Author Archives: wirednot

About wirednot

WLAN Professional, Writer. thinker of big thoughts. Proud of my kids, love my wife, thankful for my primary employment and good fortune in being able to do other things on the side. I'm a well-travelled homebody, and frequently find that adventure has sought me out to tangle a a bit. Buy me a beer, I'll tell you some war stories.

Forti-much to Appreciate at Mobility Field Day 4

Fortinet-logo-250x82About a month has gone by since I sat in a conference room at Fortinet HQ out in Sunnyvale during Mobility Field Day 4. As I review the presentations my fellow delagates and I saw first hand, I realize just how much information Fortinet’s Chris Hinsz put in front of us. Though the this was Mobility Field Day, it’s getting harder to cleanly slice off just the wireless parts from almost anyone’s product lines. With Fortinet, we not only saw the whole enchilada,  but were treated to the entire Big Hombre Combo Platter.

Fortinet is always an interesting visit, for me. The company’s networking product line and architecture always piques my interest, never having been a Fortinet customer. It’s not uncommon to sit at the competition’s offices and sometime just feel utterly smothered by market-speak, licensing paradigms, and gratuitous complexity.  I never get that vibe at Fortinet. At the same time, the Fortinet offerings feel complete, well thought-out, robust, and not lacking in anything- like they figured out a way to do what the other guys are doing without feeling the need to puff it up in all the wrong places. They must be doing something right as even though we didn’t talk much about it, Fortinet is growing and building a new HQ.

Back to the Mobility part of this Field Day event. We did get a look at Fortinet’s starting 802.11ax/Wi-Fi 6 wireless access points:

Fortinet1

And we learned of their radio flexibility:

Fortinet3

There’s a lot more here to consider as well as Fortinet looks towards the 802.11ax world that is coming soon. We got into new multi-gig FortiSwitches to connect those APs to, various management and control options, and a tiny taste of hundreds of features added to the latest FortiOS version. Then there is IoT Security, RF Management, SD WAN and sooooooo much more.

Fortinet is and always has been about security, so it wasn’t surprising to hear about a couple of innovative new tools in the mix to round out an alrady impressive solution set:

Fortinet2

And the story just gets bigger. There is way too much to capture in a single blog, and so I recommend watching the recorded presentations from MFD4.

On a personal note- if you ever get a chance to talk with Chris Hinsz, make sure you take the opportunity. He’s just a genuine, wonderful guy to spend a little time with. It doesn’t matter if you’re talking technology or life in general, you can’t not feel good after hanging with Chris. 

 

Don’t Forget About Those OTHER Meraki MX Firewall Rules

I’m a long-time user of the Meraki MX security appliance product line. Going way back to the MX-70, I have found tremendous value in what the MX products can do for my far-off sites. (Here’s an old- and I mean old- case study that gets into the early appreciation of the MX line.) I’ve probably set up maybe 65ish total MX devices through the years in multiple states and countries, doing site-to-site VPN, stand-alone, and also some pretty creative configurations. Despite my experience, I was recently reminded that I don’t know it all about a product that I feel extremely comfortable calling myself an expert on.

In one remote site that connects to the main network with site-to-site VPAN, an NTP vulnerability was flagged on a couple of audio visual devices. The device vendor was of absolutely no help (go figure), and our security team asked if we could help from the Meraki side. “Oh sure…” says I. “We got a firewall to leverage.”

We needed to cabash NTP between the remote site and the main network. I pulled up the Firewall page on the MX and set to work. This is an area in the MX I’ve probably manipulated maybe a couple of dozen times, for everything from stopping phantom ringing on 3rd-party hosted IP phones to simple outbound protocol blocks.

L3 Firewall

That image represents like three stages of desperation in getting rules right- as nothing I did worked. I simply could not tame the NTP beast to/from the two hosts, and it was making me feel silly. My first inclination was to blame Meraki- surely this stupid box must have issues! Except it didn’t… about the only thing Meraki could have done is perhaps mentioned on the L3 Firewall Page that there is a seperate firewall rule set on the VPN configuration page for site-to-site rules. That looks like this:

Site-to-Site FW

I had just never did firewall rules for the site-to-site tunnel. I didn’t know after many years! But I did leverage the Meraki “search our documentation” repository to get educated, with this document that explains it. There’s nothing complicated about it, you just have to know where to find it the first time you need to configure rules for the tunnel versus the Internet edge.

