this is the art of network engineering podcast in this podcast we'll explore keyless technologies and talented people we aim to bring new information to expand your skill sets and toolbox and share the stories of fellow network engineers we've all seen the stories heard the tales for years now local networks have been flooding with packets demanding internet access depletion of ipv4 addresses is continuing rapidly of course ipv6 is the ultimate answer but adoption is slow we live in the age of the internet of things and there were oh so many i'm pretty sure you can even connect your toilet directly to the internet now i mean seriously what the heck why would you do that luckily all these years there has been a service working tirelessly to keep the lights on bridging that gap until ipv6 saves us all in that gap bridger is me i am that man and this is the art of network engineering mad man all right thank you nat man i am aj murray at no blinky blinky natman is tim burtino at timbertino natman how you doing not too shabby uh nat man is an extremely low-budget film but it is unrated so anything can happen can we expect multiple sequels of gnatman like we have other popular oh i hope that might rhyme with that i don't know i i think i think we need to i don't want to do that man or at least other characters that we might find batman versus ant-man or something dyslexic battle from dan dan made it home from vermont dan how are you doing well i'm i'm a little bit sadder but uh i i made it home safely so that's all that matters i guess i know my wife had to keep checking with me she's like oh you're sad aren't you yeah i miss my friend i miss my buddy we had so much fun we did we got really drunk too no we didn't no we really didn't we had a lot to drink we didn't get we did yes we did lots of beer was uh was consumed andy how are you i'm good aj not too much to report i had some ice cream tonight hey that's a good night i'm mad at you by the way me yeah because that time i i had gone a fairly decent amount of time without without hitting the ice cream bucket and you started talking about it a few weeks ago you're welcome yeah i appreciate that you can afford it you look like way of 90 pounds soaking wet so have some ice cream you got it just for you andy thanks brother all right guys uh we do have a guest this evening but before we introduce our guests we'll get through our normal playlist here so uh andy can i get a goat scream for the winning grab your goat what your batteries are done needs a battery there we go hey look there it is was that yours or mine i don't know it sounded like it was you have to ask andy you have to ask wait a minute my goat's failing hold on that's a failure time for battery we wore it out we were all the wins winning this week is bill murray he passed his vcp 7.0 congratulations bill uh eric smith passed the security plus exam okay this is my favorite win this week the underscore eoc accepted a position as a network deployment engineer at red river congratulations did he know who works there yeah yes he knows who works there thank you tim your future co-worker the underscore eoc we need to get him on by the way i know a little bit about him and he's got a great story yeah i agree yeah i'm sure we will so he started or when does he start uh i believe he starts mid-august he's accepted the position and is working through that process so we'll expect to see him here mega mid-august uh mick manny mcmahon and me if i can pronounce that right um nicholas passed his devnet associate and the ecms1 you guys are you familiar with the ecms no no that is engineering cisco meraki solutions oh okay he's a two-parter there's part one and part two and he's completed part one and moving on to part two but more importantly they passed the devnet associate that's that's a big one yeah that's nice yeah we talked through that in the uh happy hour last week that was really cool yeah now is that the i'm not even going to try to pronounce it or say the alphabet there but is that the cmna like 2.0 sure so the the cmna is a partner-related part but i think it's like partner only like partner and cisco employee only kind of thing and then the ecms is the customer side so um i forget what it used to be called um there was like a cisco there's the cmna which is the partner side and then there was the cmno which is the cisco meraki network operator okay cmna is just a course you attend for a day yeah i got you right right yep um mike t got another security plus win so congratulations mike t uh dj ninja nz which i can only imagine stands for new zealand uh accepted their first network focused role at an msp of course in new zealand so congratulations dj nice ninja awesome hard reset the screen name hard reset got their first it job offer so congratulations hard reset yeah nice got some new patreons the words about the patreon uh so welcome aboard josh jordan manny and i gotta say their last names because they're both got the same first name and the same last initial so welcome bill murray and bill maskey uh ethan and javier who joined moments ago just before we started recording so i had to slide that one there so wow welcome uh welcome thank you patreons yes thank you very much appreciate that we really appreciate your support andy can i get another goat scream i'll try there we go hey got him warmed up i want someone stop be quiet you're going yeah once you get my goat started aj oh boy what kind of podcast is this i don't know am i editing this one this is going to be yeah slice and dice this one yep okay very excited for our guests this evening uh they are a cisco press author and ccie 7472 everybody please welcome roddy to the show thank you so much for joining us yeah thanks for having me guys hey roddy really appreciate you taking the time to be with us this evening appreciate it thank you so rodney what do you do it's in my bio aj i'm a technical solutions architect at cisco systems been there for 13 years wow all right yeah so what what does the day-to-day look like of a tsa so i'm at the the worldwide level focused on dna center software defined access ice so uh tsa is generally tsa is an overlay to the sc community generally right so nse would have a direct customer relationship with tsa or technical solutions architect would be brought in for as an sme for a focus either uh enterprise network focus or away in focus or data center focus and then that's that's usually kind of at the area level and then at the worldwide level we're kind of hyper focused on technology so my focus is dna centered software defined access so i haven't had to really think too much about when beyond connecting it to sda or dna center or data center i haven't had to do much of that most most of the last three years has been spent just doing dna center and software client access so if an se is working with a potential client and then they need like an sd access guru they'll bring me in they'll bring me in to do a poc or to do a demo or to help them in their lab or to answer our to have architecture discussions that kind of stuff so it's pretty are you the pot guy like you'll you'll you'll build that stuff i will if it's on site i'll help the sc build it on site uh or on the customer side rather we don't have pock facilities at cisco but or i don't um and then you know we'll do demos anything kind of pre-sales uh our you know we kind of usually leave once the architecture and migration discussion is done i move on because we're kind of a small group within cisco so we don't scale that well yeah so did you get in on the ground floor of sd access i did i was uh i was a tsa an enterprise networks tsa uh in the federal space at cisco when dna center and sd access came out so my focus was included that kind of stuff so as soon as sda started you know the pre-release stuff and the demos and giving notes that's when i started learning it so yeah i've been around since day one speaking of you being like a tsa uh and you're talking about sd access what else have you done so i've been doing networking for con upon 30 years okay believe it or not so before uh you know before being a tsa i was an se so i covered everything for that i was uh i was in the federal space as a network engineer a network design engineer at a federal entity for a few years did again mostly land and land stuff sd-wan before it was called sd-wan um before that i was with sprint uh did a lot of mpls a lot of land stuff at sprint as well cisco stuff uh and then so now networking goes back almost 30 years but i also did microsoft stuff and can't wear stuff at the same time as solaris stuff oh solaris certified way back then as well and then before i i did everything i could how far are we going back then doing great yeah stories are concerned my i did everything i could to avoid getting a diet i was i i was really i got started i think i got my first computer in 84. and uh so i got started really early i was really good at it everybody called i was the kid that would help them fix their printer or whatever but i never wanted to do it as a living i just i just i did everything i could to avoid it so i went i majored in music in college i drove taxi for a couple years wait what instrument i played drunk you have to pick an instrument yeah drums piano drums was my main one and then i played piano and then there's a food back there which is uh i don't know if you can see it yeah yeah yeah do you have a kid at home i do yeah yep uh what do you have a gretch maple that i rarely ever play nice yeah is that gonna be the next episode yeah we're gonna have a jam session don't be too many drummers yeah yeah i started playing probably around the same time i got a computer at 12 and 13 years old so um so i did everything in the music what's that you wanted to go into music i did i did well i i didn't want to go into i.t and of course i was in bands in the 80s in high school and loved doing that kind of stuff and thought did you have big how your hair was breathing i had big robert smith the cure hair yes i did yes i'm just picturing that right now i i still got a good head of hair but it was pretty big and you know moose was the thing back then so i uh finished it with hairspray and my mom would get mad because i would use all our hairspray so i you know i tried i tried everything got into music uh drove taxi for a couple years sold cars sold insurance and mutual funds just did all kinds of crazy stuff oh wow you did have it you had a diverse background there i did yeah and uh got married fairly young and and had a kid and realized i actually needed to make some money and pay you know pay for things so here we go i'll start doing consulting so i started doing consulting i t consulting officially in 92 93 based on what skills uh so back then it was just pc so i was just learning ipx and spx back then and then uh eventually i um nt 351 and t4 and then into were you self-taught because you didn't go to school i was self-taught right no i was completely surprised you taught yourself i did yeah i had