A few months ago, a friend asked me for feedback on what kinds of
network technologies should be taught in school (college level).
I spent a few minutes writing this up and decided I might as well post it here
I have yet to encounter anybody using AppleTalk. In fact, I haven’t used
AppleTalk since the mid 90’s (not to be confused with AFP over TCP/IP
which is not uncommon anywhere there are Macs).
Fiber Channel (Fabrics, Zones)/10/40G/Converged: This is not normal
networking in terms of tools and debugging. High level theory helps cover the
bases, but anybody who will deal with storage in mid to large businesses needs
to know how FC works. Networks are moving to 10G+, and with that, comes
converged. Bundling FC and 10G on the same cable is fantastic. Cards allow for
logical partitioning so you can do something like partition off 4G of FC and 6G
People will whine if I leave out iSCSI, but its a crappy way to do things.
There isn’t much to it, if you understand TCP/IP. All the traditional SCSI
errors show up when you lose connectivity to the block device (which can happen
if you have too much congestion on the switch, or you’re just pushing too much
traffic and the switch can’t handle it. I’ve seen both, and losing a block
device is not pretty. Best case, the machine reboots. Worst case, the
contents of the volume are toast).
Everybody uses BGP externally, lots of places use it internally to handle
dynamic routing. Some places use wierd things like RIP, others prefer OSPF
(it bugs me when they have to create a new protocol for a new version of IP).
Advantage of ISIS, it will route anything.
Its not complicated, but lots of companies use this for
multi-site/multi-campus. Its good to at least have some lab experience with it.
This is used all the time to tie sites together. Sometimes hub and
spoke, sometimes full mesh, depends on the goal. Pushing routing over IPSec is
can be a pain. ISIS can help with that. Facilitates running your routing
protocols over IPSec. You may not be able to do MPLS or BGP dynamic updates
over GRE, depends on implementation. ISIS can tunnel anything, appletalk,
DECnet, its great.
With the depletion of IPv4 prefixes, this is no longer optional. I would
not hire a network engineer who didn’t have (at least) solid lab experience
with IPv6. HE tunnels are free. You can connect lots of devices to them,
including many common consumer routers that are flash-able by something F/OSS
if they don’t support a 6to4 tunnel natively. Once you have a tunnel, you can
route either a /64 or a /48 to your house and practice all sorts of networking
with IPv6 including a v6-only network. Yes, I know that vendor support is not
perfect, but its getting better and the world won’t stop and wait. Understand
the purpose of SLAAC, DHCP, privacy extensions (implications for network
devices), minimum denomination of a practical usable block is /64. Tools don’t
work on smaller blocks (like DHCP).
NAT is not a security technology. MPLS is not a security technology.
There is no excuse for not using SSH. Even crappy brocade routers allow DSA
keys (part of what makes them crappy, they don’t use anything else). I wouldn’t
fire somebody for using telnet, but it would be a teachable moment for the
entire team about what not to do. Bro is great, you can configure it to fire
off alerts when it finds regex matches, like “Password:” If you really care
about encrypted communication between you and a network device, look at Juniper
(don’t get me started on Juniper, thats a whole conversation by itself. Suffice
to say they make working on a network device pleasant again). They support
ECDSA, RSA, and ED25519 (and have for about a year). IPSec tunnels should be at
least as good as Suite B. Anybody that configures 3DES security gets an ‘no pass’.
Understanding how radio signals propagate, and reflect. Frequencies, wavelengths,
interactions, antennas, signal loss. This will come in handy when figuring out
where to place WAPs so they don’t clobber each other, or have gaps with out
signal. Metal in walls significantly reduces signal range. Maybe just have them
get a Technician Ham License. The knowledge is more useful than you’d think.
SDN is important. That said, its just network virtualization/abstraction.
Yeah, there are lots of details that aren’t the same, but if you understand
systems virtualization+automation and networking well, the concepts fold
across pretty well. Check out OpenFlow. Last I looked, the OpenStack
virtualization platform was integrating OpenFlow capabilities. Should be able
to find a F/OSS platform to play with that on.
I know its a little nerdy, but check out blockdiag. Its a slick way to
generate network diagrams from a text file that you can version and keep
track of its history. Its reminiscent of the ‘dot’ language.
Lastly, if you’re still attaching yourself to network devices with a cable,
its time to break free. Check out Air Console. They’re fantastic. Happy
customer for several years now.