tzlee.com/blog

Tag: Cisco

  • The Beauty of CLI

    While Apple has successfully proven to the world that a well designed Graphical User Interface (GUI) can indeed provide better user experience, the beauty of a good Command Line Interface (CLI) shouldn’t be forgotten either.

    A GUI works well in consumer environments (e.g. SOHO routers), but enterprises and service providers work a little differently.

    I work in a service provider environment and have seen quite a fair bit of “high end” technology products. (These are usually appliance or black box hardware, like firewalls, routers, load balancers, DPIs, etc.) My observation is that while a lot of them have a great solution to an engineering problem, they actually create a management problem. Why? Because of the lack of a proper CLI or a proper management tool.

    There’s only so much a GUI can do to manage something as complicated as, say, a firewall. Check out the screenshots below taken from Mac OS X and Windows XP. They’re surprisingly complicated and not exactly useful. FYI, clicking on the [+] button on the Mac brings you to a file browser; I was expecting a form with IP address, port numbers and protocols.

    Windows XP Firewall Configuration
    Mac OS X Firewall Configuration

    So, how do I add a rule to allow my custom app running on UDP port 15,233? How do I tell the firewall to stop processing further rules if I see a certain TOS marked packet? These aren’t use cases for consumer firewalls, but in enterprises, rules like these are very common.

    Firewalls are actually simple examples of GUI gone wrong. However, there are way more complicated devices than firewalls around, such as load balancers, DPIs and all sorts of routing gear. The problem gets multiplied many folds when there are tens, hundreds or even thousands of these configurations to manage on multiple machines.

    While a fancy GUI gets you through a sales pitch with the higher management folks, it’s really a PITA for the guys (like me) running the show. There’s a certain beauty in CLIs that GUIs cannot emulate. One if them is duplication. It is extremely difficult to duplicate mouse clicks and menu navigation, not to mention getting around errors. Imagine you have 1,000 Windows XP machines. You need to add a new firewall rule to allow your users to access a new mail server. Without Active Directory, you’d have one hell of a time… clicking.

    The other pain of working in enterprise datacenters is the lack of remote access (thanks to NAT and VPN crap) or an actual monitor console. Many engineers run around with a laptop and a RS232 serial cable. That’s all that’s needed to manage a device on the run.

    So if you’re going to build something for the enterprise, particularly appliances/black box devices, please focus some effort on building a proper CLI or centralized management. Learn from the experts – there’s a reason why guys like Cisco, Juniper and Extreme are industry leaders.

  • Telnet to Serial Script for the Mac, Now Complete

    In my previous blog entry, I found a tool MultiCom that proxies my serial to a TCP socket, but it was lacking the ability to set my telnet client into character mode and wasn’t working with Cisco devices.

    I later found out this was because Telent sends CR + NULL everytime you hit ENTER, so this happens:

    Username: (type username) CR
Password: NULL (type password)

    I couldn’t log in! I am curious why other devices ignored the NULL while Cisco choose to process it. Not as if NULL would be used as part of a password.

    So, I got my script to work. Theoretically this script should work on any UNIX system and on any type of FIFO, but I’ve only had time to test it on the Mac and a serial cable.

    Download the script here. Rename it to script.py and then chmod 755 script.py.

    (more…)

  • 3Com Vanished?

    It seems 3Com has silently vanished from the desktop networking scene. I had a flashback into the past as I dug out some old 10/100 3Com NICs. I wanted to install them into my server so I could test out a virtual router but couldn’t find Windows 2008 drivers for them at all.

    3Com 595 and 905B NICs.
    3Com 595 and 905B NICs.

    In the end, I installed an Intel NIC and it worked perfectly off default drivers found in Windows 2008.

    3Com made pretty decent hardware back in the late 90s – I still have some SuperStack switches and an OfficeConnect hub lying around. These stuff seem to work forever.

    I was quite surprised because 3Com used to be the choice for desktop networking until sometime in 2000 when things started to change – they exited the enterprise market and focused on the then-popular Palm brand. On July 31st 2000, 3Com’s share fell sharply after it spun off Palm. Later that year, their Chief Executive quit.

    In 2003, 3Com went into a joint venture with Huawei, now known as H3C.

    Oddly after checking 3Com’s website, they are back in the enterprise market again, but things will never be the same.