EIGRP Troubleshooting Flow

Main Troubleshooting Flowchart

Neighbor Check

Flowchart Notes

Issue the show ip eigrp interface command to verify.

Issue the show interface serial command to verify.

Flowchart Notes

Issue the show ip interface command to verify.

Redistribution Check

Flowchart Notes

Issue the show ip eigrp topology net mask command to verify.

Route Check

Flowchart Notes

Issue the show ip route eigrp command to verify. 

Issue the show ip eigrp topology command to verify. If routes are not seen in the topology table, issue the clear ip eigrp topology command.

Flowchart Notes

Issue the show ip eigrp topology net mask command, to find the Router ID (RID). You can find the local RID with the same command on the locally generated external router. In Cisco IOS Software Release 12.1 and later, the show ip eigrp topology command shows the RID.

Reasons for Neighbor Flapping

The stability of the neighbor relationship is of primary concern. A failure in the neighbor relationship is accompanied by increased CPU and bandwidth utilization. EIGRP neighbors can flap for these reasons:

• Underlying link flaps. When an interface goes down, EIGRP takes down the neighbors that are reachable through that interface and flushes all routes learned through that neighbor.
  
• Misconfigured hello and hold intervals. The EIGRP hold interval can be set independently of the hello interval if you issue the ip hold-time eigrp command. If you set a hold interval smaller than the hello interval, it results in the neighbors flapping continuously. Cisco recommends that the hold time be at least three times the hello interval. If the value is set less than 3 times the hello interval, there is the chance for link flapping or neighborship flapping.
  
• Loss of hello packets: Hello packets can be lost on overly congested links or error-prone links (CRC errors, Frame errors, or excessive collisions).
  
• Existence of unidirectional links. A router on a unidirectional link can be able to receive hello packets, but the hello packets sent out are not received at the other end. The existence of this state is usually indicated by the retry limit exceeded messages on one end. If the routers generating retry limit exceeded messages has to form neighborship, then make the link bidirectional for both unicast and multicast. In case tunnel interfaces are used in the topology make sure that the interfaces are advertised properly.
  
• Route goes stuck-in-active. When a router enters the stuck-in-active state, the neighbors from which the reply was expected are reinitialized, and the router goes active on all routes learned from those neighbors.
  
• Provision of insufficient bandwidth for the EIGRP process. When sufficient bandwidth is not available, packets can be lost, which causes neighbors to go down.
  
• Bad serial lines.
  
• Improperly set bandwidth statements.
  
• One-way multicast traffic.
  
• Stuck in active routes.
  
• Query storms.
  

EIGRP Neighbors are not Recognized

The EIGRP neighbor relationship is not established over the multipoint GRE tunnel if there is an incorrect NHRP association in the spoke. Next Hop Resolution Protocol (NHRP) is used to discover the addresses of other routers and networks behind the routers that are connected to a nonbroadcast multiaccess (NBMA) network. When a network statement under Eigrp covers both the physical interface and tunnel interface (tunnel interface ip address and physical interface ip address belong to the same major class) and if the phyiscal interface is the source of the tunnel, then the both interfaces have to be separately advertised in the Eigrp to avoid issues with DMVPN. The best practice is to advertise the interfaces using specific subnet advertisements.

This issue can be resolved when you clear the NHRP associations with this command:

Router#clear ip nhrp

Source : cisco

Match tag

Adds a matching clause to the route map based on the route tag.  
Syntax: match tag tag-value ... tag-value

no match tag [tag-value...]

tag-value

List of one or more tag values. Valid values for tag value are integers from 0 to 4294967295.

Description: Use the match tag command to create an entry in a route map to test routes based on whether the route's tag matches the specified tag-value.

Use the no match tag command to delete the tag entry.

Route maps consist of sets of match and set commands. Match commands define the match criteria for route maps. Routes that match all defined match criteria are processed according to the actions defined by the set commands. Routes that do not match all of the defined match criteria in the route map are ignored.

Use the route-map command to create a route map. Use the various match and set commands to define the conditions for redistributing routes between protocols.

Route tags are used to communicate information between autonomous system boundary routers. OSPF supports tags. Other protocols have a tag of zero. You can select the source of exported routes based on tags. This is useful when routes classified by tag are exported into a given routing protocol.

Factory Default: No tags are defined.

Command Mode: Route-map configuration.

Example: In the following example, OSPF routes with tags of 1 and 2 are redistributed into BGP with metric 1, and OSPF routes with a tag of 3 are redistributed into BGP with a metric of 5:

• The route-map commands create two instances of a route map named dist-ospf.
• The match tag commands specify a match on tag values 1 and 2 for the first instance of the route map and on tag value 3 for the second instance.
• The set metric commands set metrics to 1 for routes with a tag of 1 or 2 and a metric of 3 for routes with a tag of 5.
• The router bgp command enables BGP and assigns the router to autonomous system 45.
• The redistribute ospf command redistributes routes with a tag of 1 or 2 with a metric of 1 and redistributes routes with a tag of 3 with a metric of 5.

router(config)#route-map dist-ospf permit 10 router(config-route-map)#match tag 1 2 router(config-route-map)#set metric 1 router(config-route-map)#end router(config)#route-map dist-ospf permit 20 router(config-route-map)#match tag 3 router(config-route-map)#set metric 5 router(config-route-map)#end router(config)#router bgp 45 router(config)#redistribute ospf 109 route-map dist-ospf

Qos Map

Dynamips Topology S2N

autostart = False
[localhost:7202]
    workingdir = /tmp
    udp = 10200
    [[2691]]
        image = c:\ccie\c3640-ik9o3s-mz.124-21.bin
        idlepc = 0x6050483c
        ghostios = True
        chassis = 2691
    [[ROUTER SW1]]
        model = 2691
        console = 2017
        slot1 = NM-16ESW
        f1/1 = R1 e0/0
        f1/2 = R2 e0/0
        f1/3 = R3 e0/0
        f1/4 = R4 e0/0
        f1/5 = R5 e0/0
        f1/6 = R6 e0/0
        f1/7 = BB1 e0/0
        f1/8 = BB2 e0/0
        f1/9 = BB3 e0/0
        f1/10 = SW4 f1/10
        f1/11 = SW4 f1/11
        f1/12 = SW2 f1/12
        f1/13 = SW2 f1/13
        f1/14 = SW3 f1/14
        f1/15 = SW3 f1/15
        x = -391.661904883
        y = -22.2060607607
    [[ROUTER SW3]]
        model = 2691
        console = 2021
        slot1 = NM-16ESW
        f1/10 = SW2 f1/10
        f1/11 = SW2 f1/11
        f1/12 = SW4 f1/12
        f1/13 = SW4 f1/13
        f1/14 = SW1 f1/14
        f1/15 = SW1 f1/15
        x = -496.862048458
        y = -340.198051534
    [[ROUTER SW2]]
        model = 2691
        console = 2018
        slot1 = NM-16ESW
        f1/1 = R1 e0/1
        f1/2 = R2 e0/1
        f1/3 = R3 e0/1
        f1/4 = R4 e0/1
        f1/5 = R5 e0/1
        f1/6 = R6 e0/1
        f1/7 = BB1 e0/1
        f1/8 = BB2 e0/1
        f1/9 = BB3 e0/1
        f1/10 = SW3 f1/10
        f1/11 = SW3 f1/11
        f1/12 = SW1 f1/12
        f1/13 = SW1 f1/13
        f1/14 = SW4 f1/14
        f1/15 = SW4 f1/15
        x = 244.887301628
        y = -45.6619048834
 [[ROUTER SW4]]
        model = 2691
        console = 2022
        slot1 = NM-16ESW
        f1/10 = SW1 f1/10
        f1/11 = SW1 f1/11
        f1/12 = SW3 f1/12
        f1/13 = SW3 f1/13
        f1/14 = SW2 f1/14
        f1/15 = SW2 f1/15
        x = 285.198051534
        y = -355.75440072

[localhost:7203]
    workingdir = /tmp
    udp = 10300
    [[3640]]
        image = c:\ccie\c3640-ik9o3s-mz.124-21.bin
        idlepc = 0x6050483c
        ghostios = True
        chassis = 3640
[[ROUTER BB3]]
        model = 3640
        console = 2013
        slot0 = NM-4E
        e0/0 = SW1 f1/9
        e0/1 = SW2 f1/9
        x = -19.0
        y = 282.0
 [[ROUTER R1]]
        model = 3640
        console = 2001
        slot0 = NM-4E
        e0/0 = SW1 f1/1
        e0/1 = SW2 f1/1
        slot1 = NM-4T
        s1/0 = FR0 1
        x = -68.0
        y = -292.0
[localhost:7200]
    workingdir = /tmp
    [[3640]]
        image = c:\ccie\c3640-ik9o3s-mz.124-21.bin
        idlepc = 0x6050483c
        ghostios = True
        chassis = 3640
    [[ROUTER R2]]
        model = 3640
        console = 2002
        slot0 = NM-4E
        e0/0 = SW1 f1/2
        e0/1 = SW2 f1/2
        slot1 = NM-4T
        s1/0 = FR0 2
        x = -65.0
        y = -223.0
    [[ROUTER R3]]
        model = 3640
        console = 2003
        slot0 = NM-4E
        e0/0 = SW1 f1/3
        e0/1 = SW2 f1/3
        slot1 = NM-4T
        s1/0 = FR0 3
        x = -54.0
        y = -148.0
    [[FRSW FR0]]
        1:102 = 2:201
        1:103 = 3:301
        1:104 = 4:401
        1:105 = 5:501
        1:106 = 6:601
        2:201 = 1:102
        2:203 = 3:302
        2:204 = 4:402
        2:205 = 5:502
        2:206 = 6:602
        3:301 = 1:103
        3:302 = 2:203
        3:304 = 4:403
        3:305 = 5:503
        3:306 = 6:603
        4:401 = 1:104
        4:402 = 2:204
        4:403 = 3:304
        4:405 = 5:504
        4:406 = 6:604
        5:501 = 1:105
        5:502 = 2:205
        5:503 = 3:305
        5:504 = 4:405
        5:506 = 6:605
        6:601 = 1:106
        6:602 = 2:206
        6:603 = 3:306
        6:604 = 4:406
        6:605 = 5:506
        x = -445.521428025
        y = 356.923448278
    [[ROUTER BB1]]
        model = 3640
        console = 2009
        slot0 = NM-4E
        e0/0 = SW1 f1/7
        e0/1 = SW2 f1/7
        x = -32.1715728753
        y = 130.0
[localhost:7201]
    workingdir = /tmp
    udp = 10100
    [[3640]]
        image = c:\ccie\c3640-ik9o3s-mz.124-21.bin
        idlepc = 0x6050483c
        ghostios = True
        chassis = 3640
    [[ROUTER R4]]
        model = 3640
        console = 2004
        slot0 = NM-4E
        e0/0 = SW1 f1/4
        e0/1 = SW2 f1/4
        slot1 = NM-4T
        s1/0 = FR0 4
        x = -50.0
        y = -73.5857864376
    [[ROUTER R5]]
        model = 3640
        console = 2005
        slot0 = NM-4E
        e0/0 = SW1 f1/5
        e0/1 = SW2 f1/5
        slot1 = NM-4T
        s1/0 = FR0 5
        x = -45.0
        y = -3.0
    [[ROUTER R6]]
        model = 3640
        console = 2006
        slot0 = NM-4E
        e0/0 = SW1 f1/6
        e0/1 = SW2 f1/6
        slot1 = NM-4T
        s1/0 = FR0 6
        x = -38.0
        y = 60.0
    [[ROUTER BB2]]
        model = 3640
        console = 2012
        slot0 = NM-4E
        e0/0 = SW1 f1/8
        e0/1 = SW2 f1/8
        x = -27.0
        y = 209.0
[GNS3-DATA]
    m11 = 0.707106781187
    m22 = 0.707106781187

First Hop Redudancy Protocol

Source: packetlife

Well Known Port

Well Known Port

http://www.iana.org/assignments/port-numbers

Route leaking vrfs

Dynamips File

autostart=false

##############
# Instance 0 #
##############

[localhost:7200]

[[7200]]

  image = c:\CCIE\Emulator\Dynamips\images\c7200-p.120-32.S9.bin
  ram = 64
  npe = npe-400
  idlepc = 0x60669380

#########################################
 [[Router CE1]]
  model = 7200
  console = 2001
  F1/0 = PE F1/0

 [[Router PE]]
  model = 7200
  console = 2002
  F2/0 = CE2 F2/0

 [[Router CE2]]
  model = 7200
  console = 2003

Final Configuration

PE

hostname PE
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf CE1
 rd 1:1
 route-target export 1:1
 route-target import 2:2
!
ip vrf CE2
 rd 2:2
 route-target export 2:2
 route-target import 1:1
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 100.100.100.100 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
 no clns route-cache
!
interface FastEthernet1/0
 ip vrf forwarding CE1
 ip address 10.10.10.254 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet2/0
 ip vrf forwarding CE2
 ip address 20.20.20.254 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet2/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 no auto-summary
 !
 address-family ipv4 vrf CE2
 redistribute connected
 redistribute static
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf CE1
 redistribute connected
 redistribute static
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
ip route vrf CE1 1.1.1.1 255.255.255.255 10.10.10.1
ip route vrf CE2 2.2.2.2 255.255.255.255 20.20.20.1
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 stopbits 1
line vty 0 4
 password cisco
 login
!
!
end

CE1

hostname CE1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
 no clns route-cache
!
interface FastEthernet1/0
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.254
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 stopbits 1
line vty 0 4
 password cisco
 login
!
!
end

CE2

hostname CE2
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
 no clns route-cache
!
interface FastEthernet2/0
 ip address 20.20.20.1 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet2/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.254
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 stopbits 1
line vty 0 4
 password cisco
 login
!
!
end

SERVICE STRATEGY

SERVICE STRATEGY

Goals

•  Design, develop and implement service management, as a
strategic asset;
•  Organizations in a position to handle costs and risks associated
with their service portfolios; and
•  Key Role: Stop and think about WHY  something has to be
done, before thinking HOW.

Objectives

•  Design, develop and implement service management as a
strategic asset and assisting growth of the organization; and
•  Define the strategic objectives of the IT organization.

Processes

•  Financial Management;
•  Service Portfolio Management; and
•  Demand Management.
Financial Management for IT Services
•  To provide cost effective stewardship of the IT assets and the
financial resources used in providing IT services;
•  The process of budgeting, accounting and charging for IT
Services;
•  To be able to account fully for the spend on IT Services and to
attribute these costs to the services delivered to the
organization’s customers; and
•  Using FMIT to provide services with cost transparency (e.g. via
service catalogue) clearly understood by the business and then
rolled into the planning process for demand modeling and
funding is a powerful benefit.

"have to become a real man"

And now, the end is here
And so I face the final curtain
My friend, I'll say it clear
I'll state my case, of which I'm certain
I've lived a life that's full
I traveled each and ev'ry highway
And more, much more than this, I did it my way

Regrets, I've had a few
But then again, too few to mention
I did what I had to do and saw it through without exemption
I planned each charted course, each careful step along the byway
And more, much more than this, I did it my way

Yes, there were times, I'm sure you knew
When I bit off more than I could chew
But through it all, when there was doubt
I ate it up and spit it out
I faced it all and I stood tall and did it my way

I've loved, I've laughed and cried
I've had my fill, my share of losing
And now, as tears subside, I find it all so amusing
To think I did all that
And may I say, not in a shy way,
"Oh, no, oh, no, not me, I did it my way"

For what is a man, what has he got?
If not himself, then he has naught
To say the things he truly feels and not the words of one who kneels
The record shows I took the blows and did it my way!

Frame Relay Shortcut

Cisco Network Address Translation Lab

Network Address Translation Lab

Static NAT Configuration

Network Setup for NAT

- Static NAT requires the fewest configuration steps as compared to other NAT implementations.
Each interface needs to be identified as either an inside or outside interface with the ip nat
{inside | outside} interface subcommand, as well as the configuration for static mapping
between each pair of inside local and inside global addresses. Only packets arriving on an inside
or outside NAT interface are subject for translation.

- Static NAT configuration on NAT:

NAT#conf t
Enter configuration commands, one per line. End with CNTL/Z.
NAT(config)#int e0/0
NAT(config-if)#ip nat inside
NAT(config-if)#int e0/1
NAT(config-if)#ip nat outside
NAT(config-if)#exit
NAT(config)#ip nat inside source static 172.16.1.2 200.1.1.2
NAT(config)#ip nat inside source static 172.16.1.3 200.1.1.3
NAT(config)#^Z
NAT#
NAT#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 200.1.1.2 172.16.1.2 --- ---
--- 200.1.1.3 172.16.1.3 --- ---
NAT#
NAT#sh ip nat statistics
Total active translations: 2 (2 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0/1
Inside interfaces:
Ethernet0/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
NAT#

- Below shows the IP NAT debugging messages when PC1 (172.16.1.2) telnet into ServerA
(200.1.1.200). The debug ip nat privileged command displays every packet that is being
translated by the NAT operation.

NAT#debug ip nat
IP NAT debugging is on
NAT#
00:10:10: NAT: s=172.16.1.2->200.1.1.2, d=200.1.1.200 [0]
00:10:10: NAT: s=200.1.1.200, d=200.1.1.2->172.16.1.2 [0]
00:10:10: NAT*: s=172.16.1.2->200.1.1.2, d=200.1.1.200 [1]
00:10:10: NAT*: s=172.16.1.2->200.1.1.2, d=200.1.1.200 [2]
00:10:10: NAT*: s=172.16.1.2->200.1.1.2, d=200.1.1.200 [3]
00:10:10: NAT*: s=200.1.1.200, d=200.1.1.2->172.16.1.2 [1]
00:10:10: NAT*: s=200.1.1.200, d=200.1.1.2->172.16.1.2 [2]
00:10:10: NAT*: s=200.1.1.200, d=200.1.1.2->172.16.1.2 [3]
NAT#

- Below shows the output of netstat command at ServerA.

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP ServerA:telnet 200.1.1.2:1050 ESTABLISHE

- The static mappings are created with the ip nat inside source static {inside-local-addr}
{inside-global-addr} global configuration command. The inside keyword tells NAT to translate
the IP addresses in packets sourced from the inside network destined to the outside network.
The source keyword tells NAT to translate the source IP address of the packets. The static
keyword indicates a static entry, which will not be removed from the NAT table due to timeout
or the clear ip nat translation * privileged command.

- The show ip nat translations EXEC command displays the active NAT mappings.

- The show ip nat statistics EXEC command displays the counters for translated packets and
NAT table entries, as well as some basic configuration information.

- The ip nat inside source static {tcp | udp} {inside-local-addr} {local-port-num} {inside-
global-addr | interface {inside-global-intf type num}} {global-port-num} global
configuration command can be used when outside users would like to access an inside resource,
eg: an FTP Server. This command seems to be difficult to understand at the first glance.
However, it would work, as inside source would translate the destination IP addresses in
packets that travel from outside to inside network. This is also known as port forwarding.

- inside source translates the source IP addresses in packets traverse from inside to outside,
and translates the destination IP addresses in packets traverse from outside to inside.

- inside destination translates the destination IP addresses in packets traverse from inside to outside, and translates the source IP addresses in packets traverse from outside to inside.

- outside source translates the source IP addresses in packets traverse from outside to inside, and translates the destination IP addresses in packets traverse from inside to outside. Mostly used when translating overlapping addresses.


Dynamic NAT Configuration

- An access list is created to include all the hosts on the inside network that are allowed to use
NAT to communicate with outside network. The ip nat pool {pool-name} {start-ip} {end-ip}
{netmask netmask | prefix-length prefix-length} global configuration command defines the
pool of inside global addresses that can be dynamically allocated for dynamic NAT operation.

- Dynamic NAT configuration on NAT:




- The access list indicates whether a NAT router should translate the source IP address in a packet.
Only packets with the source or destination addresses that are permitted (matched) in the access
list will be translated. Packets with the source or destination addresses that are not matched by
the access list will not be translated and the will be forwarded normally.

- With the ip nat inside source list 1 pool pool01 command configured, packets that traverse
from inside to outside with a source IP address matched by ACL 1 (172.16.1.2, 172.16.1.3)
will be translated to the an inside global address in the NAT pool pool01 (200.1.1.1, 200.1.1.2).

- The entries in the NAT table will be removed after a period of inactivity (timeout). The clear ip
nat translation * privileged command can be used to forcefully remove all dynamic NAT
entries in the NAT table. The NAT table is stored in memory and is cleared upon router reboot.
Note: Static NAT entries can only be removed with the no form of the static NAT commands in
the global configuration mode.

PAT Configuration

- PAT configuration on NAT:



Alternative configuration:
NAT(config)#ip nat pool pool02 200.1.1.254 200.1.1.254 netmask 255.255.255.252
NAT(config)#ip nat inside source list 1 pool pool02 overload

There is no such thing as career path

Wow Good Idea From Himawan

*There is no such thing as career path.*

Gue bicara tentang karir untuk seorang engineer, atau mereka yg mau fokus
dan tetap bekerja di bidang teknis di area computer networking, misalnya,
sampai pensiun.

Di organisasi tertentu ini sangat jelas terlihat. Tidak ada karir buat
engineer, terutama di tempat di mana IT dilihat hanya sbg penunjang bisnis
utama dari perusahaan. Ketika seorang engineer menjadi senior dan ingin naik
lebih tinggi lagi dia harus pindah ke jalur management, misalnya dgn menjadi
manager teknis. Dan ini berarti dia harus berurusan dgn hal-hal lain di luar
kerjaan seorang engineer: mengatur orang, budget, perhitungan overhead di
team, dan sebagainya. Di organisasi spt ini buat mereka yg masih tetap ingin
menjadi engineer sampai tua tidak akan bisa mendapat promosi lagi. Bahkan
bisa jadi lebih buruk karena ada organisasi yg memilih utk mengganti
engineer-engineer senior yg sudah tua dgn yg lebih muda karena bisa
menurunkan gaji yg harus dibayar.

Bagaimana dgn perusahaan yg bergerak di bidang solusi teknis? Bukannya
bisnis perusahaan tergantung dari para engineer dalam membuat solusi? Solusi
teknis dari engineer bisa dijual dan mendatangkan keuntungan buat
perusahaan, berarti ini tempat yg tepat utk para engineer? Tidak juga. Kata
kuncinya tetap “dijual dan mendatangkan keuntungan” jadi intinya tetap di
usaha perusahaan utk menjual, bukan produknya. Kita harus mengerti bahwa
tidak mudah utk mengukur hasil kerja seorang engineer. Sbg contoh, seorang
sales di perusahaan bisa diberi target penjualan pertahun, dan jika dia bisa
mencapai target tsb, bahkan melebihi utk beberapa tahun berturut-turut, maka
sudah pasti promosi menanti. Bagaimana cara kita mengukur keberhasilan
seorang engineer dgn metoda yg serupa? Dgn cara melihat berapa hak paten
dari inovasi yg dia hasilkan, atau berapa banyak IETF RFC’s dia terlibat?
Gue bicara ttg engineer pada umumnya yg bekerja di bidang computer
networking, dan kebanyakan tidak seberuntung itu utk bisa bekerja di bagian
R&D dan duduk di lab utk menghasilkan teknologi networking baru.

Jadi apakah ada caranya buat engineer utk berkarir?

Jawabannya: ada. Di perusahaan yg melakukan inovasi di bidang teknologi
mereka mengerti bahwa sgt penting utk mempertahankan engineer-engineer yg
bagus sehingga ada jalur karir di bidang teknis yg tersedia. Ini adalah
perusahaan di mana seorang engineer bisa terus fokus ke teknikal dan
berkarir utk ke level yg lebih tinggi sehingga mencapai level
“Distinguished” engineer atau bahkan disebut sbg “Fellow”. Tapi tetap saja
utk mencapai level tsb kita harus mengambil kendali karir kita, tidak bisa
menunggu siapapun, kita harus membuat jalur karir kita sendiri, dan
terkadang ada hal-hal yg harus dikompromikan.
Dan yg gue tahu, engineer yg baik tidak pernah berkompromi [image: :)]

Pertama, engineer harus berkompromi utk menerima kenyataan bahwa team teknis
itu sangat sedikit dilibatkan dalam hal-hal yg berkaitan dgn keputusan
bisnis, seperti perubahan di dalam organisasi. Ketika perusahaan tiba-tiba
mengubah model bisnis yg dilakukan, termasuk melakukan restrukturisasi team
engineering, maka engineer akan diberi tahu ketika perubahan sudah akan
dilakukan atau bahkan telah terjadi. Bisa jadi seorang engineer baru kembali
dari weekend hanya utk menemukan kenyataan bahwa dia sudah dipindahkan ke
team yg baru atau mendapat manager yg baru. Jadi, seperti tidak cukup sulit
buat engineer utk bisa menunjukkan kemampuannya di perusahaan, bagaimana
jika dia harus pindah team atau ganti manager yg berarti dia harus mulai
lagi utk membangun kredibilitas dan reputasi?

Yg kedua, seorang engineer mungkin harus berkompromi dgn memanipulasi fakta
teknis utk mendukung bisnis dari perusahaan. Solusi teknis yg sebenarnya
tidak sesuai dgn yg diminta customer, tapi tetap dijual karena alasan lain
termasuk alasan politis dan hal-hal diluar teknis. Dan sekarang engineer
harus bisa membuat solusi tsb bekerja dgn cara apapun. Seorang engineer muda
yg masih idealis bisa saja berkata TIDAK, karena dia masih lebih suka utk
bekerja berdasarkan fakta teknis yg nyata, sebagaimana engineer yg
seharusnya. Tapi jika ingin berkarir, dari seorang engineer utk kemudian
menjadi senior, dan naik lagi menjadi architect, sampai ke level yg disebut
technical lead atau distinguished dan sebagainya, tentunya organisasi tempat
si engineer bekerja mengharapkan dia utk bisa mendukung bisnis perusahaan.
Dari pandangan gue, ini tetap saja sebuah kompromi.

Yg ketiga dan kompromi yg terburuk dari semuanya, karena sangat sulit utk
menjadi menonjol sbg seorang engineer, bisa saja engineer memilih jalan
singkat dgn cara melakukan cara apapun agar bisa dapat promosi. Ada yg
pernah bilang kalo utk berkarir di perusahaan itu yg paling penting adalah
bagaimana agar bisa menonjol dan kelihatan. Tapi bagaimana jika si engineer
lebih sibuk agar bisa terlihat tapi tidak benar-benar melakukan pekerjaan yg
seharusnya? Kompetisi di antara engineer tsb bisa menjadi sangat jelek dan
tidak ada hasil karya yg dihasilkan, hanya upaya dalam berlomba-lomba
menonjolkan hal-hal yg sebenernya belum selesai.

Gue berharap tiga hal tsb cuma imaginasi gue doang, sebagai hasil dari
kebanyakan menghisap Shisha sambil ngobrol ngalur-ngidul dgn teman-teman
lama tadi malam. Sayangnya, beberapa hal di atas sangat nyata terjadi di
kehidupan sehari-hari.

Jadi jika gue udah tau itu semua, mengapa repot-repot menulis dan
mendiskusikannya? Hidup itu pilihan kan?

Memang benar.

Alasan mengapa gue mendiskusikan hal-hal tsb di sini adalah supaya
orang-orang spt gue yg berpikiran dan merencanakan utk menghabiskan waktu
gue sampai tua utk tetap berurusan dgn bidang teknis, bisa mempunyai
ekspektasi yg tepat. Ketika kita sudah memilih utk menjadi engineer utk
seterusnya maka kita harus tahu konsekuensi apa yg harus kita hadapi. Bahwa
karir ke depan tidak akan mudah dan penuh tantangan, bahkan hanya utk naik
satu level di perusahaan. Kita menjadi lebih siap dan mampu menerima
kenyataaan ketika teman kita di departemen yg lain, misalnya di divisi
sales, bisa berkarir dgn lebih cepat.

Dan gue juga punya satu rahasia yg mau gue bagi di sini. Gue melihat bahwa
utk mendapat promosi sbg orang teknis kita tidak perlu melakukan kerja yg
bagus di setiap kali. Yg harus dilakukan adalah melakukan kerja yg luar
biasa walaupun hanya satu kali. Dgn bekerja sangat hebat bahkan hanya di
satu project, di waktu yg tepat dan ketika dilihat oleh orang yg tepat, akan
mendatangkan hasil yg jauh lebih baik. Jadi spt *one great rock show can
change the world*, kata Dewey Finn alias Jack Black di School of Rock. Dan
tentunya kita tidak harus menonjol dgn cara mengambil hasil kerja orang
lain, walaupun kita sangat ingin utk mendapat promosi.

Apakah cara itu akan benar-benar berhasil?

Mana gue tahu? Gue itu tipe orang yg selalu berpindah-pindah organisasi
ketika gue mau lebih. Di masa lalu, utk mendapat gaji yg lebih tinggi gue
pindah ke perusahaan lain. Utk mendapat profil kerjaan yg lebih bagus gue
pindah ke team yg lain. Gue membangun jalur karir sendiri dgn cara
berpindah-pindah dari satu perusahaan ke perusahaan lain. Gue belum pernah
berada di satu tempat dalam waktu lama utk bisa membuktikan apakah ‘rahasia
karir’ gue itu bisa benar-benar berhasil.

Jadi gue akan memberi tahu hasilnya ketika sudah dapat promosi.

Pernyataan: tulisan ini merupakan pendapat gue pribadi dan tidak ada
hubungannya dgn organisasi tempat gue bekerja sekarang. Ini semua hanya
berdasarkan pengalaman pribadi berpindah-pindah dari satu perusahaan IT ke
perusahaan yg lain, dan juga berdasarkan pengalaman gue bekerja sbg seorang
kontraktor.
Dan gue tidak menghisap apapun ketika menulis ini.




--
A triple CCIE by skill, an engineer by heart.
A consultant by day, a backpacker by night.
A pioneer. A dreamer, a traveler, a blogger.

http://brokenpipes.blogspot.com
http://himawan.blogsome.com (in bahasa)

Source by IndoCisco

Ubuntu bug

When we wrote yesterday about trying - and failing - to install Ubuntu 9.10, we thought we had made it clear that the installer failed to recognize two of the three installed SATA drives in our test machine. Despite this, we were exposed to a torrent of spittle-flecked invective suggesting we were variously too old, too young, too stupid, in the pay of Microsoft or simply just an asshole.

We were particularly taken with the number of Linux supporters apparently suffering from Tourette's Syndrome and especially the ones who hoped our families got cancer. It's always refreshing to receive good objective criticism.

Luckily, some readers managed to stay calm and pointed out that there is indeed a critical bug in the 64 bit RC version of Ubuntu 9.10 which fails to recognize multiple hard drives, so, sadly, the failure of the OS to install was down to coding errors rather than user incompetence.

As one reader said:

"The Ubuntu 9.10 RC installer has a rather surprising bug dealing with multiple disk drives; see #459054 at bugs.launchpad.net. It's already fixed in the daily builds, so I expect the final release will probably not have it. In the meantime, if you seriously want to try Ubuntu, either use a 9.04 CD or wait until the 9.10 actual release.

"If you are feeling conservative, wait until December and then try it, after the teething problems shake out. I like Ubuntu, but I won't pretend to anyone that it's ready for naive use until 3-5 weeks post-release. Us bleeding edge types start running new versions and/or upgrading around alpha-6, but we also file bug reports and cope with the odd spot of breakage."

Checking out bugs.launchpad.net as suggested, we found that this was indeed the case. In a post dated 26 October, Jim Leinweber wrote:

"The 9.10RC Karmic Koala ubiquity disk partitioning steps (#4, #5 in the installation screens) seem to have regressions when booting the AMD64 ubuntu live desktop CD on systems with multiple disks.

"On one system, the "side by side" radio button only showed sdc."Erase" would allow choosing sda, sdb, or sdc. The "manual" partitioning option showed all partitions on all three drives and seemed normal.

"On another system, recently loaded with windows 7 professional on a 250 GB sda, the "side by side" radio button line was missing entirely, and the manual option didn't show either the sda or the sdb SATA disk drives (intel chipset). It looked normal on a system with only 1 SATA drive."

So there we have it. Not my fault at all. Sorry about that. I will, however, be trying Karmic Koala again, but not until December, as suggested. I'll be sure to let you know how I get on.

And here's a question for you: How on earth is a potential Linux user to know they should check out launchpad.net, or similar sites to discover why things don't work? If Linux is to succeed as a mass-market OS, it must move away from the realm of the hobbyist and into the mainstream.

Security firm demoed hacking and eavesdropping on IPhone mobile VoIP calls

Over the weekend, Sipera Systems demonstrated how easy it was to eavesdrop and record VoIP calls made over an unsecured WiFi network on the iPhone. Using open source software called UCSniff, the security team hacked into the iPhone's VoIP calls proving that without security software, mobile VoIP calls might not be ready for business clients. The software has actually been around for awhile, but it just recently added the ability to listen to calls as they take place rather than after the fact.

Of course, Sipera does have a vested interest in showing us how easy it is to hack mobile VoIP calls. Today the company announced their Sipera Secure Live Communications (SLiC) mobility solution which promises to provide enterprise-class communications privacy and security for VoIP and UC on smartphones. The solution even includes a smartcard card-authentication system before users can access enterprise applications. Sipera believes the solution will allow businesses to provide smartphone-based VoIP services for their employees--saving call-minutes and high costs associated with employee cellphone use.

Read more:
- check out this article on the hacking demo ( http://www.theregister.co.uk/2009/10/23/iphone_voip_sniffing_made_easy/)
- read the press release ( http://www.fiercewireless.com/press-releases/sipera-slic-delivers-breakthrough-smartphone-security-business-ready-mobile-voip-an-0 )

source : fiercevoip.com

Google Removes Green Party Web Site From Index Due To Hac

On Sunday, if you searched in Google for [Green Party] you would not find the official Green Party of United States web site, which is at gp.com. Even if you searched for gp.org, Google would not show you the site.

One person complained about the issue at Google Web Search Help forums and a few days later, a Googler came in and told us why.

In short, the site was hacked and included harmful malware that could infect searchers computers. Google removes sites that include malware from their index, until the site is fixed. In addition, if sites are injected with links to unrelated site, with the sole intent of link spamming Google, Google will also remove the site from their index. That is what Google did in this case, and now the site is back in the index.

Googler, Jaime said:

The gp.org website was removed from Google's results because it has been hacked (if you look at the source code for http://gp.org/, about halfway down you'll see hundreds of spammy hidden links to websites selling several drugs such as Viagra and Fluoxetine).

We sent an email to the gp.org webmaster a week ago, on Monday the 19th, and they were also notified via the webmaster tools console (http://google.com/webmasters). Anyone in contact with the owners of this site, please give them this information and, as danielroofer pointed out, let them know they can visit the Webmaster Help Forum if they have additional questions.

In the meantime, we've already reinstated this site into our index, but it may take up to 24 hours for it to start showing everywhere.

Today, it seems like the spam and hack has been removed from GP.org and the site is now back in the Google index.

source : http://www.seroundtable.com/archives/021016.html

Clear card security screening is stuck on the tarmac

In the beginning, it seemed like an idea that couldn’t lose. With the advent of tortuous and often annoying post 9/11 security procedures at SFO and other U.S. airports, the notion of a way to reduce the hassle of airport screening struck most as a very attractive option.

However, the rollout of technology to make all of this possible for travelers has been anything but smooth. Verified Identity Pass, the company who promised to rollout a fingerprint and iris scan process accompanied by a smart ID card called “Clear” that would allow users (for a $199 fee) to go to the head of the security line, suddenly folded their tent last June. They left 200,000 paying customers high and dry with no refunds.

If you were a “Clear” customer, you have every right to be nervous. Those who signed up had to provide extensive confidential personal information and the fate of that data has remained very much up in the air. In addition, a laptop that contained the personal information of over 30,000 customers was “misplaced” at SFO last year. The computer was found and assurances were made that the sensitive information had not been accessed. Oops……sorry about that!

A Bay Area investment group – Henry, Inc. – has stepped in recently to buy the assets of “Clear.” Their website promises to restart the security screening process again in “Winter 2009/2010.” There are no indications that the new process will use different technology or provide stronger safeguards for the customer’s sensitive personal data.

It may well be that the federal government’s lack of confidence in “fast-pass” technology for airport travelers will hold back any successful rollout of this system. In the meantime, we all continue to line up – shoeless, beltless and liquid-free. If indeed there is a technology solution that will speed us through airport security, it can’t come soon enough.

source : http://www.examiner.com/x-27653-SF-Technology-Examiner~y2009m10d30-Clear-card-security-screening-is-stuck-on-the-tarmac

Blackberry snooping software

bugs BlackBerrys

The Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) is warning BlackBerry users about a spyware program that allows attackers to turn a target's handset into a microphone that can be accessed remotely.

PhoneSnoop is a free, remote spying application designed for BlackBerry phones. The app works by intercepting phone calls from a predetermined 'trigger' number. When PhoneSnoop detects an incoming call from that number, it accepts the call and turns on the BlackBerry's speaker phone, effectively allowing the caller to listen in on the target's surroundings.

There are some very real limitations of this spying app: For starters, an attacker would need to have physical access to the victim's phone in order to install the app. PhoneSnoop also can't listen in on the victim's phone calls, and it leaves a conspicuous new program icon in the victim's app list.

Still, the alert serves as a useful reminder on the importance of maintaining proper physical security around the communications devices most of us depend upon. I am often asked about the threat to mobile phones from viruses and the sorts of spyware that typically assails PCs, and my response is always that the physical threat -- particularly the prospect of having your phone lost or stolen (however briefly) -- should be the user's primary concern.

PhoneSnoop was written and released by Sheran Gunasekera, a Sri Lankan programmer who heads the security division for Hermis Consulting, an Indonesian consulting firm that gets paid to conduct physical and network penetration tests for banks and telecommunications providers.

Gunasekera said he built PhoneSnoop as a proof-of-concept app, and as such it is not very stealthy. Still, he said, apps like PhoneSnoop could be silently bundled with other apps that the BlackBerry user wants to download, and could be set to run in the background without obvious notifications. BlackBerry apps also can be set so that they do not include program icons, or so that they simply don't show up in the list of running applications.

"BlackBerry is one of the most secure platforms out there, so what I wanted to do was highlight that even though you have a secure platform, in the end the user is probably going to be the weakest link," Gunasekera said.

PhoneSnoop isn't exactly new or feature-rich, but it is free. Applications like Flexispy and Mobile Spy can be used to intercept and relay a user's text messages, phone call logs and even GPS coordinates. Still, these other apps can cost between $250 to $300.

The BlackBerry does have some built-in defenses, if the user chooses to turn them on. As Symantec notes in its blog post about this app, you can require that a personal identification number (PIN) be provided before any apps can be installed. Also, a BlackBerry Enterprise Server can be configured to prevent applications from installing or running properly, and can remotely wipe a BlackBerry of any data should its owner lose or misplace the device.

Gunasekera added that he expects to soon release other applications to help users better secure their phones against snooping or theft. One free program he already released -- called Kisses -- can detect applications installed on a BlackBerry that have been designed to remain hidden (including programs like Flexispy).

source : http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1372852,00.html

Juniper OLIVE Vmware

The Olive (Olea europaea) is a species of small tree in the family Oleaceae, native to coastal areas of the eastern Mediterranean region. The natural wild Olive is a small tree or shrub to 8 m tall with rather straggling growth and thorny branches. The leaves are opposite, oblong pointed, 4-10 cm long and 1-3 cm broad, dark greyish-green above and, in the young state, hoary beneath with whitish scales. The small white flowers, with four-cleft calyx and corolla, two stamens and bifid stigma, are borne generally on the last year's wood, in racemes springing from the axils of the leaves. The fruit in the wild plant is small drupe 1-2 cm long, and the fleshy pericarp, which gives the cultivated olive its economic value, is comparatively thin.

Juniper's official position is that Olive does not exist. Considering that Olive is an unsupported and unsupportable platform using "free" (aka illegally licensed) software, this is not an unreasonable official position. Olive is essentially a hackers platform, with absolutely no support of any kind, and it is not suitable for any type of commercial use. If you are in any doubt, or if you are not able to figure it out, you should invest in a low-cost platform such as J-Series instead.

It is also important to remember that Olive exists because Juniper allows it to exist, and is a testament to the mutual respect between the extremely knowledgeable developer and user bases. If the Olive platform became widely abused, Juniper could easily add additional software checks to prevent it from working. Please do not abuse this feature by doing stupid things like contacting JTAC for support on an Olive, or selling illegal copies of the software as "router simulators". This type of activity is likely to have serious legal consequences and/or provoke a justified response from Juniper, so just don't do it.