5 important reasons you should learn scripting

scripting-blurToday’s IT landscape if full of software defined marketecture, and lore of a dystopian future full of network engineers that do nothing but write code. But in reality, there are plenty of actual reasons you should be learning programming, or at least some basic scripting.  For many network engineers programming is not new, we have all been hacking together shell, Perl and Python for a VERY long time. While the requirements in the future may change, today it is not necessary to become half network engineer half software engineer, but learning the basics now will keep you in the know. Learning the basics of logic and loop statements will not only help you speed up day to day tasks, but it will help you understand other languages as you expand your knowledge in the future. So, here are my top 10 reasons I think you need to learn scripting.

1: Automation can save you time

Writing a script for common / repetitive tasks can save you a staggering amount of time. Over the years I have written hundreds of scripts to aide in everything from Data Center VLAN/SVI management to banning/unbanning MAC addresses from multiple wireless lan controllers.

2: Scripts keep things consistent

When you want identical configuration across multiple devices, a script can ensure that happens every single time. Interface descriptions, VLAN names, or even things like keeping port-channel and vPC ids synced.

3: The knowledge is portable

As you continue to learn you will find more and more uses for the skills you pick up. To this day I  still use the same “tricks” that I picked up 20 years ago to speed up tasks that I perform. From bash for loops to iterate through lists of data, to filtering with grep, or using cut or awk to segment it, I use these things nearly everyday to deal with whatever data I’m sorting through.

4: It’s not as difficult as you think

Many of the one off scripts that I write can be simplified into a single line. If you understand tools like grep, awk or sed, you’re already on the right path. If not, start exploring the tools that are built right into bash. (Which is available from MSFT for Windows 10 users)

5: If you don’t learn these skills, someone else will

These skills are not only valuable to you, but to your future employers. Our roles may or may not shift in the future, and we could end up in a situation where those without the proper skill set are left behind.

Resources

I’ve used the Linux documentation project for a number of years as reference material
BASH Programming – Introduction HOW-TO
Advanced Bash-Scripting Guide/

Site Upgrades for September 2015

First, I want to apologize for not doing my job. Over the past couple years I’ve let this site become slightly stagnant. I won’t attempt to make excuses, but I will say that I’m in a much better place now. Hopefully inspiration will continue to strike, and I will continue to put pen to paper… or finger to keyboard?

2015-09-18 at 8.52 PMOver the past couple weeks I’ve put a fair amount of time and monetary resources into RouterJockey. I’ve fixed quite a few CSS bugs, without hopefully creating more. I purchased an SSL certificate and moved the site to HTTPS, which helps me more than it really does you… but in doing so, I’ve also enabled SPDY 3.1. SPDY should help load times, but Nginx was already doing a pretty good job. Oh, in order to get SPDY up to 3.1 I was forced to migrate away from the Ubuntu repo for Nginx.. but that’s not a huge deal.

I’ve also spent some time redesigning the menu bar, adding new links, removing some useless ones, and writing an all new disclaimer. Please be sure to read and understand everything posted on that page before attempting to read any of my articles… /s

But seriously. I want to take the time to thank all of you for putting up with my stagnation, and for supporting my attempt at humor by selling t-shirts. I had planned on also putting some stickers on sale, but I cannot find a site like teespring for stickers. If you know of one, please let me know!

RouterJockey is launching a clothing line?!?!???

Ok maybe that title is a bit grandiose… But due to the great response I received Friday morning from the launch of the original PCAP shirt, and the IPv6 follow-up, I decided to create a few new designs and put everything into a store front. If the demand continues I will continue to publish new shirts, and keep up with relaunching original designs into their own campaigns. Not that I expect the demand for these shirts to continue long term, but you never know. Nevertheless I appreciate everyone’s support thus far.

But I need you! Yes… You! I need your ideas, and most importantly I need your feedback. So please, contact me on twitter and let me know what you think. If you like what you see, please share the url for the store.

Without further ado…

2015-09-11 at 1.47 PM-1
Click to visit the RouterJockey shop

PCAP or it didn’t happen…. The t-shirt!

front
Some days I don’t know why I do things… But last night I was playing around with creating a PCAP meme when my friend Josh Kittle said he’d be interested in a t-shirt like that. I got to thinking about it and realized some network engineers out there also might enjoy something like this, so I fired up a campaign on teespring!

Let me know what you think, I may do other shirts in the future as this was fun to work on. If you have any ideas you don’t plan on using, let me know and I might work on developing them.

Oh, and since Jay Franklin had to have an IPv6 shirt… I also launched another version with an IPv6 packet capture, and the #IPv6 hashtag on the back.

ipv6-shirt

Click one of the shirts to see them on teespring…

ASA v9.4 Elliptic Curve Cryptography with TLS1.2

cryptoWith ASA version 9.4 Cisco has added support for Elliptic curve cryptography (ECC), which is one of the most powerful types of encryption in use today. While ECC has been in use since 2004, only it’s recently use has skyrocketed. Part of this reason is power consumption… In my limited understanding, experts have concluded that a shorter ECC keys are just as strong as a much larger RSA key. This increases performance significantly, which reduces the power required for each calculation. If you want to learn more about ECC, check out this fantastic article from arstechnica.

That brings me to the issue. Last night I failed over some 5585x’s running > 9.4 that happened to be doing Anyconnect SSL VPN. This morning, my client was seeing issues. Luckily the solution was simple and a college pointed me to the solution fairly quickly. From the Cisco support community page I found later on….

For version 9.4.(x) we have the following information:

Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve certificate, even when the corresponding interface has been configured with an RSA-based trustpoint. To avoid having the ASA present a self-signed SSL certificate, the administrator needs to remove the corresponding cipher suites using the ssl cipher command. For example, for an interface configured with an RSA trustpoint, the administrator can execute the following command so that only RSA based ciphers are negotiated:

ssl cipher tlsv1.2 custom “AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5”

Also see the ASA 9.4 Release Notes, which include a quick blurb on the issue…

a network engineering blog