing the basics will get you by.

https://upload.wikimedia.org/wikipedia/commons/thumb/6/64/Cisco_logo.svg/1280px-Cisco_logo.svg.png

However for me, in a couple of recent projects, I realized I didn’t really have a good a grasp as I thought, on how internetwork and intranetwork routing works. This becomes more of a problem as you work with cloud providers and use site-to-site VPN setups.

If you are working with setting up cloud providers, you kind of need to have a deeper understanding of these more complex routing scenarios.

For example: How do you actually configure a router to have alternate paths to a destination? Including – should one route be a fail-over or should they be used round-robin for load-balancing?

https://i.stack.imgur.com/XCy1c.jpg

I also learned that I hadn’t kept up with things like Open Shortest Path First (OSPF), which has really replaced RIP – and also was not up to speed on Border Gateway Protocol (BGP), how independent networks advertise their routes to one-another.

I still regularly check-in with IPv6 to see if it has gotten any better too (see my not-so-favorable post on IPv6). If you need to support IPv6, then you have to account for that in routing too, obviously!

So, where does one start with getting up to speed on these modern networking topics?

The Problem:

I realized I had two issues:

  1. I need to find sources to learn about this stuff and get caught up on several of these topics.
  2. I need a way to test this/work on actual routers – what should I buy, where do I buy them?

My goal was to become operational with Cisco routers for both Internal Gateway Protocols (IGP) used within an organization/routing domain and Exterior Gateway Protocols (EGP) used with interacting with cloud providers, or connections to other organizations (disparate routing domains).

Solution Part 1 – Education:

Well problem #1 is easy. For the whole of human history, education was expensive and difficult to get, But now, in the information age, ignorance is a choice!

We no longer live in that age scarcity for education.

You can get whatever kind of information you need for free or little cost. I commonly use: PluralSight, Udemy, and StackSkills for example. Pluralsight is subscription-based which your employer should be paying for, and the other two are where you buy specific courses. It’s common for a 40+ hour, high-quality course to be like $10 or $14.

Specific to this topic, I’ve run across a couple of really great courses to get up to speed on some of this:

That Pluralsight course – the instructor is very good, and that filled in some cracks in my understanding of route advertisements and how redundant routes are handled. He has a whole series of course based on different Cisco certifications.

That Udemy course which is $10 right now by the way, covers really EVERYTHING about networking from addressing, routing, to advanced router and switch features. It’s quite complete, in case you need to learn (or a refresher) on the entire network stack.

Solution Part 2 – Hardware:

OK – so have learning resources in place, but to learn this stuff, we really need a place to work; a place to model out these network scenarios. I usually like to buy some old, cheap equipment on eBay to go test these things out.

So, I spoke with one of the most knowledgeable networking people I know and asked: what should I pick up for hardware for learning and testing? If you’ve never looked, there are hundreds (maybe thousands?) of models of Cisco routers all which have slightly different options and features. Where do you even start?

Despite that, if you do want to get actual hardware, the Cisco 3750G or the newer 3850X are good middle-of-the-road places to start.

However, if you just want to model what you are learning, there is a REALLY cool option that doesn’t involve buying anything – in fact, it’s software you can run on your laptop (Win/macOS/Linux) and it’s free:

https://www.gns3.com/assets/images/logo-colour.png

Graphical Network Simulator
https://www.gns3.com

What makes this so amazing, is that you can graphically lay our your network in an editor on your computer. Then, you can actually SSH into your routers which are like router VM’s running the REAL Cisco IOS. In other words, you can design and test your network completely on your workstation – and even generate scripts for what you need to implement. Really cool concept!

Learning how to use GNS3:

The GNS3 simulator is pretty much THE tool for this particular need. That means there are many, many resources for learning how to use it. It’s a very mature product with a lot of things TO learn about it. Here’s a playlist I found that has great information and walks you through every part of installing, configuring, and using GNS3:

YouTube – INEtraining
https://www.youtube.com/user/INEtraining/playlists

And here’s the playlist I went through (https://www.youtube.com/watch?v=vVYWrgAOke4&list=PL3UpcvaDU_Fkfu9wnEBvF_XBR6KeMg8jv):

Where to find Cisco IOS router images?

In order to use GNS3, you need actual Cisco IOS operating system/firmware images. This is the software that actual routers use. You need the actual firmware that runs on actual routers.

Where do you find these? The answer is obvious: you should contact Cisco and look at purchasing an enterprise contract so that you can get access to these images.

The prices aren’t on the website, the prices are so high that you need to talk to an account executive to find out.

You should definitely NOT do searches like “ios images for dynamips gns3” or find sites like this which have a bunch of images for you to use. After all, there could be malware in that machine code, and it would also leave you out of compliance with licensing requirements for Cisco! So, do not do that!

Now – assuming you’ve spent a few million on your Cisco Enterprise Subscription and have downloaded maybe a model 3745 image, you will be prompted on first-run of GNS3 to set up your first router.

image

What is kind of cool about this is that when you define the router, can add the equivalent of physical add-ons. For example the “NM-16ESW” is the equivalent of a 16-port EtherSwitch module. So, you can work with limited, or decked-out virtual routers.

I highly recommend going through the YouTube playlist above – it walks you through how to set up a virtual router, plus all of the other important features of GNS3.

Using the GNS3 software:

Gadzooks – ok, so we learned some new things from Pluralsight and Udemy, we got GNS3 installed and configured, we cut a check to Cisco for our Enterprise Subscription so that we could have access to a couple of .bin files, for the privilege of learning how to use their products (we definitely did NOT download free firmware images from the internet).

Now we are in a place where we can put all of it together! I won’t go into great detail here – again, take a look at that INEtraining playlist above. However, to whet your appetite, here’s just a quick overview of some of the key elements:

image

Virtual PC’s (VPCS):

First, you can create “virtual PC’s” – which aren’t PC’s as-in Windows, but they are simple network devices you can use as endpoints, to test connectivity:

image

Basically, you set the IP address and network settings – and after that, you can do things like try DHCP, ping and telnet:

image

Routers:

Depending on what you’ve loaded-up for routers, you can connect into those, once you “boot” them up from within GNS3:

image

As you can see, this is an actual Cisco IOS shell. So although this is a “simulator”, you are simulating on the actual firmware of the real thing.

That’s basically it – you create a “link” between interfaces on your devices – then SSH into each one to configure. Even better, you can even use Wireshark to capture network traffic between the devices too! Very cool, indeed!

Bottom line:

I was very pleasantly surprised at the current state of network education, and particularly the tooling. GNS3 is absolutely amazing. It has some amazing uses:

  • Education – set up a fully-functionality, fully-testable, and sniffable network all from your laptop using real tools (like Wireshark) and real firmware (like Cisco IOS). This makes it easy to actually model-out an exercise that you are working on, without any cost or inconvenience of having to have (and plug into) physical routers.
  • Professional – before you head to client or field office, you can completely model (and TEST!) the configuration before you even order the hardware. Even better is that you can export your scripts. From those scripts, you can make sure your physical hardware is set up identical to what you modeled and tested in GNS3. Even better than that, you can store your GNS3 configuration and your scripts in Git and you just created a versionable Infrastructure-as-Code (IaC) setup for your routers!

I thought I’d share what I’ve learned in terms of setting up your learning environment. For me, now that I have an easy way to set up, configure, and test network routing scenarios, I’ll be going through some more courses and will continue to shore-up my networking skills.

Posted in Computers and Internet, General, Infrastructure, Professional Development, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3 other followers

%d bloggers like this: