Category Archives: Cloud Networking

NetAlly Unleashes the Right Tester, at the Right Time: EtherScope nXG

 Change is both inevitible, and fickle. Vendors come, go, and buy each other. Some product lines that we love die on the vine, others thankfully go on to only get better with time. I sat in a room with the NetAlly folks at Mobility Field Day 4 and got an eyefull/earfull of teaser information on a slick new tester that would be released later in the year that would bear these notions out in spades.

I’m here to tell you- “later” is now, and the product line that we have grown to appreciate from its start at Fluke Networks, through it’s run as part of NETSCOUT, and now as the baby of spin-off NetAlly continues its tradition of excellence with the new Etherscope nXG.

Does this look vaguely familiar?
EtherScopenXG

If you own (or have Jonesed for) either the AirCheck G2 or the Link Runner G2, that color scheme will look familiar. But the EtherScope nXG’s overall feature set makes the very-capable G2 units suddenly feel a litlle less-than, despite each being a testing powerhouse in its own right. (And if you’ve been around a while, you might remember the old yellow EtherScope from the Fluke Networks

NetAlly brings the EtherScope to market right when it is needed. What do I mean by that?

  • With the 802.11ax tide starting to rise, troubleshooting tools need to keep up
  • On the wired side, NBASE-T and 10G are becoming facts of life
  • Bluetooth is penetrating the enterprise in interesting new ways
  • “Convergence” is one of those overplayed words in networking, but the reality is that both operations and support of those operations has very much seen a convergence and fewer of us do one or the other (not to mention work in data centers and server rooms)
  • Senior engineers can’t be everywhere, and it’s not uncommon to rely on others to gather data that we then analyze from some other location
  • Performance testing and detailed path analysis of different network segments can be daunting as topologies get more sophisticated.
  • Uploading of results to a cloud repository brings huge advantages in baselining, team-wide scrutiny, and reporting.

Networks are getting more complicated. Tolerance for time-to-problem-resolution is decreasing. The EtherScope nXG is marketed as a “Portable Network Expert”, and despite my frequent disdain for grandiose marketing plattitudes, I find this to be an apt description.

Rather than regurgitate the tester’s specs, let me point you to them here (scroll down).  The full data sheet from the product docs is here and shows the product’s impressive range nicely. And to get a feel for just what the EtherScope nXG can do, have a look at these videos that show several different testing scenarios.

I’m going to cap this one here. There is just sooooo much to talk about with this new tester. Yes, I know I sound borderline giddy and buzzed on the Kool-Aid- and I’m OK with that. I can tell you that the new tester feels good in the hand, and casual kicking of the tires is in itself impressive. I have an eval unit, and will be putting it through it’s paces for real in the near future. Watch for the next blog on the EtherScope nXG.

 

 

Don’t Forget About Those OTHER Meraki MX Firewall Rules

I’m a long-time user of the Meraki MX security appliance product line. Going way back to the MX-70, I have found tremendous value in what the MX products can do for my far-off sites. (Here’s an old- and I mean old- case study that gets into the early appreciation of the MX line.) I’ve probably set up maybe 65ish total MX devices through the years in multiple states and countries, doing site-to-site VPN, stand-alone, and also some pretty creative configurations. Despite my experience, I was recently reminded that I don’t know it all about a product that I feel extremely comfortable calling myself an expert on.

In one remote site that connects to the main network with site-to-site VPAN, an NTP vulnerability was flagged on a couple of audio visual devices. The device vendor was of absolutely no help (go figure), and our security team asked if we could help from the Meraki side. “Oh sure…” says I. “We got a firewall to leverage.”

We needed to cabash NTP between the remote site and the main network. I pulled up the Firewall page on the MX and set to work. This is an area in the MX I’ve probably manipulated maybe a couple of dozen times, for everything from stopping phantom ringing on 3rd-party hosted IP phones to simple outbound protocol blocks.

L3 Firewall

That image represents like three stages of desperation in getting rules right- as nothing I did worked. I simply could not tame the NTP beast to/from the two hosts, and it was making me feel silly. My first inclination was to blame Meraki- surely this stupid box must have issues! Except it didn’t… about the only thing Meraki could have done is perhaps mentioned on the L3 Firewall Page that there is a seperate firewall rule set on the VPN configuration page for site-to-site rules. That looks like this:

Site-to-Site FW

I had just never did firewall rules for the site-to-site tunnel. I didn’t know after many years! But I did leverage the Meraki “search our documentation” repository to get educated, with this document that explains it. There’s nothing complicated about it, you just have to know where to find it the first time you need to configure rules for the tunnel versus the Internet edge.

And now you know, too.

 

Mojo (Arista) Answers The Layer 2 Situation for WLAN Migration To Cloud

I recently wrote about the challenges, as I see them, with the Layer 2 aspects of moving from an established controller-based WLAN solution to one like Aerohive, Meraki, Mist, or Ubiquiti that is managed in the cloud. That article is here, at IT Toolbox.

Want the short version of The Layer 2 Situation? Being all about value, I can help you out… Let’s start with the simple view of VLANs that underpin a controller-based WLAN environment:

L2-1

Betwixt the switch and the AP you have a single VLAN. It’s simple, it’s clean. It’s not a spanning tree asspain. But cut into that single VLAN with your magic network knife, and you’ll find a CAPWAP tunnel with as many VLANs as you need. In large environments, that may be dozens o’ VLANs for various SSIDs scattered across thousands of APs.

Contrast that with the typical fat AP/cloud AP VLAN underlay:
L2-2

Ugh- see the difference? In those large WLAN environments- where thousands of APs equals hundreds of switches- you might have to configure thousands and thousands of switch interfaces to convert the simple CAPWAP-oriented LAN to the VLAN-heavy LAN needed by fatty-fat APs- AND most cloud APs.

Ugh.

Mojo evidently agrees with that ugh and offers an option that preserves the goodness of the cloud approach (No NMS to keep up, easier code upgrades, no buggy controllers to babysit, etc) while providing an easy way to NOT go down VLAN rabbit holes when converting from controller to cloud. This magical hybrid approach features the Multiservice Platform:

multiservice_platform_3

Tres sexy, no? I had heard about Mojo’s Multiservice Platform last year at Mobility Field Day 2, but will admit I lost some of the messaging in the din of all the “Cognitive blah blah blah”. But when I recently wrote about The Layer 2 Situation, two good citizens from WLAN land came forward and reminded me that this nut has indeed been cracked, and by Mojo.

Recall if you will- Mojo has been acquired by Arista Networks since Mobility Field Day 2. I also happened to be present at the Mojorista MFD3 presentation, which I wrote about here.

So… will Arista continue with the Multiservice Platform? I have to say that I really hope so. I hope they promote the heck out of it, and that other cloud Wi-Fi vendors follow suite. I don’t know whether I’ll ever run a massive cloud AP WLAN (I do currently run a massive controller-based Wi-Fi network and a lot of cloud-based branches), but if I do it’s nice to know that there is at least hope for The Layer 2 Situation.

Open Mesh Brings Major Disruption to SMB Space, Goes Full-Stack

Another router coming to the SMB market generally isn’t that exciting, but this one is different for a number of reasons.

OM1

For one thing, it comes from Open Mesh. Those ports are part of the G200, which is the first router ever released by Open Mesh. It has a list price of $249 dollars, and it also brings the Open Mesh product line into the proverbial “full stack” domain.

OM2

Now customers can use access points, switches, and the G200 all from Open Mesh, and all cloud-managed in the excellent CloudTrax dashboard with no license costs.

Yes, you heard me right… I said “with no license costs”. If you are not familiar with Open Mesh, the operational paradigm is easy- you buy your components (routers, switches, and access points), you register them in the CloudTrax dashboard, and off you go with configuration and operation. CloudTrax is a pretty decent network management system in and of itself, and it is the only way you manage Open Mesh components. It’s simple, it’s feature rich, and given what Open Mesh hardware costs, the entire paradigm is an absolute steal compared to pricing and complexity of enterprise solutions that masquerade as SMB-friendly.

The G200 is a significant milestone to not only the Open Mesh product line, but also to the SMB market in that it seriously drops upfront costs and TCO while providing what may be the easiest to use interface among any of it’s competitors.

But what do you get for under $250 for features with the G200? A lot, actually. From a resource perspective, Open Mesh promises gigabit throughput compliments of a quad-core processor and dedicated crypto engine. The G200 has two passive PoE ports for Open Mesh APs to connect directly, and also has an SFP port for fiber uplink to an Open Mesh switch or 3rd party vendor switch. All the typical “router stuff” is onboard, from VLAN support, DHCP server and firewall to decent traffic classification, QoS, NAT functionality, user VPN, and even usage statistics. Not bad for an initial edge-router at this price point, that won’t hit you up in 12 months for a fat license fee to keep using it. Mine has been reliable as I could ask for in the couple of weeks that I’ve been testing it. One gripe- no site-to-site VPN, although that is coming.

g200

I can’t stress how important price is for the SMB space, and I know some of my own customers are dealing with sticker shock that comes from other cloud-managed solutions that charge big and small environments the same way when it comes to licensing (or worse, they penalize the small networks for not having volume purchasing leading to better pricing). If Open Mesh continues to evolve their edge functionality and hardware offerings, this vendor could deliver a sales smack-down to the bigger players who have become license-happy to the point of ridiculousness over the last few years.

A New Access Point and Switch, Too!

I’m a huge fan of the Open Mesh A60 dual-band indoor/outdoor 802.11ac access point. It has been the top-dog of the Open Mesh access point line for several months, with a list price of $225 (again, no licensing and free CloudTrax support). Now, as part of the same product announcement that features the G200 router, Open Mesh is also bringing out it’s new A62 access point. It’s still dual-band and indoor/outdoor, but this Wave 2 AP also sports two 5 GHz radios, support for up to an estimated 150 streaming clients, and the same $225 price tag as the A60.

The latest S24 switch also breaks new ground for Open Mesh with 10 Gbps SFP+ uplink ports and a higher PoE power budget than it’s predecessor.

Let’s Do Some Math

Open Mesh has over 100,000 network customers around the world. When I think of one of my own small sites that’s up for renewal with another cloud vendor, I’m looking at trying to explain to my customer why a 3-year renewal license on old AP costs almost as much as purchasing the latest license-free AP from Open Mesh, and why a 3-year renewal license on an older security appliance costs almost twice the price of a new Open Mesh G200 router that would never need another license. These are real dollars for small businesses, and you pay the big price for the other guys whether you ever use actual support or not.

It’s time for a shake-up at this end of the market, and I think Open Mesh is the vendor to do it.

___

Related posts: