Cisco's Neil Anderson, enterprise network expert and author was a recent guest for a live Network World chat. In this transcript, he answers questions about the hottest skills, the impact of voice and video on the network and the Internet, how QoS technologies will evolve, stomping out worms and tips for passing your next Cisco cert.
Moderator-Julie: Welcome and thank you for coming. Our guest today is Neil Anderson, co-author of the best selling book, Cisco Networking Simplified. When not writing books, he is the Director of Enterprise Systems Engineering with Cisco Systems.
Neil_Anderson: Hello, happy to be here!
PhilB: What do you consider to be the latest career trends in networking?
Neil_Anderson: Networking used to be much more about moving bits, traditional routing and switching. Today and in the future the two challenging trends I see for networking professionals are: technology breadth and applications. Networkers need to understand security, mobility, unified communications, as well as how the network adds value to applications like Oracle and SAP.
Cliff Samuels Jr: What are the five top hottest Cisco skills to learn today to stay ahead of the curve in a networking career? Is it VOIP, IPV6...
Neil_Anderson: I would say the absolute top five are: security, mobility, unified communications/VoIP, video over IP, and application acceleration.
PhilB: Why do you say video is among the top five networking skills we need to know to stay ahead of the curve?
Neil_Anderson: Video over IP will probably have by far the largest impact to networks in the next few years. A study we just completed even surprised us at Cisco that in 2007 video traffic on the Internet eclipsed the entire amount of Internet traffic in 2000. Our studies on our own corporate network indicate that video is already up to 40-50% of network traffic. Video applications will increase exponentially as collaboration increases in the next "wave of productivity." This is why I say it's essential to understand. It's not just videoconferencing on the network, it's many video apps: conferencing to the desktop, telepresence, IP video surveillance, streaming broadcast, digital signage, and on and on. It's just beginning.
Harry 20K: Neil, in your top five Cisco skills you don't make any mention of wireless technology, my company is very high on wireless as a way of saving money (i.e., don't spend on running wire everywhere), would you consider wireless technology in the top six?
Neil_Anderson: I think wireless is a core technology everyone should have. The question was more geared towards the next set of technologies. I believe wireless needs to be a default part of basic networking....its here....it's now....it's prevalent....and it's a fairly known quantity. The "next waves" to get on top of are really the five I mentioned previously.
Cliff Samuels Jr: A follow-up to my previous question is what is the best method to acquire those skills if your current employer is not using any of the Top 5 Cisco skills in their network deployment -- i.e. local/ state governments strapped for cash?
Neil_Anderson: Very good question. So there is always the book learning route. There are plenty of books out there. Another good source is join forums and discussion groups like on Network World. You can learn a ton by seeing what the relevant issues people are discussing are about. I would also watch for Cisco seminars in your city. We regularly do kind of "mini networkers" days in many cities where we give free training just to get interest in particular technologies like security and wireless. Finally, I would say acquire whatever used or available gear you can creatively acquire and play with it. Learn anyway you can. Finally, go to the Cisco.com Web site. There is a TON of information you can learn. Start here at this Web site where we compile design guides on every technology.
Moderator-Keith: Pre-submitted question: Hi Neil, I have been maintaining LANs since 1999. I have never sat for any certification exams. Which is the best and quickest way for me to prepare for and earn a CNA certification? Many thanks. Abraham
Neil_Anderson: There are quite a few online tutorials and experience from previous test takers, including practice tests. I would also highly recommend this excellent book co-authored by my co-author Jim Doherty: CCNA Flash Cards and Exam Practice Pack.
TomSmall: Do you think that SIP is going to be replaced by something else for use with VoIP? If so what do you think is most likely to replace it?
Neil_Anderson: I would say that SIP adoption hasn't hit its peak yet and probably has a ways to go. As far as a replacement, I could foresee the need for something that is more media ready. Future applications will contain multiple media streams coming in and out of a session. I could foresee something eventually replacing SIP that can handle such collaborative media sessions.
Moderator-Keith: Pre-submitted question: Hi, I viewed the Cisco CCNA TV on VLANs, great video! After watching/reading, I have a simple question -- why would someone not turn on VLAN pruning as a matter of practice?
Neil_Anderson: Good question. I don't have a lot of experience with VLAN pruning and I cannot say it has come up frequently with the customers I speak with regularly. However, I do recall that pruning can be a bit troublesome. Sometimes one network component expects the VLAN to be there and perhaps VLANs are mapped to it, and if its pruned somewhere there is obviously an issue. I can't answer this completely, but if you provide some contact information I would be happy to discuss further with some of the Cisco switching experts and get back to you with a more complete answer.
Cat: Is it possible to pass the CCNA without working on network gear on a daily basis?
Neil_Anderson: Absolutely. Some practical hands-on would help when you are nearing an exam, just to nail the concepts down, but you do not need to use it every day.
Moderator-Keith: Pre-submitted question: What is the typical thing that network administrators do wrong when implementing deep packet inspection?
Neil_Anderson: This really depends on what you are using DPI for. Some people use it for threat detection, trying to see complex attack vectors. Others use DPI to gain more visibility in a passive sense into the types of applications their user community is using, and with what frequency and impact on the network. This can aid in setting usage policies in the future, for example.
Jeffgratton: What would be the best advice you can give to prepare for the CCIE certification?
Neil_Anderson: For the CCIE, you definitely need a lot of hands-on experience. Assuming you are talking about the Routing & Switching CCIE, its good to look at both enterprise forms of routing, such as OSPF and EIGRP, as well as service provider... such as MPLS and BGP. For switching, you need to really get a handle on switching topologies and scenarios. The best things to prepare for the actual exam are practice exams, and also a practice rack of equipment. Get your colleagues to "break" stuff in the rack and then troubleshoot it.
Larry: Are there any "networking for beginners" books you feel would make great reference books?
Neil_Anderson: LOL. OK, time for a shameless plug. My co-author and I just published a book called Cisco Networking Simplified, which covers a lot of networking technologies each in five pages. It's meant for people fairly new to networking.
TomSmall: How do you see convergence of presence technologies impacting networking in the future?
Neil_Anderson: I think presence will have huge impacts on the next generation of networks. Networks will become intelligent about where people are (office, home, mobile), what devices they are using (PDA, laptop, phone), and what applications are being used. The network will aid applications using presence information. For example: "Hey, John is on a mobile device at a hotspot over a VPN, let's not offer his device the high-def video call, let's negotiate it down to low-def." Presence will also be able to let people customize how they prefer to be communicated with. For example, while I am in a meeting I prefer IM and e-mail. While I am at home I prefer videoconferencing.
Moderator-Keith: Pre-submitted question: VoIP has become mainstream, but telepresence not so much yet. What's holding most companies back from implementing it and why should they move forward with it?
Neil_Anderson: If anyone caught the session at VoiceCon 2008 last week where Vice President Al Gore and John Chambers talked to 2500 people at VoiceCon using Telepresence (you can catch a rebroadcast here), it's clear that more and more collaboration technologies like telepresence will become increasingly critical to solving some of our planet's large challenges in terms of global warming and energy prices. Telepresence is actually ramping up fairly quickly with our customers. One of the challenges is it's hard to understand what is different about telepresence until you experience it first-hand. People imagine that it's just another videoconferencing solution, and it's quite different from that. Within Cisco we have held some 80,000 hours of meetings over telepresence, saving $100 million in travel, AND saving thousands of tons of carbon emissions. We believe it is critical to foster as many collaboration technologies as possible, and we will continue to try and make telepresence one of the leading collaboration technologies in the industry.
Moderator-Keith: Pre-submitted question: How is the trend of virtualization changing network architecture and design, and what are most network administrators not understanding about this change?
Neil_Anderson: Quite a few people still look at virtualization as a data center only technology, or a way for multiple divisions of a company to share part of a network infrastructure, like a WAN. While those are great examples, there are more and more examples where virtualization technology solves problems, including guest access and putting "private" applications on the network such as IP Video Surveillance. The key is to start thinking of the network as a single physical infrastructure that needs to support multiple network partitions, and make your network architecture and planning decisions around that.
Mike: I'm doing a lot of VoIP work, and find the differences between data networking overwhelming at times. Any advice on books to help me better understand the telecom side of things?
Neil_Anderson: I would start with a book like this Voice over IP First-Step. It starts with a great description of the public telephone network and then crosses over to show the parallels in VoIP.
PhilB: We have issues with inbound congestion on our Internet connections and we do not have any QoS agreements with our ISP. Any quick ideas about ensuring that some inbound traffic definitely makes it?
Neil_Anderson: Well, it depends on what type of traffic you are trying to protect and from where. For example if you are using the Internet for WAN connectivity, it may be possible to use outbound QoS policies at your branch offices that will be fairly preserved across the ISP network. We have had great experience doing VoIP over the Internet for example by having outbound QoS policies only. If it's something else you are trying to prioritize, for example certain types of Internet traffic, that could be more difficult. If you have not already, take a look at this great design guide on QoS.
Moderator-Keith: Pre-submitted question: What could most companies do to better to improve their QoS implementations?
Neil_Anderson: Unfortunately, many people still just throw bandwidth at the problem and think that's good enough. My top advice to them is, great, so your network has more bandwidth the next time a worm propagates and your meltdown will happen exponentially faster than the last time. QoS is not just for prioritizing voice traffic. You need to think of QoS as a general protection mechanism. It can protect voice traffic, it can also protect your network using techniques such as worm mitigation control.
DSLguy: Which Cisco Network Certification holds the most weight in today's ever-changing global workplace?
Neil_Anderson: Well, CCIE has always been the most prominent. However a couple others are gaining steam including: CCDE - Cisco Certified Design Expert, and either CCSP or CCIE-Security, and CCVP or CCIE-Voice.
Moderator-Keith: Pre-submitted question: I've heard that anomaly detection is a poor way to detect security problems because it is darn near impossible to get a true baseline. The more stuff you baseline, the more "everything" falls within the normal range. If you don't baseline enough, you can't really grasp ok, but not typical, patterns. What are your thoughts on this?
Neil_Anderson: This can be problematic. But with attacks taking literally seconds to flood network pipes, it's still one crucial component to understand. You should always have some level of visibility into your network and understand what "normal" looks like, so that you can detect what is not normal. Visibility is key. "Normal" will fluctuate for sure, but what you are looking for are obvious anomalies, such as large traffic spikes from segments of your network that typically are not there.
Mike: With Video and Voice over IP becoming so prevalent do you think QoS is going to move to the forefront or will we still need to just get more bandwidth?
Neil_Anderson: Even with VoIP, we learned early that bandwidth isn't the solution by itself. One of the main reasons is that applications use available bandwidth, so more doesn't necessarily protect voice. Also, if you have security threats such as worms and viruses, bandwidth actually makes these propagate faster and have more resources at their disposal. QoS as we know it is about to undergo a fairly dramatic "upgrade" for video. Most current QoS strategies think about video as a singular app, like videoconferencing. The QoS policies of the future must be able to distinguish many forms of video applications and prioritize them accordingly among each other first, and then with the rest of the network.
Mike: As a CCNA should I go with the CCNP track before moving to CCVP?
Neil_Anderson: Yes, I would definitely recommend a bit higher level along the networking track before pursuing the voice track.
Moderator-Keith: Pre-submitted question: Application performance management has become something the network has to solve, even though, often times, it is caused by applications that can't deal well with wide-area networks. Is this a reasonable way to solve the problem? Will SOAs make app performance issues eventually disappear?
Neil_Anderson: I don't believe SOA's by themselves will address the problem. The real problem is WAN bandwidth is not keeping pace with application bandwidth consumption. Many companies are upgrading bandwidth, and bandwidth is getting cheaper. But it's also important again not to just consider it a bandwidth problem. It's also an application latency issue. One of the key technologies to consider are Wide Area Application Services (WAAS), which brings a suite of application performance tools to the problem, including compression, TCP Flow Optimization, and others. Our customers have seen between 20-50% bandwidth savings, and up to 10 times application speed improvements with WAAS.
Trish: Is IPv4 not sufficient now for IP addressing?
Neil_Anderson: Wow, that's a can of worms...LOL. Some people believe and are saying that IPv4 is good enough. Others do not think so. I would personally say that IP addressing is only one small factor in IPv4 vs. IPv6. It is true that there are many, many more IP-enabled devices coming on the network, and there definitely could be more severe address conservation issues. However, there are other aspects of IPv6 that are perhaps even more compelling, such as the improved multicast and "built in" encryption capabilities that will likely make the case for IPv6 eventually.
Larry: When do you see a timeframe for a drop dead date to convert from IPv4 to IPv6? Similar to the changes to DTV in 2009?
Neil_Anderson: Good question. We have already passed about three "drop dead dates" that were predicted. I personally don't believe there is one. Mandates have been tried, and so far have had limited impact. I believe IPv6 will be adopted when there are great reasons to. For example, NTT in Japan is using IPv6 for their broadcast HDTV system backbone because they have found the multicast capabilities of IPV6 to be superior to IPv4. So the need for a solution to a problem drove the technology. Not the other way around.
Abc: What technique would you suggest on worm mitigation control?
Neil_Anderson: There isn't one technique, you really need to think of it as a comprehensive plan. First, endpoint security: make sure to protect laptops and computers with anti-virus, anti-sypware, and anomaly detection software. Second, infrastructure protection: put controls in your network like Control Plane Policing (CoPP) and QoS Scavenger Class to protect during an outbreak. Third, visibility: turn on and operationalize tools in your network like Netflow to become familiar with "normal" behavior so that you can see when a worm may be affecting your network. There is a good discussion in the QoS System Reference Network Design (SRND), by the way, on worm mitigation with QoS.
Moderator-Keith: Pre-submitted question: I need to setup a voice lab. Where can I go to get configuration examples, step by step instructions and network diagrams?
Neil_Anderson: The best practices designs for Cisco Unified Communications, including voice, are available on cisco.com at the SRND website. Just type www.cisco.com/go/srnd to see all of them. Then select Unified Communications. You will see best practices design guides dependent on which CallManager release you are using (6.0 is latest), and many other design guides for IP Contact Center, Wireless VoWLAN, etc.
PhilB: What's your opinion of Skype?
Neil_Anderson: A loaded question ... LOL ... my answer would be: for what application? Residential/consumer? Business? For residential use, I think Skype is a very interesting technology. What struck me most about it was how umpteen million people downloaded and starting using it (prior to the eBay purchase of it) without any advertising ... pure viral marketing and word of mouth. I like the innovations in Skype, that they challenged the norm and came up with a pretty good peer-to-peer technology. For business use, that's another story. It's probably not ready for that and also more importantly lacks some of the integration. VoIP is just one form of media. Video, collaboration, IM, app sharing are others that all need to be integrated with VoIP in the business app environment that we call Unified Communications.
Moderator-Keith: Pre-submitted question: Can you please provide me with details on where I can learn about VoIP, VoIP troubleshooting scenarios and VoIP Monitoring tools?
Neil_Anderson: Again, I highly recommend taking a look at the SRNDs for Unified Communications. As far as troubleshooting and monitoring, it depends what you want to monitor. If you are interested in monitoring VoIP quality, take a look at IP SLA (service level assurance). It allows you to script network probes to measure latency, jitter, and loss so that you can see the kind of performance you are getting on the network between different points.
TomSmall: What is the status of VoIP reliability, and how can I assure clients that it will be able to fully function with telephone and data connections?
Neil_Anderson: VoIP reliability has come a long way and many Fortune 5000 companies are changing over to the technology for their corporate phone communications. In terms of assuring service levels, I would say three things are critical: 1. Network reliability - make sure the network is designed for high availability AND fast sub-second failure convergence in the event of an outage. 2. QoS and service policies - make sure that even where bandwidth is plentiful, QoS will step in and protect the voice app if congestion occurs, and 3. Security - if your network is compromised, all apps including voice will be affected if you do not have a good mitigation plan. All that taken into account, the VoIP revolution is here to stay and the benefits in terms of flexibility and integration with other applications for collaboration outnumber the increasingly rarer outages.
Dslguy: Is there a Cisco reference Web site for setting up a CCNA lab?
Moderator-Julie: Network World has a resource for you on that. Check it out here. We've had lots of questions today about Cisco Certs, so want to point out a resource on Network World's Cisco Subnet site for answers, Wendell Odom's Cisco Cert blog. He wrote a series on CCNA lab for instance, and is happy to answer other questions posted to his blog.
RodneyM: Are you a believer that the Internet will collapse by 2011, as published in recent news reports? Would restricting sites such as YouTube be a way to get a rational use of the Internet?
Neil_Anderson: I don't personally believe that will happen. We have done some interesting studies on forecast traffic loads in the future that even surprised us. The forecasts for video traffic are astounding. But I believe these are opportunities and challenges that ISPs and others will rise to. The Internet is about to undergo a major "next wave" of collaboration and information sharing. If you think about it, there used to be significant barriers to producing and publishing a video. Now, the barriers are all removed. Anyone can shoot a video and publish it. That leads to tremendous applications and information sharing I personally think have only just begun. But collapse the Internet? No...I don't believe it.
Moderator-Keith: Pre-submitted question: What should be the primary security concern of a network designer in riding voice over data?
Neil_Anderson: It's hard to pinpoint a single concern, but I would have to say the top issue is how do you secure voice without over-restricting data. In other words, it takes a balance of security when you integrate voice and data on the same network. There is an excellent discussion in this paper on Securing Voice. It's a chapter in the SRND I mentioned earlier on Unified Communications. Here's a direct link to the chapter.
Moderator-Keith: Final pre-submitted question: What can be done to better protect the corporate network when employees want to be allowed access from any old public hotspot?
Neil_Anderson: There are two main issues to address: secure the laptop, and always VPN. Securing the laptop needs to include up-to-date OS, up-to-date anti-virus software and signatures, and preferably heuristics that can not only flag known signatures, but flag anomalous behavior as well. Cisco Security Agent (CSA) is an example that can keep programs from installing themselves and other anomalies from occurring. The second is to always use a VPN tunnel with high enough encryption so that anything sent through the hotspot is secure.
Moderator-Julie: Don't forget to check out Neil's blog on Network World's Cisco Subnet this month.
Neil_Anderson: Thanks everyone for the questions! I wish I could have gotten to every single one, but I can only type so fast...LOL. I hope it was as great for all of you as it was for me, and thanks for your time!
Moderator-Julie: Thank you, Neil, for being our guest today and thank you all for coming. Boost your career with new security training and skills, with Adam Gordon.