And now you know, too.

 

The Network is Code: Cisco at MFD4

It’s always a bit of a thrill to visit Cisco HQ, and to step within the walls of this global network powerhouse. I got to do that again at Mobility Field Day 4, and as usual the presentations and the visit just went too fast. Such is the way these events go… On this go round, Cisco offered us:

Each is interesting and informative, especially when combined with the delagates questions. You’ll be glad you watched them, if you haven’t yet.

But something else jumped out at me at this event, and it may seem silly to even mention. Have a look at this sticker:
Code Pic

The wording of it got my mind working. In a number of directions.

I’m just sharing what’s in my head as a long-time Cisco wireless customer as I ponder the message on that innocous sticker.

I’m glad to see that CODE is the network, because it hasn’t always been. CODE, as presented like this, implies “reliable code, as surely you don’t want an unreliable network”. To that I would add “especially at the costs charged for licensing the hell out of everything”.  The sticker mentions CODE + the 9000 Catalyst Series, and perhaps sends the message that it’s a new day for reliability? On that topic, the CODE in this case is IOS-XE, which displaces AireOS as what powers the Cisco line of wireless controllers. I do hear often that “IOS-XE has been out a long time so it has to be solid by now” kinda talk.

I’m not sure I buy into that, but am hopeful. If I’m a little skeptical, it’s because IOS-XE packaged as a wireless controller brain is a new paradigm, despite the maturity of the OS. And… despite many, many mea culpa  sessions in private with Cisco’s wireless business unit through the years over wireless code quality, I have yet to see any sort of public-facing commitment to not repeat the development sins of the past as the new magic seeks to gain traction. This bothers me, in that I don’t know that the background culture that allowed so many problems with the old stuff isn’t being carried over into the new. My problem, I know. But I’m guessing I’m not alone with this feeling.

The other thing thing that this sticker has me thinking about is this: if  the network is code, why do I need controller hardware? Yes, I know that the 9800 WLC can run in VM- but VM instances ultimately run on hardware. As a big Cisco customer with thousands of 802.11ac access points that run the latest AP operating system, I would love to be totally out of the controller business (and all the various management servers needed) WHILE KEEPING MY INSTALLED ACCESS POINTS. If the network is code, maybe let me point these things at my Meraki cloud and simplify life?

I’m just one man, with opinions. But that sticker did get me thinking…

 

Code, Heal Thyself: Mist Systems Brings Something Badly Needed to WLAN Market

If you do any profession long enough, you’ll experience all sorts off good and bad along the way. For me, “good” has been the honor of providing reliable Wi-Fi to hundreds of thousands of client devices through the years, and “bad” has been fending off downtime and damage to organizational reputation when code bugs hit. Why focus on code bugs? To me, they are the one huge factor in WLAN system operation that we as wireless professionals can’t control. We can get everything else right from RF environmental design to RADIUS server capacity to onboarding clients, but we can’t defend against what evil lurks in the lines of code that runs the system hardware. Nor should we have to- that’s where we expect vendors to hold up their end of the deal on hardware and software that ain’t getting any cheaper.

Oh, how I have bitched and whined and complained about code bugs through the years. There was “The Horrible Bags We Hold For WLAN Vendors“. And “Code Suck Regulation: Should We Sue Vendors For Major Code Bugs?” I got a bunch of them… and it’s not just me. One of my favorite people, Jake Snyder, laid down a really good video lament on the topic. No one can forget my own video from the Wireless LAN Professional Conference in 2017 where I detailed real-world impact of code bugs. It’s a real thing, ya’ll.

I titled one post on the topic “Will Reliability Be Prioritized Before Wi-Fi’s Whiz-bang Future Gets Here?” (a house built on suck cannot stand).  This one jumped to mind yesterday as I sat in a Juniper Networks conference room in San Jose and heard Mist Systems talk about reliability. What I heard was refreshing.

Mist CTO Bob Friday and his crew presenting at Mobility Field Day 4 detailed how the company’s AI does all kinds of things- but among the most important is finding it’s own system anomalies. The gravity of the point is fairly significant, as one vendor after another wants to put a dashboard in front of you that calls out anything and everything as a wireless problem for you to chase after, but none that I know of will raise their hand and admit “OK- I’m actually the problem here… me, the system. I screwed up… I’ll fix me so we can all move on. Beg your pardon…” But now Mist is promising that, and it’s huge.

CTO Friday not only called out this capability, but was kind enough to give me a shout out for my years of crying like a school girl about code bugs, which was thoughtful.

IMG_3558.jpg

Well done, Mist Systems! There was a hell of a lot more to the presentation- and in the couple of hours I listened, I was impressed that Mist has managed to boil the hype off the concept of AI and actually did a decent job of explaining real-world, practical applications and benefits. There are several videos from the session, and they are worth watching.

More about Mobility Field Day 4 here.

 

Say Hello to NetAlly- a New Old Friend

When it comes to wireless tools, there are some products that are just beloved by most of us in the trenches. When conversation turns to WLAN verification and characterization,  the AirCheck G2 comes up pretty quickly. I’ve written about it on occasion myself, like here.  My friend Sam Clements has also covered it, and the Air Check G2 and other related products were featured prominently at last year’s Mobility Field Day 3, under the NetScout banner. The G2 and it’s related products are easy to appreciate, and get their fair share of coverage, as it should be.

But things change in San Jose.

The AirCheck G2 and select other NetScout tools and software have spun off into their own new company, called NetAlly. The press release can be found here, and the new NetAlly product family includes all of these from NetScout:

So… some tools we know and love have a new logo… big deal, right? It actually is, as NetAlly’s focus on a smaller product set (handhelds/laptop software) should bode well for product development and updates.

Speaking of which-  the new company will be presenting at Mobility Field Day 4, which can only mean new magic will be revealed. I’ll be watching it first hand, on site as company reps do their announcements. More information on that session, with eventual video  of the live streamed event, can be found at this Mobility Field Day page.

Given that the G2 products have a huge following (and many of us are waiting for AirMagnet to get new development before we pay for ongoing support), this will absolutely be worth following.

Ally

What I Hope I Don’t Hear at Mobility Field Day 4

With another Mobility Field Day 4 coming up soon, I can’t help but ponder what this year’s briefings will bring. (If you’re not familiar with Mobility Field Day or the Field Day franchise, have a look here.) As I bang this blog out, the agenda features:

  • Aruba
  • Cisco
  • Fortinet
  • Metageek
  • Mist
  • …and a secret company you’ll all find out about during the event

This list may or may not grow a little, we never know right up until the last minute. As is, it’s a nice mix of old-guard industry leaders, up-and-comers, crowd favorites, and tool-makers. The event is gonna sizzle as each vendor attempts to show their newest offerings and best face, and I’m both proud and priveleged to be in attendance.

That being said- As a loooong-time Wireless Doer and frequent delegate for Field Day events, I’d like to share some of what I sincerely hope I DO NOT see and hear at this awesome event. This is a voice from the trenches speaking…

  • AI and Machine Learning as THE THING. Given the line-up of pesenting vendors, I promise that you’ll get intoxicated if you take a drink everytime you hear “AI” or “machine learning” during MFD4. I’m all for letting the world know that these processes are at work under the hood- but companies also have a way of overselling buzzwords. Just because a vendor has incorporated artifical intelligence, machine learning, SDeverything, analytics, etc, it doesn’t mean the product won’t ultimately be problematic. There needs to be more to the presentation than “AND WE FREAKIN’ USE AI- NOW CUT US A P.O.!”
  • Over-Licensed Proprietary Features Masked as Innovation. Vendors have the right to charge whatever they want, and some have certainly turned complex licensing paradigms into huge cash cows.

    Hear me now vendors: license away- but know that fair play counts. And some of you have lost your sense of fair play in favor of squeezing every rediculous cent out of long-time loyal customers with obscene, over-complicated license paradigms that are poorly disguised as “innovative”.  You can show us the most useful and revolutionary features in the world, but when even your own sales folk get tripped up in the complexity of licensing, the aftertaste is not worth using the feauture set.

  • BMW Pricing for Ford Fiesta Feature Sets.  If it’s buggy, incomplete, “coming in Q1 next year”, bundled with a slew of other functions we really don’t want, or implemented with an out-of-touch developer’s view on wireless, it is not worth a premium. Back to the fair play thing- roadmap feautures are fine. But don’t charge me today for what I can’t use for 6-12 months. Or expect customers to be thrilled to pay for a laundry list of features they don’t need to create the illusion of some kind of wonderful deal is at hand. Be San Jose and let your merits carry you, and not Detroit- I’d rather have another vascetomy than visit a car dealership.
  • A New House Made of Crap is Still a House Made of Crap. There are product sets on the market that are long in the tooth and perpetually problematic and buggy. The delegates in the rooms at MFD4 will be all too familiar with hidden TCO that comes with lack of QA and rushed-out-the-door code and hardware. I sincerely hope that we don’t hear about “new” anything being added to product sets that need to be sunsetted for everyone’s benefit. In this spirit I would also like to hear honest explanations about how whatever new stuff is coming is developed with higher QA standards than in the past applied. It’s fun seeing RF test facilities and such, but the radios usually aren’t the issue- it’s substandard code that runs the radios. It’s hard to get excited about new features added to old problems.
  • Dahboard Fever. Marketing departments love to wow us: “each of your network users will have 87 IoT devices on them by next year- YoUR NETWORK IS NOT READY”. Besides baseless huge numbers and predictions of overwhelm, another trick is the accross-the-board generalizations that we all have deep, deep problems that only one more dashboard can solve. So what if you have more dashboards now than you can monitor- this next one is THE fix, and will scrape all of the dumb off your ass to bring clarity at long last. Pffft.

You’ll notice that my little list here really doesn’t just apply to Mobility Field Day. To me, it’s just common sense narrative that applies to vendor relationships day in and day out. But I also know that too often product managers and C-levels have a distorted view of how wonderful their stuff is, and hopefully Field Day gets us a little closer to honest, direct dialogue with those vendor bigs who may only get filtered feedback.

There is a lot to get excited about right now out there in WLAN Industryland… 802.11ax, WPA3, 5Gish stuff, new operating systems, fresh analysis resources, and a slew of technologies all ready to propel our networks and the industry forward. But it has to be based in reality, attainable, affordable, and implemented with STABILITY for end users in mind.

See you at Field Day.

___

Note: on Twitter, follow @TechFieldDay and #MFD4 for this event, August 14-16

Wyebot Adds Feautures, Ups It’s WLAN Performance Monitoring Game

I wrote about Wyebot a few months back for IT Toolbox. It’s an interesting wireless network performance monitoring platform, and is among the more impressive tools of this type that I’ve looked at (think Cape sensors, 7signal, Netbeez, etc). Why does Wyebot appeal to me?

Wyebot16

For starters, the user interface hooks me. I know that this is one of those highly subjective things that hits us all differently, but I find the Wyebot dashboard easy to navigate, with a lot of value at each drill-in point. If you look at the IT Toolbox article referenced above, you’ll get a good introduction to the product, and here’s a nice summary of why the company feels that their multi-radio sensor is advantageous. That’s all well and good, but the point of THIS blog is that Wyebot has added new features in their version 2.2 code, and is listening to their customers and avaluators like me as they evolve the product.

Quick side note: I brought up with Wyebot that it would be nice to see “What’s New” release-notes/features listed somewhere in the dashboard, and as it is you have to click in fairly deep to tell what version is running, like so:
Wyebot17

If you miss the email that tells what features have been added, it’s hard to find that information anywhere else. That does a disservice to a decent product that is getting better with every update, so hopefully we see a change here in the near future.

But back to the 2.2 release. The bulleted list goes like this:

  • Network Test Graphs
  • Historical problems/solutions
  • Support for iPerf version 3
  • Enhanced Network Test result details
  • Enhanced ability to discover AP names
  • Auto-creation of Network Tests

And the details can be seen here in the release notes,Wyebot v2.2 Release Notes (July 2019).

Given that different environments have varying areas of concern, each of us will find different weights to the value of the individual feautures as Wyebot continues to mature. From Day 1, I’ve been impressed with the sensors’ ability to quickly characterize a Wi-Fi environment and monitor it for changes. I appreciate that the sensor can use wireless backhaul, and that it can serve as an iPerf server (versions 2 and 3), as well as performing as a wireless client even on 802.1X networks for testing authentication and such.

Perhaps my fovorite capability to date is being able to upload a pcap file to Wyebot and have it display what the capture means through the lens of the Wyebot interface.

There is a lot to like, and more coming with each release. If you’ve not looked at Wyebot yet, I think you’ll find that this start-up is holding it’s own among established competitors when it come to WLAN performance monitoring.