Building network automation solutions

Sunday, October 12, 2008 07:13 CEST

Interesting links | 2008-10-12

Greg Ferro published some great thoughts on certifications versus experience. While a lot of people tend to disagree with him (at least a bit ... myself included), he has some very good points.
Joe Harris posted the "IOS order of operation" list. Unfortunately it looks incorrect; I'm positive that in some cases NAT looks at the packet (and creates the translation) even if the inbound ACL drops it.
Anyone who has ever been involved in security must read Security Maxims from Roger Johnston (hat tip to Bruce Schneier).
I got promoted to holy cows. At least I have good company. BTW, if you're concerned about the security of your switch configuration, check what NSA has to say about it.
Thinking problem management has a great post explaining why you need service documentation.
Ethan Banks is back and writes about RGEs (Resume Generating Events).
Anthony Sequeira writes about transparent firewall on ASA/PIX.

4 comments:

Ronald Bartels 12 October 2008 10:24

Ivan, thanks for the links!!!
I thought of creating a Pineapple Certified Religious Bovine Professional certification. What do you think? You can have PCRBP #00001.
To be more democratic about it, I have created polls around these myths, based on the Mythbuster's methodology. They are called Redibusters:
http://thinkingproblemmanagement.blogspot.com/search/label/Redibusters

Unknown 13 October 2008 15:43

NAT looks at the packet (and creates the translation) even if the inbound ACL drops it.

I have seen this behaviour as well.

I only caught it because I was testing something so I had ACL's going in both directions on interior & exterior interfaces.

My internal conversation went something along the lines of, "WTF, I'm blocking that, it shouldn't even be traversing across the router"

Sometimes I wonder

Jay Swan 13 October 2008 17:48

I used to think that certifications were a useful indicator of knowledge or at least initiative, but I'm changing my mind. I interviewed a guy last week who had a whole pile of Cisco certifications (CCNP, CCSP, CCVP, CCDP, at least). I asked him some elementary questions about how packets flow across a network. He couldn't describe ARP. He had trouble with the difference between static and connected routes. He couldn't describe how a TCP handshake works at all. He couldn't accurately describe the the difference between a physical interface being up and a line protocol being up.

He then claimed to be much better at Cisco voice. So I asked him some basic CallManager and IOS voice gateway questions, and he completely flunked those. He was "absolutely, 100% certain" that MGCP controls phones, not gateways.

This was the most egregious example I've seen, but not the only one.

I feel like I've gotten a lot out of studying for certifications, especially CCIE, but I'm starting to wonder if that's the exception.

Guest 21 September 2009 14:37

I am honestly confused i was thinking getting certified was something like gaining all knowledge in that domain also i think we learn from experencie only O:-) O:-) O:-) O:-)

Add comment

Building network automation solutions

9 module online course

4 comments: