All posts by Joel Knight

The Anatomy of a Cisco Spark Bot

I spent a long time creating my first Spark bot, Zpark. The first commit was in August and the first release was posted in January. So, six months elapsed time. It’s also over-engineered. I mean, all it does is post messages back and forth between a back-end system and some Spark spaces and I ended up with something so complex that I had to draw a damn block diagram in the user guide to give people a fighting chance at comprehending how it works.

Its internals could’ve been much simpler. But that was part of the point of creating the bot: examining the proper architecture for a scalable application, learning about new technologies for building my own API, learning about message brokers, pulling my hair out over git’s eccentricities and ultimately, having enough material to write this blog post.

In this post I’m going to break down the different functional components of Zpark, discuss what each does, and why–or not–that component is necessary. If I can achieve one goal, it will be to retire to a tropical island ASAP. If I can achieve a second goal, it will be to give aspiring bot creaters (like yourself, presumably) a strong mental model of a Spark bot to aid their development.

Continue reading The Anatomy of a Cisco Spark Bot

Explain Cisco ETA to Me in a Way That Even My Neighbor Can Understand It

Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.

Uhmm, how?

The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there’s a complicated dance that has to happen around building a Certificate Authority, distributing the CA’s public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.

Is ETA using a similar method and breaking into the encrypted session?

In this article, I’m going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how ETA works and not be worried about any magic taking place in your network. 🧙

Continue reading Explain Cisco ETA to Me in a Way That Even My Neighbor Can Understand It

Say Hello to Zpark, my Cisco Spark Bot

For a long while now I’ve been brainstorming how I could leverage the API that’s present in the Cisco Spark collaboration platform to create a bot. There are lots of goofy and fun examples of bots (ie, Gifbot) that I might be able to draw inspiration from, but I wanted to create something that would provide high value to myself and anyone else that choose to download and use it. The idea finally hit me after I started using Zabbix for system monitoring. Since Zabbix also has a feature-rich API, all the pieces were in place to create a bot that would act as a bit of middle-ware between Zabbix and Spark. I call the bot: Zpark.

Continue reading Say Hello to Zpark, my Cisco Spark Bot

2017 End of Year Blog Statistics

Didn’t I just write the 2016 statistics post like…. last week? Another year has flown by and with it another year of attempting to prioritize my writing. I’ll be honest, I’m not optimistic about what I’m going to find when I compare 2017 to 2016. It was a year filled with a lot of change and opportunity so I’ll use that as my excuse as to why I didn’t write as much or as often as I had planned.

I was thinking though: every year I set a goal of writing more posts than the previous year, but that’s only 1 metric to go by. Most of my posts are very detailed and fleshed out. It’s nothing to write a post that’s 1000 words. I regularly eclipse 2000 words and have even hit 3000 words. Perhaps I should be thinking more about word count and not post count? Certainly a 2000 word post takes more effort than a 1000 word post. On the other hand, word count says nothing about quality and could easily lead to excessive wordiness and run-on posts just to tilt the metrics.

Enough musing. Let’s review the data! Continue reading 2017 End of Year Blog Statistics

My Personal Look Back on 2017

Continuing in a tradition I started early this year where I take a look back at the year that just passed, I’ve again been very fortunate to have had an amazing year, both in my professional and personal lives. Writing this post is my way of forcing myself to stop and take notice of what I was involved in (something I’m not very good at letting myself do in the moment) and also give readers a chance to see the “me” behind the scenes.

Let’s go through the list! Continue reading My Personal Look Back on 2017

3 Ways to Fail at Logging with Flask

For the benefit of readers who haven’t worked with Flask or don’t know what Flask is, it’s a so-called microframework for writing web-based applications in Python. Basically, the framework takes care of all the obvious tasks that are needed to run a web app. Things like talking HTTP to clients, routing incoming requests to the appropriate handler in the app, and formatting output to send back to the client in response to their request. When you use a framework like this, you as the developer can concentrate a lot more on the application logic and worry a lot less about hooking the app into the web.

As you may have guessed from the title of this post, one of the other tasks that Flask manages is logging within the application. For example, if you want to emit a log message when a user logs in or when they upload a new photo, Flask provides a simple interface to generate those log messages.

Flask has a large community of active users built around it and as a result, there’s tons of best practice information out there on scaling, talking to a database, and even whole tutorials on how to build full applications. But it’s been my experience that there is very little information devoted to the topic of logging. Granted logging isn’t very fun and does nothing to get your app to market quicker or increase user counts, but it is really important if you want to get any sort of feedback from the app about what it’s doing during normal operation or what exactly happened if something goes wrong.

In this post, I’ll look very briefly at how logging works in Flask and then examine three common methods used to record log files within Flask and how each of them can shoot you in the foot. I’ll close by offering some recommendations that should keep you on safe ground.

Continue reading 3 Ways to Fail at Logging with Flask

Lifting the Hood on Cisco Software Defined Access

If you’re an IT professional and you have at least a minimal awareness of what Cisco is doing in the market and you don’t live under a rock, you would’ve heard about the major launch that took place in June: “The network. Intuitive.” The anchor solution to this launch is Cisco’s Software Defined Access (SDA) in which the campus network becomes automated, highly secure, and highly scalable.

The launch of SDA is what’s called a “Tier 1” launch where Cisco’s corporate marketing muscle is fully exercised in order to generate as much attention and interest as possible. As a result, there’s a lot of good high-level material floating around right now around SDA. What I’m going to do in this post is lift the hood on the solution and explain what makes the SDA network fabric actually work.

Continue reading Lifting the Hood on Cisco Software Defined Access

How I’ve Attempted to Blog More in 2017

This post has been sitting in the “drafts” folder for a while now. Clearly, since it’s August and is therefore a little late to be deciding on a plan that is supposed to carry through all 12 months of 2017. Regardless, I think it’s still worth sharing how I’ve attempted to increase the frequency of my blogging. My basic goal for 2017 is:

Create more content in 12 months than I ever have before in order to a) significantly build up the depth and breadth of knowledge on my blog, b) increase my skills as a writer, and c) continue to build this blog and the readership as a key part of my online persona and brand.

In order to achieve this goal, I’ve identified a couple of tactical objectives:

  1. Reduce the friction between me and the keyboard; make it possible to “just write”.
  2. Be able to “just write” anywhere. At home. On vacation. In a waiting room. On an airplane. I should also be able to start a post in one location and pick it up again in another. Indirectly this means I need to be able to write on any of my computers or mobile devices.

In order to meet these goals, I needed to improve my tools and come up with a better workflow.

Continue reading How I’ve Attempted to Blog More in 2017

Troubleshooting Cisco Network Elements with the USE Method

I want to draw some attention to a new document I’ve written titled “Troubleshooting Cisco Network Elements with the USE Method“. In it, I explain how I’ve taken a model for troubleshooting a complex system–the USE Method, by Brendan Gregg–and applied it to Cisco network devices. By applying the USE Method, a network engineer can perform methodical troubleshooting of a network element in order to determine why the NE is not performing/acting/functioning as it should.

I ask that if you’re familiar with a given Cisco network platform (or platforms), that you please contribute commands that would also fit into the USE Method! My list is just a start and I welcome contributions from others in order to make it a stronger, more valuable reference.

Please check out the guide: Troubleshooting Cisco Network Elements with the USE Method

Tools for TE with EIGRP

In response to my article about what would cause a directly connected route to be overridden, Matt Love (@showflogi) made a good observation:

What Matt is saying is that longest prefix match (LPM) is a mechanism that can be used to steer traffic around the network in order to meet a technical or business need. This type of traffic steering is called traffic engineering (TE). Continue reading Tools for TE with EIGRP