MFD3 – LinkRunner G2 v2.0 Update

Posted on September 18, 2018 by subnetwork

I have an admission to make. Before Mobility Field Day 2 of 2017, I was openly hostile towards the biggest player in the handheld network tools market. Through a series of lousy blue and gold experiences, I decided I no longer had room for those tools in my budget. Even after receiving a blue and gold LinkSprinter at a WLPC, I was apathetic at best.

But, I like reexamining my strongly held opinions. I believe that admitting I am wrong is much better than holding firmly to an incorrect conclusion.

So, in 2017 when Netscout presented at MFD2, I got my opportunity to reconsider. They were working to expand the capabilities of the toolset, and they were open to feedback and requests for new features. I even considered purchasing an AirCheck G2, but ultimately found that I hadn’t budgeted for it. (Shocking!)

So, let’s fast forward to 2018 and MFD3. Over the two hour window Julio Petrovitch, from the handheld network tools group previously owned by Netscout, covered many topics, but the topics of most interest were the AirCheck G2 v3.0 and the LinkRunner G2 v2.0 software updates. So again, I got to reevaluate my opinion.

The very first revelation to me was this team now truly believes in updates! The LinkRunner was released last October, so approximately a year later they are adding features with v2.0. The announcement included significant new improvements and features, not just small dot revision updates and bug fixes.

The LinkRunner G2 v2.0 update adds:

802.3bt support – provides both loaded and unloaded voltage and wattage reporting of class 5-8 PoE PSE equipment
Injector support – measures from 12-60 volts
More VLAN information – the LinkRunner G2 can provide lots of information regarding the VLAN’s that are accessible from a switchport; useful if you have ports configured with a voice and data VLAN.
Enhanced DHCP Test – Now supports providing information from DHCP Options 43, 60, and 150.
Auto Test Improvements – allows a user to refine how they would like a test to run.
VLAN Monitor Tool – plug the LinkRunner G2 into a trunk port and monitor all of the VLAN’s that are available and the amount of traffic broadcast on each
Packet Captures – or as Julio Petrovitch correctly called it frame captures. Plug the device into a mirror or span port and capture traffic directly to the LinkRunner G2.

One more note; the LinkRunner G2 can charge from PoE! That isn’t a new feature, but it was one that I missed. I am mentioning it here for those others who might also be unaware.

So, the real question, have I changed my mind about Netscout? Maybe, but first, I think we should discuss the AirCheck G2.

Watch the whole presentation and then tell me what you’re most excited about in the comments.

MFD3 – Huge updates for AirCheck G2 and LinkRunner G2; then Netscout announces their sale

Posted on September 17, 2018 by subnetwork

Mobility Field Day 3 was great! If you missed it, I will be releasing a few blogs over the coming weeks from my experience at the event. In the meantime, you can watch all of the videos here:

https://techfieldday.com/event/mfd3/

One of the most interesting developments this morning was the announcement from Netscout that it was divesting its handheld network test division to StoneCalibre.

The press release can be found here:
https://www.netscout.com/news/press-release/netscout-divests-handheld-network-test-business

While this announcement creates quite a few questions around the future, I firmly believe that the great group of people who have brought us the recently announced LinkRunner G2 v2.0 and AirCheck G2 v3.0 software updates are going to keep killing it. I’m excited to see what they bring to us in the future and hope to see them presenting once again at Mobility Field Day 4.

VIAVI Observer Apex- Finding the needle faster

Posted on August 14, 2018 by subnetwork

I participated in the Tech Field Day Extra events at Cisco Live. One of the presenters, VIAVI has been floating near the edge of my awareness for a while, so it was great to see their presentation and get a better understanding of the VIAVI Observer Platform.

Anytime I see a presentation from a monitoring solution there are three questions that I ask:

“How useful would this be for tier one technicians?”

I usually consider that question from both the perspective of a NOC and also a helpdesk technician. If a monitoring tool isn’t practical for those roles, I am the one who gets stuck using it all of the time, and therefore, it has no place in my environment.

“How useful would this tool be for me?”

If the tool can’t offer enough information to be useful for a senior engineer, I don’t want to pay for it. It also increases the complexity of passing trouble tickets up the chain as each person has to start back at zero in their own tool.

“Does this make it easier to find the problem, or just add another step?”

Monitoring tools which only show up/down status and system logs have very little use for me. I can easily find those by other means, or on the device itself, faster than I can fire up a browser, click on a bookmark, log in, navigate through a device tree, etc.

VIAVI has provided the right answers to all three questions.

The starting page for Observer is simple. It doesn’t take forever to load as it attempts to pull data from many different sources to provide a general health overview that rarely has anything to do with the reason you opened the application. Instead, Observer’s search box is ready for any relevant text the technician may know about the problem. If you have an IP, MAC address, VLAN, or hostname, those are all great places to start. You can also choose to push into a more generalized monitoring view like Application Performance, Network Performance, etc.

The search box is the beauty of the application for me. VIAVI indexes all of the monitoring sources for things like MAC addresses, IP addresses, interfaces, usernames, and other metadata and then correlates that information together. A technician doesn’t need to look up an IP address in the ARP table, get the MAC address, look up the MAC address in the MAC address table to get the port, then check the port for errors. A search on the IP address will provide all of that information, quickly! Since VIAVI also knows the assigned VLAN, it quickly displays “Here’s a bad actor on the same VLAN that is flooding the VLAN with bad frames.” The technicians can find problems without looking directly for them. That’s a huge win. This is not looking for a needle in a haystack. This is turning on an extremely powerful magnet and letting the needle come to you.

Another great feature is that Observer creates a baseline from the information that it acquires. With that baseline that understands system X typically runs at 75 percent utilization, but is now running at 90 percent, more problems quickly float to the surface. Additionally, the baseline filters out the normal abnormal. Is it “normal” for that system to run at 75 percent utilization all of the time? Maybe so. If it is, a technician doesn’t need a warning about it. It might be operating as designed.

If a technician can’t find a solution through the dashboard, the next engineer who picks up the problem will want to dig deeper. Thanks to the stored packet traces which provided all of the metadata the technician used, the engineer can take a look at the actual packets. Aside from the standard fields like source and destination, IP’s and ports, Observer also includes a patent-pending User Experience Score which is a 1-10 scale to aid in finding problems faster within the trace files.

Taking the click-through troubleshooting one step further, Observer creates Application Dependency Maps which aid an engineer to understand all of the dependent systems quickly and which are affecting performance.

When considering my initial three questions I proposed, I feel VIAVI’s Observer is providing pretty compelling answers for each. I look forward to learning more.

In many ways, Tech Field Day offers a similar solution to VIAVI Observer. TFD allows me to filter through the marketing hype, and get to the bottom of a product or solution and whether it will be useful to me. Don’t forget to check out the many other videos and content created by Tech Field Day at Cisco Live.

Arista announces acquisition of Mojo Networks

Posted on August 2, 2018 by subnetwork

Today after the markets closed, Arista announced the acquisition of Mojo Networks. This is a very interesting development, and I am curious to see what Arista does with the technology.

You can read the press release here.

If you are asking “Who is Mojo Networks?” you clearly weren’t paying attention at MFD2 during the Mojo Networks presentation. Take a look at it here:

Mojo Presents at Mobility Field Day 2

You can see more at the Mobility Field Day 2 Event page:

http://techfieldday.com/appearance/mojo-networks-presents-at-mobility-field-day-2/

What do you think about this team up? Is this a good decision for Arista? How do you see it impacting the WiFi community?

Geek Tools – Ventev VenVolt

Posted on March 23, 2018 by subnetwork

Any wireless engineer who has spent time completing AP-on-a-stick (APoS) surveys has probably used the Terrawave MIMO 802.3af POE battery. It was a heavy lead-acid battery in a metal case, which promised six hours of use before needing a recharge. Most days it did deliver 6 hours when powering an AP with a single radio enabled. However, I often found that if you ran both AP radios, it would regularly give you less; usually running right around 5 hours with a charge during a meal break.

Did I mention it was heavy? Travel through airports and the TSA was a lot of fun too!

Now, Ventev has a new battery, the VenVolt. It’s sleek, orange, and much lighter. The VenVolt has a bunch of new features which make this an essential addition to any wireless engineer’s toolkit.

The battery is now a lithium iron phosphate. That’s the weight savings that makes this thing easy to take on the road. It also ensures plenty of power delivery when needed and long-term stability of that power. Additionally, LiFePO4 battery chemistry is known for higher cycle life and better stability, which should relieve any concerns of a Samsung Note 7 style battery fires.
Better power delivery allows the VenVolt to efficiently deliver 802.3at power; a requirement for 802.11ac access points.
If 802.3at power wasn’t enough, Ventev includes a three amp, 15 watt, USB power port. That port can be used to trickle charge a laptop, or it can power my favorite tool, an Odroid, which I always use when surveying.
That power port wouldn’t be nearly as exciting for me without the final major upgrade, ethernet passthrough.

There are lots of “little” updates that should be mentioned as well:

A single switch! No more guessing which switch combination was needed for charging.
An LCD screen that shows charge status, voltage, and gives you some guess of the available runtime.
The case is ruggedized and has been drop tested to ensure reliability.

Let’s talk through my “new normal” setup with the VenVolt. I connect the AP to the “802.3AF/AT Out” port. There is no difference between that and the old heavy battery.
Next, I connect an ethernet cable between the “Ethernet In” port on the VenVolt and the ethernet port on my Odroid.
Finally, I connect a micro-USB cable between the Odroid and the USB port on the front of the VenVolt.
The magic happens due to the flexibility of my Odroid. A few jobs it runs:

iPerf, HTTP, Ping endpoint for any throughput/active surveys that I need to run.
TFTP Server – This is where I host boot or firmware files for the many various AP’s that I might use for surveys.
DHCP/DNS Server – Makes it easy for the TFTP Updates, client connections, etc.
Encrypted File Storage – This is where I store backups of survey files, any building drawings that I am given, or any specifics that I might need at a location.

One final note. The VenVolt is labeled “MK1”. To me, this is a suggestion that updates will come in the future, rather than the “one-and-done” approach of the Terrawave Battery. While I’m excited to see what may come in MK2, this is an excellent upgrade and a definite requirement for anyone who spends time doing APoS surveys.

There was an excellent session at WLPC, where Ventev employees Dennis Burrell and Mike Parry, along with Sam Clements discussed the development process for the VenVolt. It’s worth watching:

Relevent Links:

Ventev VenVolt

Ventev Infrastructure

Ventev Infrastructure supplied me with a VenVolt for testing and provided me the ability to give feedback. All written content provided here is my personal opinion, and has not been manipulated in any way by Ventev. I appreciate all companies who welcome constructive feedback!

Cisco Live 2018 Keynote Speakers Announced

Posted on March 5, 2018 by subnetwork

Once again, this year I will be at Cisco Live – US. I’m excited about another year with the best people in technology!

The Keynote Speaker for this year was announced today; and I’m pumped! There is an undeniable focus on the future this year. It is clear that as Cisco looks to the future, they see lots of business potential, and areas where they can contribute.

On Thursday, the closing keynotes will come from two individuals:

Dr. Michio Kaku (twitter, wikipedia) a theoretical physicist and futurist
Amy Webb (twitter, wikipedia) a futurist and founder of the Future Today Institute.

I personally love the Celebrity Keynotes because I leave there with new ideas or a changed perception of the world around me. Sometimes, we need to be reminded that when we are stuck in the trenches, what we do on a daily basis really matters.

Now that you are thinking about Cisco Live, it would be a great time to also make plans for #KiltedMonday! If you don’t know about Kilted Monday, check out my previous blog post. If you don’t own a kilt, now is the perfect time to order one! As I’ve said in the past, the folks at damnnearkiltem.com make a great product that you won’t mind paying for.

Go register now. Once you do, send me a tweet and let me know you are coming! Cisco Live 2018 Registration

KRACK Attack Mitigation – A Call to Arms!

Posted on October 17, 2017 by subnetwork

Ask any wireless engineer about the relationship with vendors who make the non-standard clients on their network and you’ll likely get a range of responses from quiet sobs to yelled expletives.

Problems ranging from bad driver or firmware updates, KRACK devices which don’t follow the 802.11 standard, and long delays in problem resolution are all part of the experience.

Often we may say to a customer “These clients are causing problems and here is proof. You should look at replacing them.” While the vendor of those products are telling that same customer “Your network sucks!”

With that in mind, I want to consider a few things as we begin the KRACK Attack mitigation.

Check CERT’s Vulnerability Notes Database for the status of vendor updates. This is a pretty extensive list, and is worth following:
CERT’s Vulnerability Database
Some vendors will be VERY slow to issue patches. It is absolutely essential that we as wireless engineers who have the ability to approve devices refuse any new client deployments without the appropriate patches.
Bring the security team into the discussion, and ensure that as a united front, unpatched clients are refused!
Those who work in a sales role should warn all customers away from vendors who are not actively communicating their patch strategy, with clearly defined release dates. We should not send money to any company that doesn’t see resolving this as one of their highest priorities. Those companies should wither and die.
Many large enterprises have specific budgets for IT security related expenditures. If the budget isn’t available from teams responsible for the devices, check with the security team. They may have a budget that can be utilized.
Communicate to the vendors this week. Ask about patching schedules for KRACK. Ask to be included in weekly updates on the status until patches are released. Make it very clear that you see this as a high priority and are not willing to accept a “Maybe, eventually” patch schedule.

As a group of wireless engineers, we cannot accept anything less than appropriate patches which clearly mitigate KRACK.

Geek Tools – Cape Networks for more than just wireless

Posted on September 15, 2017 by subnetwork

In case you missed it, a couple of weeks ago I wrote about my experience testing Cape Networks solution for wireless monitoring. You can find that post here. I first learned about Cape Networks at WLPC, and was able to have a conversation with them at Mobility Field Day 2 that you can watch here.

One point that continues to impress me about Cape Networks is the ability to test much more than WiFi.

It really comes down to the strength of the dashboard and the various tests that each sensor can run. The ability to test against internal and external systems is one example.

Each sensor can test against web servers, iperf, or custom ports of your choosing.

Users can configure a test to run against predefined external websites like Adobe Creative Cloud, Microsoft Office 365, Dropbox, and others. But, the sensor can also test against custom websites, checking not just “Is it up?” but HTTP status codes and latency as well.

I’ve used this recently to help an outside vendor truly understand that “No, our network is not to blame” for the high latency their users are complaining about.

When all other external websites are seeing ~20ms latency, and your web application is averaging ~90ms over a period of weeks, guess what? YOU have a problem!

Averaging 96ms of latency. Maybe that’s why the application is always slow?

Obviously, due to the nature of these tests being performed over WiFi, latency, jitter, and packet loss are all expected to be a bit higher, especially if they are performed during times of peak WiFi utilization. However, when you have tests to compare across multiple online services, it’s easy to notice standout patterns.

One feature request I would make to Cape Networks is this: Allow test to be ran across both the LAN and WiFi connections. If we can compare across these two mediums, we may also see additional information useful in diagnosing wireless issues.

Have you found a non-WiFi use for the Cape Networks sensors? If so, tell me about them in the comments.

As a MFD2 delegate, I did receive a free sensor from Cape Networks and various stickers and other low value (but tasty) snacks. All other expenses for MFD were covered by Tech Field Day. I was not compelled to write about Cape Networks in any way other than personal user experience. My employers decision to purchase sensors was based solely on the user experience and ease of problem resolution.

Geek Tools: Ekahau’s New Sidekick

Posted on September 7, 2017 by subnetwork

Today Ekahau went public with a new device that moves them from just another industry player to leading the wireless survey tool industry.

The Ekahau Sidekick answers a lot of questions that have been plaguing those of us who regularly do wireless surveys. To understand why it is such an important move for the company, you first need to understand a few of the pain points that comes with being a wireless engineer.

Some USB3 hubs create significant RF noise that can affect wireless survey results.
Many 802.11ac USB adapters have very poor consistency between devices.
Laptop batteries are often non-removable, requiring regular recharging when used for survey work.
How reliable is a 3×3:3 USB adapter when all antennas are internal without physical separation? (Short answer, they aren’t)
A laptop with 4-5 dongles connected to it is difficult to manage. I know many people who have snapped off a USB dongle in their career.

So, how does the Sidekick do it different?

It is a dual 802.11ac radio system with 3×3:3 radio chains and the appropriate antennas.
It has a very fast dual band spectrum analyzer with incredibly high resolution.
The device has it’s own 8 hour battery, and does not draw from the laptop battery.
Nothing to snap off and break. This thing is very rugged, and easily hangs from the hip as the engineer moves around.

So the big question is cost. The Ekahau Sidekick cost $2995US. The question of annual support was not answered during the presentation. This assumes the user already has an active license for ESS or ESS Pro.

Most importantly, by separating the hardware and drivers into a unique specialized unit, the Ekahau Sidekick can be used by those of us who use MacOS just as easily as those crazy few still using Windows. Drivers and firmware are no longer a concern.

Well done Ekahau!

You can find out more at: https://www.ekahau.com/sidekick

I received nothing to write this post. I am an active Ekahau user, and purchase licenses and support just like any other user. Hopefully, I will be able to convince my manager that he should fund one more purchase…

Geek Tools – Cape Networks for Wireless Monitoring

Posted on August 28, 2017 by subnetwork

“Wireless isn’t working!” – everyone

How many times have we heard that mantra? As wireless engineers we know all of the intricate details that are required to be in place before wireless “just works.” We often find ourselves trying to explain this to people who see wireless as magic, and us as the magicians. They don’t care about the intricacies of roaming. They don’t care about the underlying systems, many of which we rarely control. DHCP, DNS, RADIUS, and ultimately the services they are trying to connect to.

Assuming a medium to large sized corporate environment, there is likely someone (a team) responsible for the DNS, DHCP, and Radius, and that is not likely to be the same team responsible for wireless. In very large environments, the LAN team that even provides the network cable for the AP may be a different team.

Further increasing the confusion is that problems can often appear isolated, with only a small group of users experiencing the issue.

Then the troubleshooting must begin. Is it a client issue? Were drivers or firmware recently updated on the users systems? Is there a common location, time, or AP that the experience is related to? The list of questions begin to build.

I ran into this in my own network recently. Users were complaining of being unable to connect to wireless. The problems were reported from various locations slowly over a number of days. No particular client was having consistent issues, and I never saw the problem on a customers computer while they were having it. I began looking through logs and following pretty standard troubleshooting steps. Nothing came up. It was as if the problem didn’t exist, yet I was hearing about it often enough to believe that it did.

Considering that I had just returned from Mobility Field Day 2 and participated in the Cape Networks session, I had an idea. Cape Networks provided delegates with a sensor to test. I spoke with my manager at work, a very smart guy (he hired me, right?) who agreed it would be OK to test the sensor in our environment.

The secret to the Cape Networks sensor is that it IS a client. It sees what a client experiences and its entire function is to report on the user experience. It is cloud connected, with an intuitive dashboard, that makes setup and management easy, and remote troubleshooting painless. You really should watch the Cape Networks presentation!

After installing the sensor and configuring the device for our wireless network and the internal services that I wanted it to test, I walked away and forgot about it for a day.
The next morning, I logged back in, and my issue was staring me in the face. DHCP

The time to get a DHCP address was all over the map, peaking as high as 11 seconds. Problem found! Users who experienced those peaks would clearly have issues connecting; add in their own impatience, maybe turning off and on wireless, and of course they couldn’t connect.

Before and after changes were implemented to resolve the DHCP issues users experienced.

Before and after changes were made to DHCP.

What was even more important was that I now had clear metrics that I could take to my team that manages DHCP. I could point to the problem, and then after we developed and implemented a resolution, I was able to point to the same metrics as proof that our plan worked.

As you might have guessed, complaints and rumors of complaints quickly died away.

My organization has since made the decision to invest in sensors from Cape Networks. Their reporting and ease of use make for an unmistakable value. I strongly recommend that you also check them out.

It must be the network…

Ramblings of JD (@subnetwork)