the ms-dos 3.2 manual and i just bred manuals i literally would read vendor manuals that's all we had because we didn't have uh yeah the first it book i bought was in 96 it was the unix system administrator's handbook so you could get an interview and a job based on like yeah i read the manual and i know how to answer your questions like is that how it used to be yeah i would just break stuff i i was just you know i just i i took a part of the computer that my parents spent so much money on and i broke it and then figured out how to fix it and that's really kind of how it came to be yeah yeah because you know i i i think back you know back in the 90s and whatnot like you know the internet was just booming at that time right and so you i'm not no late 90s it was yeah yeah what i'm getting at is that's impressive that you were able to you know teach yourself this because you know nowadays i mean we've got a plethora of things to learn from we have you know online video courses you can you can go to uh online uh you know regular college courses now um it's just insane like we've got all these manuals we've got all these uh you know official search guides all that stuff and you guys didn't have all that back in the day and and so that's very impressive i i i like hearing that yeah i still complain dan yeah i know right yeah we didn't have youtube we didn't have right either go to the library and use the dewey decimal system i absolutely use the dewey decimal system now andy for our listeners that don't know what that is can you please we'll put a link in the show notes don't do that how do you transition from i'm fixing the pcs to to networking so how does that happen i uh i started working at a computer store in uh 95 i think 94 right before windows 95 came out and i was building pcs and fixing and assembling pcs and then it was a service call this company wants to buy five pcs we need to figure out how to connect them together and back then it was pnc connectors and ipx so i learned netware on my own to do that and then nt came out and they i put ip and ipx on the same network with those cards and just kind of taught myself and figured it out at the shop and then kind of i liked the networking piece i i opened up i helped start one of the first commercial isps in canada okay um and through that i learned unix and ip i think i opened attack case in like 93 92 93 and the tac engineer taught me subnetting well that's how i learned subnetting this attack engineer taught me how to submit and then that was it i'm not i looked him up the other day because i can look him up in the director he's long gone but i i found the email man he you know here's here's what a network mask is and it's everything was still classical back then and here's why you can't use this cloth this mask with this ip address and is that a p1 or a p2 yeah yeah it's i still remember the case man it was a we're connecting a t1 frame relay t1 to a 2500 router to get this isp up and running in in canada that's pretty cool like did you print that email out because i'd like print that out and like you know yeah no i do have i do have the email somewhere i i looked it up a couple months ago because i wanted to look up this guy just to thank him right because that was it like i i did a lot of i.t stuff and i was good at computers and fixing computers and that was the guy that you would call but actual ip networking and networking in general was really because of this guy i mean i was doing unix stuff at the isb yeah did you find networking as easy as you found working with hardware i did i did i was um they say math music folks that are good at music are also good at math so i was always a good math guy and so that was that was the easy part and it was fun right yeah yeah i just found it enjoyable to do so i kept going yeah okay so when did you go for your first cisco sir uh that would have been 2 000. so i i got um i moved to from the canada the us i had had my mcse and i had my network certifications got to the us got my ccna in uh late 99 early 2000 now were you still uh doing the consulting gig during all this yeah i was with a company called paranet uh andy might remember them they were they were bought by sprint but they were one of the big consulting firms and i apologize that was before my time you did say decade yeah sorry sorry i'm just yeah i'm just kidding yeah and you you could you could tell me to pay on sand if it's too personal but why did you move from canada to the states was it for job opportunities job mostly job opportunities i was tired of the of the cold i was tired of the snow you know now it's the opposite now i'm tired of the heat i would give anything if it would snow right now because i could get a good night's sleep so uh so back then you know it was 98 the economy was booing down here especially in in dallas and the cost of living was really low and they were companies were throwing money left right center at you they were flying you wherever for your interview just for an interview they would fly you just to do a you know just to do it and they paid for the move and all that kind of stuff so i just decided to go for it and you know it's just a good change different different cultures different food down here um so i i was mainly with paranet i was doing uh cisco stuff solaris stuff and microsoft stuff and they wanted they really encouraged certifications back then sprint bought them and uh so i got my ccna i think in 90 i think it was early 2000 and then within six weeks i went ccna ccda ccnp ccdp so i did an exam a week for like oh wow seven or eight weeks poultry of those knocked out yeah it was oh my god i don't know how i do it wait a minute what what exams ccna ccda ccnp ccdp in five weeks getting grief did you did you have a wife at that point or i did i had a wife and a no no a life whole life it's the same thing daniel i would i would work i would come home and read the book whatever the book was for that exam yeah and i would just go and do the exam i i don't know how i did it to be honest were they 800-page books yeah yeah they were the big thick cisco guys yeah yeah i don't know how i honestly i mean i'm almost 50 right now and i don't know how i was able to do that back then how because i can't really read a page right now without falling asleep i'm the same way so uh so obviously you know then the kind of next step in the progression was the ccie and back then sprint i would pay for the lab okay um but you had to use your own time to study so i i went so much so i was like i think i was seven exams in for all those cisco exams and my eighth exam was the cci written so did you fail any of those seven not one i've i've i have never failed a cisco exam in my life it's hard to like you rowdy yeah yeah it's i i think it's honestly i think i'm just stubborn because i i think my my mindset is if i fail this i'm not going to do it again so i'll just go which is really a bad attitude especially for your listeners don't use that it's okay i i have an identic memory so i'm able to retain stuff really easily so uh what does iditic mean it's like a photographic memory but it's more associative than how how do we get one of those yeah it's you it's a curse it's a courage trust music because i can still tell aj how how bad i felt when he tried to get me to do the podcast a few months ago and then completely forgot about me because i still remember those feelings because i have an idea so it's a curse it's a blessing and a curse but do you remember everything that's ever happened to you i can recall pretty much everything yeah and it's i might need a reminder here and there but as soon as i get the reminder it just pops into my head what's her face from taxi remember that woman i forget her name the pretty woman from taxi one of the actresses i think whatever she remembers everything that's ever happened in her she's been on all these shows and like you can ask her anything she knows the day the date the weather like that's yeah that's awesome yeah yeah it's good for exams though it's it's good for exams and it's good it's good for work it really is good for because i can have a conversation with the customer and six months later they call me and say remember this and i'll be like oh yeah that's right and then i could talk so you don't have to take notes probably i can't take notes if i take notes i actually forget i is focused on figuring out how to use a pen so he's never going to forget about nat man i won't forget about that man or all the jokes you made about andy before he joined yeah yeah i'm used to it i'm a beating man right so um so ccie you were studying on your own sprint was going to pay for spam was going to pay for it so i went did the written pass that the first time and uh so so what was the written like because if you're to compare that to today because terrible today if you take the ccnp you're also taking the ccie written oh really yeah yeah then okay you know there was probably multiple exams to do the ccnp and then you still had to do the cca written and then you still had to do the ccie lab correct yeah so the the ccna was the one exam da was on exam np was four more and then the dp was one in addition to ccn yeah uh and as you got higher that this the the certs were newer right ccna had been around for a few years by then so the exams were pretty good and pretty solid but as you kind of further into up the chain of certifications those exams got a lot sloppier because not as many people were doing them or proofing them or giving feedback okay so yeah by the time you got to the ie so my number is 74 72 so there were six thousand by then right um right and for anybody else because number one was like one thousand twenty four not one right yeah right okay yep thanks yeah so um uh so by the time i got to that exam it's a hundred question multiple choice just like all the rest but it was very rough very sloppy i mean but by then i was used to it because i had done the dp was pretty rough as well um and then uh got the got the cci written out of the way and i i kind of made a and for those that are going to go for the ccie i know it's different now than it was when i did it back then but i kind of i wouldn't let myself lab used lab equipment until i passed the written exam because the written exams you know the the np the dp were all theory you were you could learn on equipment and you can type router ospf 16 and configure an ospf network but that's not going to help you in a multiple choice question it's just it's just not you need to know the timers you need to know the defaults you need to know this command versus this command as written but not as on the router but especially and i think what i've seen happen with people i've mentored in the past is they'll learn how to do it on the device and think they're going to ace the exam but the exam is wrong because they you know the old the old saying is that there's the right answer the wrong answer and then the cisco answer so the the cisco answer on the exam is doesn't necessarily have to be the one that matches what you did on your router or your switch it's the one that you read in the book the books are written for a reason the blueprints are written for a reason so i kind of banned myself from touching network gear unwork related until i got the cci written out of the way and then once that was out of the way i went on ebay and bought one router at a time and built my own lab at home and spent six months used all my vacation time in that six months and passed the exam on may 23 2001. wow on your first shot my first shot it was a two-day exam so today and it had ip ipx apple talk netbui uh dlsw atm lane it had all the non-ip protocols one day was a ip the other day was the non-ip protocol so uh it was a two-day exam you you you didn't find out if you made it to the second day until the next morning so you do your first else stress that's brutal am i allowed to cuss on this podcast lots of fun so i uh i i went you know you i did the first day and you sit down you do the exam and it's you know you're stressed everybody's talking about ccie is so difficult you're never going to pass the first time and you know there's me like i'm not going to do this again if i don't pass so i'm just going to pass so um i did got through the first date stressed out and and you know you go back to the hotel i did it in san jose uh i woke up at uh three in the morning and in my head was shit i forgot to send communities like that was just and for those listening it's the send communities is the bgp command you need to actually pass the communities on to to the neighbors so i i woke up remembering that i forgot to type send communities because i had practiced every scenario to leading up to the exam and i knew what to type and so you get into the lab the next day to the lab room the next day and if there's a booklet on your desk you sit and you start day two and if there's not you wait for the proctor to call you up so they can review what goes wrong because everything was done in person back then right and the the lab equipment you had a rack beside your your your table and you had to cable it cabling uh gave you points the way you cabled your equipment because they would you know for troubleshooting they would bend the pins so you had to straighten the pins out to figure things out wow uh so you got points for the way you cabled your network you got points for a network diagram you had a big sheet of construction paper on your desk that you had to color in with pencils to do your routing protocols and your as numbers and where you're redistributing mark where your restriction points were was it was a grind was that the first version of uh vizio right there yeah the uh 64-pack is that what they got caveman vizio man five pencil crayons and a sheet of construction paper nice so pardon my ignorance here roddy but was were there concentrations for the ccie back then or was it just route switch that there was one ie there were three there was a cci blue which was based on the mainframe dlsw ibm okay right you're saying trigger words for me right now which one i bet ibm or lsw yeah i that was i was but when i was working in federal dlsw was my thing so okay um i know who did it cci blew there was ccie um i think there was a security one no there wasn't a security one there was a wan uh sp one so cci sp cci blue and cci route switch i think those were the three and then later came the voice and the security gotcha yeah and the sp one was all mpls and uh it was all stratacom atm stuff and did you say that was in uh 2001 right 2001 i got my cc i just hit my 20 year anniversary just a couple of months ago nice congratulations congrats on that thank you did you get your plaque and all that stuff uh long story no not yet i'm still working on it okay i have my my original plaque i have my 10-year plaque but they haven't sent me my 20-year plan i got you i got you yeah so before the ie you mentioned doing uh the ccnp or the ccdp did you just want to get into design or was it just something to do it was just something to do you you back then you only needed the ccna to be able to write the ccie written but it had been told i talked to a couple of cci's that were at sprint at the time and they said get get all of the certifications on your way up even if you think you're not going to use it or it's not something you want to do it's the dp was one extra exam on top of the np or two extra exams because yeah just a week right just yeah no big deal yeah yeah that's true yeah yeah maybe i'm over simplifying it but um because back then it was yes you are yeah it was just product knowledge right it was it was you know 1600 router what what model this router has this kind of interface it's that kind of stuff okay um at the time though i was in pre-sales with sprint paranet they were called back then and so that that stuff helped so you know it did help me get into i didn't really have a an idea of what exactly i wanted to do in networking we just did you know i was a consulting engineer back then so that's what we did i sold network stuff and i implemented network stuff and everything counted right gotcha so you're saying while you were at sprint you were actually consulting doing that okay gotcha yeah i was like it's the thing i can't remember my exact title but yeah my title at sprint i was a consultant a network consultant network engineering consultant yeah i didn't actually work for sprint proper running their network i was a pre-sales consultant yeah okay gotcha so it sounds like because we're we're in 2001 right now right that that's where we're at and on this timeline uh and so you you were in consulting from 92 93-ish all the way up to 2001 pretty much okay it's a interesting i don't think we've heard that yet uh someone starting their first gig as consulting so so is that the same as a contractor a consultant uh yeah in a way i wasn't we didn't we weren't a body shop so it wasn't like you would get somebody in for six months just to be a network engineer it was more pre-sale stuff i did a lot of pre-sales during that time yeah um which you know it's good and bad i guess i mean that's what i'm doing again now so it kind of came came around for us for so full circle yeah yeah so like sc is a pre-sales position or not it is sc is apprecia at cisco as he is a pre-sales position yeah yeah right so you kind of went from did you go from consulting to essie like like formally uh no so i went from consulting um and i got onto a project at a federal entity and i got home from the project and the guy guy there he just actually recently passed away he called me up and said hey we really like the work you did here do you want to come be our lead network design engineer oh okay so that was it so i went there uh i was there for six years and then uh so i just you were ccie by then obviously by then yeah okay yeah and uh so i said yeah the csi story ended so i passed past pass got it got the number and went back to doing whatever i was doing and uh i ended up as a network design engineer network yeah network design engineer i think was my formal title for this federal entity for six years did the ccie change your life did you get better jobs more money yeah back then yeah yeah okay back then absolutely i mean you know sprint had the deal if if i passed they would pay for everything and then if i passed i would get this bonus or this pay increase uh at the time when jobs would when consulting um gigs would come up customers were asking for ccids so it opened up a lot of consulting jobs within sprint or on behalf of sprint uh while it was there right so there were you know cci needed for to do this that i qualified for that once i got my cca yeah it was almost immediate it was like the day after i got back i started getting hey do you want to go do this gig somewhere else or do you want to go to this game so yeah it absolutely yeah yeah it was worthwhile and you did it in less than a year right i did it in six months yeah so why do you only have one that's so easy that's a good question yeah i only like ip i don't like ipv6 no i you know i i was never a security guy i was never a real voice the voice focus person i probably could have done the service provider one because i did do a lot of mpls while i was at sprint yeah and the blue one may have been handy but the blue one had retired i think by about 2004 2005 yeah so so how long were you there at sprint then because we we were at 2001 that's when you passed your ie uh so how long were you you you still had sprint four then i was at sprint for three years from 90 about three in a bit 98 to 2001. okay so after you get your ie yeah 98 to 2002 sorry 2000 funny story so the other agreement was but they would they would move me down from canada and they would sponsor me for all the stuff and i had to stay a year after my ccie and a year after the sponsorship was done well they decided to get out of the consulting business and uh they were gonna start laying folks off that were in my division and but i wasn't gonna be one of them so i went to my so this this customer called me and said hey we want you over here this was in 2002 we want you at this federal entity you love the job you did uh what do you say so i called my boss at sprint and say hey can you let me off that a funny story i don't think we've heard that either what are you talking about i said yeah i got a lot of stories he said what are you talking about i said i said you know save you having to lay off so-and-so i've got a job lined up they're going to close the division eventually anyway i got to find something else within sprint or find something else it's done so it did i got my severance i got all my stuff covered and bounced to the next job a week later so that was 22. i was at the federal entity for six years after that for six years yeah yeah and were you did you say your title was some sort of a like a design network design engineer okay but i did some operations as well implementations but overall i was responsible for uh i can't i can't tell you who it is but it is a very large important national network and it covers all areas of the u.s and so i i was kind of at the top of the food chain at that point so i could i was in charge of network the land designs the land designs connecting all the sites together making sure everything talked to the mainframes with dlsw so that's where my dlsw stuff came in um and then eventually internet connectivity and borders and that kind of stuff did did they let you see the aliens no because remember i am canadian so i was technically an alien he was a walking one yeah it's it's not a secret place but it's just not one that i talk about because yeah yeah um so so in your six years there did you did you gain a lot of experience in that six years or like so so what i'm what i'm getting to is did you ever feel like you were starting to there's a there's a term going around our discord um thanks to uh river and discord uh rust out right like do you do you feel like you you were not um not being challenged at this job or did did you do a lot of growing in this job what i did a lot of growing probably for the first four years first four years until i got the network to a point where it was modern and stable so we converted from x 25 links to frame relay that was project one right so that was like get get through that kind of stuff and then get rid of we started taking out mainframes and places and replacing them with servers right and then um virtualization virtualization started to come in so we had to get rid of now we get rid of the solaris servers and bring in linux servers so that they can run virtualization and then the windows stuff starts coming in so getting that stuff connected to the network getting you know ips to move between data centers this is all new right so once i think once i got to that point i think i kind of peaked from a technical perspective at least for what not that i knew everything but for what my employer needed i got it done i got it all done and my last thing was getting the win stuff off of frame relay because i put the frame relay in initially and then a few years later we're yanking out the frame really and putting mpls circuits and getting jerry and ipsec tunnels working over that using internet as a backup getting everything connected virtually over top but using overlays can you uh when that was the best yeah yeah can you also hit on so you you said something that that uh i don't know if you want to say triggered me or not but so i've been at my job for about nine years or nine years uh like last month um and you said that you got the network to where you were wanting it right and you said in about four years like how does that feel because i haven't got mine to where i want it yet so it's like did you did you get over that mountain you were just like finally it it's the way i wanted it designed yeah it's it's a good feeling i mean it i've been fortunate i'll tell this to anybody that i've been really lucky i've had some really solid managers that trusted me and that knew what i was good at and knew that if i wasn't good at something i would say i wasn't good at it or i wouldn't pretend there'd be something like something i don't want to do in this industry is tell people you know something that you don't know because it shows so my managers i've been really lucky with managers throughout my career honestly like from day one and he trusted me and he he would come to me and say this customer wants this or you know cut our internal customers this application has this requirement can we figure out how to get this done i would say this is how it's done they would come back and say well i met so-and-so on an airplane and he said not to do this and i would say don't listen to that crap my boss my boss would go back to them and say no we're not going to do it that way so i didn't get a lot of pushback not that i was always right because i'm you know i was still growing and still learning but um i was i was given a lot of flexibility to do things the right way because i kind of had a methodology i knew i knew the concepts between behind aha and availability and redundancy and all that kind of stuff i wasn't i was very methodical in my approach with configuring a network or designing a network so i was given a lot of freedom flexibility not everybody has that i can appreciate that so it can be tough but but yeah i felt it felt good it uh it freed me up to once i was done it freed me up for some of the silly things that customers would ask for and that's kind of where it started wearing thin a little bit it's like you know what maybe i need to get back into consulting but you know working the difference between for me at least because i started off consulting and then i went into an actual network position where i owned the network i got an appreciation for outages what those cost in terms of money and reputation right i got an appreciation for being on call all the time i got an appreciation for what that takes and um being careful when you're configuring something and planning something properly before you can figure it so you don't cause an outage and then and this is something that help me on my ccie checking your work after you do it no matter how good you are and how smart and how many times you've done it everybody makes mistakes and if you know those verification commands or you know what to test and what to look for when you're done you're going to save yourself so much time down the road you know especially if you don't answer your phone and somebody else has to troubleshoot it right so we've been there solid advice there yeah very very so you left there you climbed that mountain you left there and you went to cisco yeah my ultimate goal once i started getting my ccna and stuff was to work at cisco it was just i just that was just where i wanted to be and be honestly it was that tack engineer that inspired me man i just like all right you know what i want to work there and uh so 2008 so 15 years later 15 years after i had that that encounter the the interaction with the tac engineer i was at cisco 2008 i joined cisco and i've been here ever since nice what was that first cisco uh yes it was hard only because they have a pretty involved interview process right um my first job was uh as a network consulting engineer uh covering um large financial accounts at cisco and that's kind that was post sales so i did post sales for uh for five years at cisco and um still consulting but post sales consulting so i would help them when they would add to their network but but i was still kind of having the same discussions the architecture discussions and design discussions that i was having when i was doing pre-sales the only difference was i didn't have a number and uh i would also be the one that they would call if something went wrong so this might be a dumb question i call tack when something goes wrong so what what is post sales exactly how do you differ from support so if if you have uh if you're a large customer and you've got a global network that needs so so tac is great but tac doesn't necessarily know your network and the time it takes to open a case tell them your problem figure out the solution the problem they don't have time to remember or to learn your network so advanced services exists for customers that want to um buy a block of hours well you're a dedicated architect to certain clients right yeah yeah yeah you're dedicated certain clients so you have familiarity with their staff with their processes i almost said processes for the canadian people uh their staff their processes their their network um you're engaged with them throughout your contract not your your contract but their contract with cisco you can be a dedicated resource you can cover three or four accounts it's kind of like an se right ses would generally know their accounts so nces are that they as they recall back then i don't know what they're called something else now but network consulting engineers knew their accounts um and so they would still call tac right so they called me and said hey we're having this issue i would say open attack case i'll have a look at it in the morning but if they needed help moving the case along or getting bug scrubs done or researching code or tac tells them to do something they would run it by me that's the kind of stuff we we weren't tack and we were very careful with position ourselves not being tapped because i don't have a lab but where i can test every scenario that we attacked us so um so if you pay enough you get one of you yes that's it yeah okay that's exactly you get one of me or five of me or yeah yeah yeah in in my work as a partner uh doing deployments and stuff i've worked with advanced services and talk about sharp yeah yeah it's it's uh i i didn't i had fun because i was doing pure networking but i what i found when i was in advanced services i did learn but i didn't i only learned what my customer i had no opportunity to learn what i didn't know that cisco made servers until i got out of advanced services because my customer didn't use ucs yeah i knew what they bought and because i would only see it when it would show up and i'd have to go help them install it or put it in but it was the ses and the tsas that were ahead of the game and that knew what the cisco products i didn't learn about i didn't know a product or an os until i actually the customer needed it i didn't have time to go learn i didn't get to go see the announcements and all that kind of stuff so and that way i kind of i i feel like i lost a couple years i mean i it wasn't a waste i did get better at networking you know and i got really really good at nexus 7000 and catalyst 6500 but i didn't know some of the other stuff that cisco was doing so you said when you were just starting out into networking that you wanted to work at cisco did you have an ultimate goal of what you wanted your role to be or you just wanted to get in the door and see what happened i just wanted to get in the door and see what happened i would i was i would have gone to tac i would have gone to as i would have gone to bnsc i would have gone today okay i just wanted to be at cisco yeah so how did you pick your position like was it the first that came up or you're like well i've been a consultant before i'll do that for cisco yeah it was the first time so first it came up they offered me a job and i took it yeah is the culture as good as i hear yeah it is that and that's to answer tim's question i know aj had a question it was an important question i don't want to forget it but um everything you've heard about cisco i mean of course it depends on your manager and your team but it's a really good place to work i mean they don't have the startup mentality that a lot of startups still have and a lot of companies still have like we don't you don't get the free sodas in the in the break rooms anymore um but they they they are very good at empowering their employees and trusting their employees we don't you know one of the things that drove me nuts about being in federal and for when i worked at the federal entity was our laptops were so locked down to a point of being almost useless so we had to so you know this story so you know i i can't tell you where i work but you're preaching to the question yes there was it actually got as bad as we had to carry two laptops i could have a laptop that i could access my network devices with and i could have a laptop that i could do my emails with right and it was very so so you know what i'm talking about right so at cisco one of the first first things uh i get is i get this packet with my laptop and a cover sheet saying okay it's got windows or whatever we were up to back then xp or something on it uh if you want to install your own as or os you're on your own but go for it here's how you access the network you actually have admin privileges on your work laptop i still do are still even in 2021 i do i mean we have oh they'll they'll make sure my screen saver is set to 10 minutes and that i have a password that changes every six months but at the federal place we had to change our stupid password every month and we didn't have single sign-on so i was changing 20 passwords every month and they had different password requirements i've trashed my old employer they had to prescribe different password requirements and and then they would lock the laptop down and log you know you can't install secure crt because we don't have this and it's like i have a license no you can't install you don't have admin right so i have to open a ticket to get them to install piece of software for me that i need to do my job right and it was just so fri you know i we can laugh about it and complain about it but it actually was stressful because i would those laptops were so bad they would take like 10 minutes to boot up right and i'm sitting there my pager's going off and there's an outage in in philadelphia some guy named andy did something wrong i'm waiting for my laptop to boot up and it because it's sitting there doing the decrypt process that some goofball engineer had put on there right so anyways they're very empowering they're very trusting so even today we we get control over you but you know it always of course depends on your manager but um it's a fun place to work um there's the cool part and this is why i don't know that i'll ever leave is there's always someone smarter than you and that's the way you learn right like and and honestly to to a person at cisco i've never once gone to somebody for help and had them say i'm too busy i can't help you go ask somebody else and i've been here for 13 years i've never once come across that mentality every tsa or sc or as you know nce or am is always willing to help you on your customer whether they get paid on it or not right i could go to attack guy and not have to open the tac case to get a question answered i could go they don't sit there and say oh open attack case and i'll answer your question just hit them up on our chat program and they'll answer it right so uh yeah it's a great it's a great place to work honestly i mean you know like i said they don't pay startup money it's a big company we have 60 000 employees but um i like it here i do like it it's awesome yeah aj yeah i know you guys had a question do you have a question yeah yeah i i was just gonna you know kind of prompt you how how did you get from that post sales into pre-sales so would that be the systems engineer job that was my sc job yeah so funny this is another funny story um so i was an nce for five years covering a large financial account and the se that covered um the place i used to work the federal entity was moving to another account so my boss my ex-boss at this federal entity asked cisco can we move roddy over to brse but nobody asked roddy if that's what he wanted nobody asked right so they had this conversation this is that's a good point to him so they had this conversation i had no idea i hadn't talked to any of these folks for five years and i get a call from the account manager and and he says uh hey um i was just talking to so-and-so at the customer and i was like oh how's he doing he's like he's good but uh their se is leaving and they want you to beat their sed so full circle again i end up moving from advanced services to the sales organization in federal to cover to be the se for my old employer so i built i i had built that network so i knew the network yeah i knew the funkiness that government places the federal institutions do i knew the processes i knew the politics i knew the staff i knew all the people there so i didn't that was a cool again i've been so lucky i didn't have to learn that stuff as well as learn how to be an se i got you right i got to learn how to bnsc in an environment that i was 100 familiar with that's right i did i didn't have to introduce myself to anybody i didn't have to go and say oh here's how i do things they knew how i did things they knew how to talk to me they knew what to expect basically yeah yeah so it's a good again very very very lucky i mean i i don't you know i don't i i've been really lucky in my career for those kinds of opportunities so i was there for i was yeah on that account for uh three years and then what does an sc do what does an se do so i'm not trying to be no that's a good question it's it seems like a really great gig we've talked to a couple seos and i've never talked to a cisco sc but you know you're a very technical guy you built the network what does that sc role look like for you like what do you have to learn and do differently that you were doing in your engineering job yeah it's it's a different um it's a different so cisco now calls their ses they call them essays and i have to correct myself sometimes so now it's system architects instead of systems engineer so um an sc is the so there's an account team at cisco is made up of an account manager and an essay so the account manager does the numbers sales type stuff and the sa does the technical sales type stuff so the sa is responsible for recommending a platform to fit a requirement or recommending a solution to fit a requirement learning the customer network learning how what they need anticipating what they might need in the future oh you know you've got a bunch of these routers that are going to be end of sale in a year let's start planning to migrate away here's the new platform sa will go on and do uh tech talks to tell them about new platforms and new software features it's a hard it's i would say that the se position or sa position at cisco is a harder position and that's mostly because you are responsible for all things cisco i was going to ask you do you only have a narrow set of products you have to know at all no an sa is a generalist so you have to know router switches data center enterprise security collaboration storage servers what else do we do whatever a cloud stuff all the stuff that we do an essay has i mean you can't you you can you can't know everything about everything unfortunately but that's but what makes it hard is you have to know at least a little bit about everything so so you can at least have the first conversation and then know who to call to bring in so then you would bring in a tsa right so a lot of sas have a collab background so their focus is collapsed with a really strong collab but they're not so strong on routing and switching so they'll bring it csa and sooner than a regular sa would right but that's what makes the job hard is you have to keep on top of all of those solutions and technologies and know what cisco is bringing out because you're responsible for making sure those solutions get in front of customers right how did you personally gauge how deep you had to go in any given discipline um i don't know that i thought about it too much tim i i at my core i was a route switch guy so um that was the the no brainer for me um i mean so when when we would come out with the nexus stuff i would learn a little i wasn't a data you mean when i was working at the federal entity we didn't have nexus right so cat6 6500 was the switch of the data center and the switch the campus didn't there was no distinction between data center technology so when i became by the time i became an sa there were the data center was its own world and had its own product line so i guess i wanted to just using data center's example i wanted to get as good a data center as i was at campus and branch technologies okay but i didn't want to get into being really good at firewalls and really good at telepresence or really good at storage it was just i didn't have an interest that was the truth yeah i do want to say i appreciate your pun you said that at your core you're a route switch guy very good i appreciate it i that was intentional yeah it's absolutely not intentional thank you tim for pointing out my client so we spent a lot of time on your story and how you got to where you were which is amazing just before we run out of time i have no idea what sd access or dna center are oh so i don't know when we want to pivot to that but if you could just do like a high level because they're your areas right they are yeah that's the book you wrote and so can you teach a dummy like what is this stuff really quick and like yeah yeah right before you get into that though but why why is d-axis because there's a certain book you know like how did you get into that you know uh see i didn't for some reason i thought we just finished the intro is this the whole podcast because it goes by myself i've caught myself like i'm your brother you're talking way too much about yourself but i guess well you're an interesting cat who's done a lot of definitely i'm i'm i'm really learning a lot from this so like that's i you know now we're at the part for me we're like well what is an expert ad i just i thought i was just supposed to introduce myself i didn't realize that the podcast would actually be my story which is kind of cool i just uh okay so uh yeah uh so dan wants to know why i got into sda or why a customer should get into st so you there's a book out there there is a book out there i'm trying to get to you i wrote a book yeah all right well yeah so so okay so andy i'll come back to your question after i talk about my book that i really don't publicize a whole lot i don't know why i'm just not comfortable doing it but um uh i guess so let me fast forward a little bit so i was an essay for three years and then i was a tsa still in federal covering just enterprise technology so land and land and then i had this opportunity to come up about three and a half years ago focused on dna center and sga so about a year and a half two years ago a friend of mine had written a couple books for cisco press we were just kind of talking back and forth and i said you know one of my kind of bucket list items was to write a cisco press book because that's that's what i got started reading when i started doing my certifications so um and he said yeah you know said one i i talked to the to the the publishing house once in a while if there's a topic that comes up that i think you'll be good at we'll do it so a couple months later it gives me a call he said they want an sda book are you in i said sure let's do it um yeah did you have a writing background no uh i mean are we counting blogs and trolling people on twitter i could write a book on trolling people on twitter uh no i i had uh i'd i'd never written anything beyond i mean i've written white papers and written kind of architecture documents and kind of stuff like that but i've never written anything like a book and uh i i do want to talk about the book experience a little bit because it's yeah people a lot of people ask me and uh uh so so he said yeah let's write a book on sda so i was like okay it's been on my list i always wanted to have my name on a cisco press book because i knew a lot of authors and they were always really sharp and always helpful i want to be one of those people so i'll never do it again i it is it is a different experience and i can write i can write an email i can write to y'all i can go back and forth with aj i could write a blog post about food and networking and talk about it but i'm going to write the way i speak when you're writing a book first of all you you have deadlines right i'm writing a blog post i have like 15 posts and drafts right now right so that have been there for like two and a half years i don't have deadlines right so i mean i have posts on like ipv6 so like i just i'll never get to them right because ipv6 is never going to be a thing so um i i i uh you could edit that one out too oh no we're leaving every bit so you get this this you know here's your milestones right you want to get one fifth of the way through by this day one two fifths three fifths etc and you know again i've kind of got in my head what i want to talk about but i sat down to do this damn book and i started writing it like a lab guide and i thought this isn't going to fill a book this is like 15 pages at best right and so i called the the my buddy who co-authored it jason goolie and and i said and i i'm writing this and it just doesn't feel right i'm writing a lab guide and i know we don't want a lab date so he kind of gave me some ideas because he had written a couple books before and i started doing it but i just kept running out of words and it you you hear authors technical and non-technical talk about sitting in front of a blank word document not knowing what to type i was like that every damn day i mean i know my shit i know sda at this point i know how to talk about sda i know how to sell sda i know how to help people with sda how do i how do you write about it in a book so i started and it went into you know here's the history of automation i think okay i'll start historical and maybe that'll kind of give me some ideas and so i did a little bit of that and talked about ansible and all that kind of stuff so i sent some drafts to the uh publisher and they it was marked to hell so you can't use uh you you can't use we you can't use my you can't yeah it has to be uh in person how many how many cuss words did they have to cut out too yeah just curious the impersonal you know way of writing is intentional it is yeah it it is like so you know again i i would if i write on my blog post right now i would say you know next thing you're going to do is do this and then we're going to see what happens right you can't write something like that in an official book be more engaging and that's not well you think i don't i don't know why right i don't i don't get i but it's that's the rule and it's just i'm not saying people shouldn't do it but there are some fantastics to suppress authors authors out there and i've learned a lot from those books i'm just beating up on the ocg just because it's in fashion yeah but but uh i it just wasn't for me like i couldn't i can write in my natural language in the way i speak okay and because and maybe it's just maybe i'm weird right because but because of the way my brain works communicating that stuff has to be communicated in my style i'm sitting there and you tell me to write this but write it in this way i really struggled and it took me i missed deadline after that i felt so bad for jason and he was getting crap from the publisher because i was missing deadlines and we got it done we got done i had two co-authors and um we got the book done and it's been out i think since august so it's been out for almost a year um aj's got uh a couple of copies there i believe i do he's gonna probably steal one and do something with the others so the book is about software cisco software to find access and so answer to get to your question andy oh you want to hold it up there yeah there it is i say listeners do people actually get to watch these videos oh yeah yeah yeah you'll see it yeah absolutely shit oh what you did your hair you look great what's wrong i know it looks good that's pretty good but you're blue for some reason mr smurfy how does it feel to hold that book like when it's done and you suffered through it and like now you're on a cisco press book i mean that's got to be a high water mark right like yeah i'll never do it again right but i would say it felt good no no that's a good question it really is that's a great question i i i've had people ask me this it feels great i have my name on cisco pressbook you can i have an author page on amazon right if you google my name now with software defined access or cisco now you're getting hits from my book not shitty blog posts that i wrote in 2006. or tweets where i'm trolling ipv6 people you're actually getting a legitimate author page on google and that author page on on amazon so that's pretty cool that is really cool yeah it was i think i i was i think i was so anxious to get it done because i was so it took a lot out of me just it was so stressful because of the whole language thing and being able to talk i don't know that i enjoyed it as much as i should have i wish i had i wish i had it because yeah it's a big deal it is a big deal and it kind of opens up things people can introduce me as author i don't consider myself an author i wrote some pages for a book but um but yeah it is you know i can sit there and say look i you know i probably read my first cisco press book in 98 99 and you know here we are 23 years later and and uh and i have my name on one now so yeah i'd have them all over my house i'd be giving away to people like look what i did that's what i did yeah yeah yeah that's what i've been doing and it came out kind of during the pandemic so i wasn't able to we didn't have a book signing at cisco live that was called off right yeah we were supposed to have a book signing at cisco live us and the cisco live europe but those got called off because well well next year we can do that so 2022 in vegas i'll be able to get your book signed by you is that what you're doing if they if they're gonna do one yeah regardless whether or not there's a book signing andy i'll i'll i'll go and i'll sign you both for it awesome yeah so andy can finally figure out what sd access just have a is breakout session yeah there you go meet the engineer yeah so you talked about timelines were you getting to write this as part of your tsa job or was this all on your own time it's all my own time oh wow oh wow yeah is it just pride like saying that you got to be on a book or like the cisco say hey we're going to give you a bonus because you're on a blog there's there's ten percent of sales sounds like a separate product you get it's a separate it's a yeah it's it's writing for cisco press has nothing to do with okay working at cisco i don't know if you and the publisher and you know the publisher yeah yeah my my boss knows because i told him that i was writing it other than that there's absolutely no tie-in i get paid from the publisher okay you know again you don't i didn't do it for the money don't yeah yeah right you don't right there's writing books to make money just don't do it because you don't make anything out of it but i did it i i mean i did it because i love the technology right i didn't do it it was it wasn't an ego thing it was there was some pride there i did want to have my name on a cool cisco press book but that was just more because it's cool not because i want my name out there i i plan on a different career man i'm 50 years old i'm at where i'm at and i'm happy where i'm at but isn't it interesting how difficult it is to put into words or like to take the technical stuff that you know how to do and how it works like i remember when we were starting out and then we played around with some youtube stuff and like like it's it's so difficult like i know how to do this i do it for a living i do it every day but then to try to explain it and put it into words and and have it make sense and bring somebody along it sounds really really difficult it's tough and i could do it socially i could do it talking to you interactively no problem i can give a cisco live presentation and talk about sd access right i've done lots of those those are great putting it in a form is a different thing putting it in a form especially in something where a certain amount of content or words are expected right that's pressure too it is and not every technology is conducive to a book and i'll say that about sda right it's matured and changed the gui has changed drastically since we did the book and the book's only a year old so um yeah it's it's tough and and i i uh i was like i said i'm proud proud that i got my name on it proud that i got it done i'm glad i got it done i don't regret it one single bit but one of the draft blog posts in my on my blog is why i wrote a book and why i'll never do it again i want to read that post spoiler alert just listen to this episode are you a patreon member andy you should join the patreon nice so so roddy let's answer uh andy's andy's question now what at a high level what is sd access so uh i'm going to try not to be salesy on purpose because again i i'm really kind of if you want i'm really not salesy so uh sd software defined access is see i i modify my language so we're supposed to say cisco software to find access whenever right we're not allowed to say sda or just sds so cisco software defined access andrew is is uh it's an overlay it's a fabric technology for the campus and branch and what it a lot so if you're familiar with aci it's kind of like aci but for the fabric for the campus and branch where you have users and iot devices versus servers and applications can i ask you an embarrassing question yeah we're in the trust tree right it depends on who's editing this episode what the hell's the fabric okay yeah i don't like that word i shouldn't have used it i don't either yeah people keep explaining it to me and i think it's a bunch of damn switches tied together somehow but i don't get it it's it's virtu it's a it's a i don't know who can explain it better than me so well the way i look at it is it's a bunch of virtual types if you want but i just yeah i don't know when you as soon as you said fabric i'm like i still don't know yeah do you have to use like which brand of fab fabric softener do you have to use you know like make it act right and all that yeah so uh now is it abstraction is that what the fabric is i would call it an abstraction you're basically you're glomming a whole bunch of network devices together to perform one function to look cohesive so that you can plug anything into that glom of network devices and then have it behaviors instead of all these disparate pieces yeah instead of necessarily having logic yeah it's logical right exactly right so if they don't have to be directly connected together right your fabric could ride over a whole bunch of infrastructure but so technically your mpls network is a fabric right your vpn from site a to site b is a fabric um fed ramp is it's an overlay right it's an overlay um would those would those be considered threads oh you're getting deep at this i'm sorry i didn't mean to pull you off and and distract you so okay so i think i got fabric at my core i'm a distribution guy that's how you do a pun dan that too man you just you said it would get weird so software defined access is an overlay technology i i prefer that word thanks aj and um so what is it i'll get into the features in a minute but what it allows you to do is basically set up this overlay between your floors buildings sites department camp departments okay the departments are more of a logical but yeah absolutely and where anything that or wherever you plug in your your um your laptop or your iot device it it it's kind of a better way to say this it doesn't matter which port if you can connect to any any port on this fabric switch will behave on a specific port vlan right you don't have to statically assign the vlan or make sure that that vlan has access to this default gateway because this is where the router is with this layer three right everything's kind of overlaid on top so it's software you know software defined and that's where we get into the dna center part in a minute but it's an overlay technology using vxlan and lisp to accomplish this right so you have a bunch of layer three capable switches that are set up as a routed access right that's your underlay okay and if you remember the way cisco used to recommend to do networks probably 18 years ago is we wanted layer 3 on every switch and every switch is the default gateway so in an sdf access fabric that's how you configure your underlay because the underlays role is to forward layer 3 packets as quickly as possible wherever they need to go okay those packets are the sda overlay packets okay so when you send a ping to dan regardless of where dan's laptop is plugged in that packet's going to get encapsulated by your access switch and it will be sent directly to the loopback address of the switch that dan is connected to right so it's not going to go through the network natively it's not going to have the same dan's destination ip address all the way through the network if the destination ip address as soon as that packet leaves your switch is going to be the the loopback address of the switch that dan is connected to and then after like a vxlan tunnel the excellent talent it's exactly the excellent so it uses lisp as the control plane to find out where dan lives right so it'll say okay this packet's going to 10 1 or sorry uh f e a b colon a one four seven colon oh wait a minute we're not using that technology so it's gonna go to ten one one one and it'll do a list look up to say hey where is ten 1011 this will the control plane will say it's on this switch here's the loopback address of this switch the switch will then encapsulate it in vxlan and send it directly to that switch so the beauty is there can be anything in between those switches okay it's layer three all the way through the network so you can use ecmp to load balance between your links so you're no longer there's no spanning tree right so that's when i want to be the sales guy that started with when i want to be the sales guy i find the oldest person in the room and tell them that they're going to get rid of andy you're going to get rid of spanish you're never going to have to worry about a spanning tree loop or root bridges or priorities or any of that stuff ever again because i love it every switch is layer 3 connected to every other switch every link is a point to point slash 30 or 31 depending on how weird you are and then um i'm going to troll the balance statement i'm going to troll the slash 31 people next so yeah hey listen it should be slash 31 it's a point to point there's no reason to waste time oh my gosh here we go look at them my my serenity now my opinion of you just went a little bit lower why do you need a broadcast address or a gateway and a point-to-point because that's what the guy that invented ip said to do andy but he was wrong and you know what why send a broadcast across the point of view when we standardize on ipv andy you can do whatever you want with whatever technology you want right now i'm changing the phrase it's now get off andy's overlay yeah listen if a slash 31 didn't work he should have wrote the protocol so the slash 31 wouldn't all right well we we found out who the weirdo of our group is so anyways i thought the point point connections though honestly like the ant-man thing was bad but man nothing matches i mean but it's not 31 so um so anyway so talking about oh so you get rid of spanish tree that's that's what i see i find the oldest guy in the room named andy and i tell them hey you get to get rid of spanning tree because everything is layer three we're going to use ecmp to load balance across these layer 3 links so we're going to use your links efficiently you can even if you're really weird have non-cisco devices in between if you your mandate because you work at a federal agency says you have to have other devices and you want to put a juniper router in between your two fabric switches you can do that so the juniper router can route layer three pack it's between the two it's but it's good did did that hurt to say that yeah it looked a little painful i was just wondering i almost used the f-word before i said it so it's not a magical feature in a cisco um image it's standards-based just it's just okay yeah it's whatever it is yeah it's based on you just have to be able to route on your switch and you're good yeah you uh well so the the non-cisco switch doesn't even know that it's sda right it's just routing a layer three packet from point to point he doesn't care he's not part of that conversation he doesn't know about vxlander list so where's that magic happening on the edge to endpoint these two endpoint switches right that the access have to be cisco right yes that's the members of your fabric you're going to have a border which is how traffic gets in and out of the fabric a control plane which is like the dns server for this stuff and an edge switch which is your access switch so all of those functions have to be cisco catalyst 9 300 9 500 94.93 does it have to be the the the 9000 series because i know like in aci you have to have the nexus 9 like the 9300 and whatnot so yeah so it's cisc for uh the catalyst 9000 series all of them and the catalyst 3850 and the catalyst 3560 all support sda the isr 4ks support the border function of sda right because you might want to have a router as a border instead of a switch and then there are some other different models that are sensible now now you've peaked my interest here uh i'm curious why the 3560 legacy it's a it was a layer when we came out with this and 9k hadn't come out yet so sda came out about eight months before the 93 uh probably a year before the cat 9k okay so we were we had already designed it but we we came out with them kind of just after each other so the cat the 3850 and the 3650 as long as they're layer 3 capable and licensed will support sda okay now so let me ask this do you have to have a certain ios for that uh i mean it's going to be current anything now so i mean sta has been out for uh five years almost five years so like on the aci side you know you have to have the nx os aci mode kind of thing so you don't have to have uh no it's ios xe okay that's just your plain ios xe um and uh so the other things that before i forget the other things that sda gives you so you get the fabric andy so that's the fabric piece and being able to plug in but it also has the vxlan implementation we're using supports scalable group tags or sgt's or secure group tags depending on what you want to call them which allow you to mark your traffic based on the authentication and authorization process so when you log in your port is enabled for one x say you're gonna log in username andy password ipv6 stinks ice is gonna have a policy i gotta stop because i said i ice has a policy that says okay you're allowed in i'm gonna look at my aed and that password matches um and it's i'm gonna put them on this vlan and i'm going to assign him this sgt because he's in group engineers and then dan logs in the same process happened but dan might be in group uh accountants right so all of your traffic andy as soon as it hits the network is going to be marked in the engineering group all dance traffic is going to be marked in the account all the way through that sgt will stay in the bx land header is the sgt the policy is that it's it's just a tag the it's the marketing right okay and then you can write policies that say permit based on the title yeah permit engineering to accounting deny engineering to accounting they're written as standard or extended acls almost right they're not stateful it's not a firewall but you can have what they call micro segmentation within a fabric very easily so am i writing these policies in dna center or in ice yeah so i'm gonna so that's that'll get me to the dna center topic so dna center orchestrates the sda configuration so when you when you want to build your sda network you either discover or onboard your devices in dna center so they can be pre-existing if you manually configured your underlay or you can pull them out of the box and put them and do lan what we call lan automation which will build the underlay automatically for you based on whatever parameters you give it so it'll go into a brand new factory out of the box switch and it with the switches come in plug and play mode now they have for six six seven years right it'll discover it it'll push the appropriate underlay configuration to it it'll give it a name an ip address it'll onboard it into dna center and then in dna center you pick your fabric rules i want this switch to be an ax an edge switch i want this switch to be my border i want this switch to be the control plane um i want this these authentication policies.1x map whatever it will orchestrate all the configuration on the switch as well as some of the configuration in ice so you still have to build your authorization authentication policies in ice but your security policies so the permitting accounting to engineering you actually do in dna center and dna center will push them to ice there's no magic this is trustsec right this is cisco trussec um so all the policies are still it live in ice and ice is the one that pushes the policies down to the edge switches whenever you log in but the orchestration and the configuration is done in dna i have a wan question so if you're doing vxlan across the network you're doing vxlan across the land you got to have jumbo frames enabled is that correct you should have jumbo frames enabled so we tell you to have jumbo frames enabled in reality how does that it's 150 bytes i think you need so you got to get up to 1650 somehow okay so how would that work with like sd-wan if you're leveraging dia that maybe the carrier doesn't support that how how do you make sda function sorry cisco software-defined access function does it fragment or do you just say no sorry it's not going to work no so um sda cisco software defined access is a it's a campus branch technology it's not a win technology so we don't actually support stretching of fabric across the wing okay so you just treat it as separate sites i'm just trying to see how sites tied together so what will happen is if if um if one if the host at one site is on the sda fabric and the host on the other side is not all the excellent stuff gets stripped as soon as it leaves the border so then you don't have your mtu issues if you are running a technology called multi-site which allows you to do end-to-end sda or end-to-end segmentation i think right now i i don't want to say this without knowing for sure um i think right now we still require 1600 mtu across the win if you want to do multi-site okay but i have to confirm that yeah um yeah because you have to allow for the overhead i mean obviously the the old solution for us old folks is to adjust the mtu on the end hosts or to use a tcp adjust mss on the edge which will work but it won't work with udp so if you've got udp traffic that's 1500 bytes it's going to get it's going to get dropped or fragmented which is worse right can't you okay so aj um i don't think we want to go too much further in sd access because i think we want to actually do an episode just on sd access right oh yeah yeah i'm getting fired up so yeah these are good questions really good questions so yeah i love it i'd love to come back man that'd be great so yeah aj so i i just want to go like a little bit deeper into the dna center as being like the central hub of it and then and then we can put a bow on it sure so dna center will orchestrate software-defined access so that software-defined access or sda is one of the applications in dna center um dna center also does software image management so you can uh i'm starting to sound like a sales person now but you can upgrade you can define your golden image per site per building per floor per platform per model and automatically upgrade those devices to that version of code it'll download it from cco automatically you can schedule it to stage it ahead of time you could schedule it to reboot it later you could schedule it to happen right away so software image management is another one hold on yes how do you deal with the licensing so you hesitated roddy yeah i i i did because sound stuff has changed yeah right it sounds magical you got to deal with but then you got to deal with the licensing you can't just push stuff without buying licenses it's magical no it'll uh so so we have now that that's a good question so we've we have changed things a little bit recently however we don't distribute images based on license features we've had a one image philosophy now for a few years so there is one 9348 ts-48 image out there for 1763. there's not one for services there's not one for enterprise you don't we don't have different images for different licenses anymore so the licensing is actually in the configuration okay right so you enable your license on your switch you can have it talk to smart licensing to validate online or you can download a pack and enable it locally so image distribution upgrading a router the license doesn't matter it's the configuration will hold the licensing information okay okay sweet i don't know i hated that answer so much he just brought it up he's going battery he's getting andy rage quitted once again he's going down he switches now because he uh he knows he doesn't have to worry about licensing anymore yeah so um swim is the name of that um feature in dna center software image management uh it does um templates so you can again based on your config you can type in configuration templates in dna center and have it roll those templates out to different platforms different buildings different sites you can standardize based on any of those parameters or criteria um the it has assurance which is like a monitoring platform that will it's the strengths right now are very wireless centered so it can look at the onboarding process it'll tell you all your snr's and all your wireless stuff not a wireless person so all these words don't mean anything to me but i've seen them on screens so i know they're i know they're legit so uh it'll tell you what the snr is and if there's any interference and rogue aps and all that kind of stuff it'll allow you to place aps based on strength it doesn't have all of the features that cisco prime has so i know cisco prime is the big thing right now with wireless with cisco wireless but most of those features are being copied into cisco dna center so it lets you see the usage on your devices usage on your links we have application assurance which will actually get down to okay office 365 is having issues in this building this router is part of that conversation this is how many users are affected because we're getting all the user information from ice right this is how many users are affected um here's this device that's unhealthy this is probably the cause of the problem so that's kind of things that assurance will do it's based on uh it takes information from snmp syslog netflow streaming telemetry and correlates it all together and matches it against a known set of issues that's in the database that database comes from 30 odd years of tech cases right so they basically said what are what if our customers what are the most common issues our customers have run into over the last 30 odd years let's put those into assurance and let's get assured let's teach dna center assurance how to recognize these issues based on this specific message and syslog or this message is in a trap or this message in netflow or this kind of pattern and that will so it will do that it'll give you it'll tell you what the issue is it'll give you a list of suggested actions if the suggested action is something you can do on a switch that's in dna center or router you can click perform action now and it'll actually go through that action it'll say open attack case and send them a show ipo spf neighbor click here to get that command so you click the button it pops up to show ipsp okay okay it yeah i i'm i really i know i sound like a sales guy now because no you don't some of us is magical well some of that stuff is good and some of that stuff works most of the time does it uh it's not it's not magical yet but i think it will get there i like the direction they're going with it i really do otherwise i wouldn't be as passionate about it does it make anybody else like weirded out that you know we spent all this time learning cli and now everything's getting pushed to like gooey and just yeah it's weird right it took me took me six months to be on board with this because i went through the experience of aci like dan mentioned where you have to run a different code base or different image in an or different mode on the switch where you didn't have access to the cli and that really that really pissed me off i i i was so furious and then so i get into sda and we're doing the same thing it's like no stay away from the cli because if you type a command there's a chance that dna centers are going to reverse it so honestly andy it took me six months to an adjustment right it really did i i really had a lot let a lot of things go and i run into this when talking to people about this whole time it's again it's usually the oldest person in the room that's like oh i'm not going to give up my enable password and that's true and that's not where i'm going with it because it seems like the benefits and the magic of i mean it's totally worth it if i'd be fine never touching a cli again if i could get all the benefits that you're spelling out yeah the i think the the caveat i give is that assumes that we that's we cisco got everything right right yeah sure right which if you've been doing this long time you know that there are always going to be bugs so now are things getting better do i trust automation more absolutely i started doing sda stuff about four and a half five years ago and there were a lot of times where i needed to go into the cli to verify things i never jump onto the cli right now other than to reset a router it's so that's what's scary as you're handing over the keys of the kingdom to this yeah you're across this tool ecosystem and yeah okay here you go don't don't destroy me but companies have i mean aci works aci did a good job with that stuff meraki right right you've never seen a meraki cli it does it doesn't exist so it can be done i think the the i'm not going to criticize cisco at this point but the the what we're kind of trying to do this on a platform that has a history of the cli first now ios xe but previous to that it was ios and we got folks that have been in this industry for a long time that have always done it this way and we're still calling it catalyst right if you had said catalyst os when i was getting my ccie it was it was cat os it was the set commands like this stuff has been around for a long time and people are are are used to using it and it's ingrained in them first thing they want to do is know your enable password so they can go in and configure things to troubleshoot right so yeah if we can get it right it is it's it's great and i think honestly it is better now it is a lot better now it took me about six months to stop um hesitating with the automation stuff sounds amazing also sounds expensive well that's a conversation for another day yeah yeah there are a lot of other things that dna center does so if we ever if we do another one of these and i can screen share i can demo dna yeah go through the gui absolutely for sure i would love to do that man yeah thank you i'll cut down on the puns and the jokes oh no don't do that this has been great oh i fly airplanes i i i am a pilot oh yeah yeah yeah today oh yes we forgot about that i did forget your copious free time when you're not getting every certification there is i haven't flown in like eight years but i did get it just to get it that was a bucket list thing the cisco press thing and getting my pilot's license i do want to bring uh one thing back up from towards the beginning of the show because i think we cut you off you were telling a story about your uh ccie lab and you got through the first day you woke yourself up in the middle of the night because you forgot the send community or you thought you did what did the second day the morning you walked in what happened so second day so you you really have no idea how you did right right you just you get in there you get because it's it's it was a nine hour day you're exhausted from traveling in a couple days before so you're already tired you go and you do that full day you're overwhelmed even though you've done practice labs and scenarios you really have no idea how you did so i go to the hotel wake up three in the morning say oh shit i forgot to send communities walk in i see the booklet on my desk and it's like i relax i bought myself another three hours of this so the first half of the second day is all of the non-ip stuff that i talked about so net buoy ipx apple talk dlsw sna so you get again so there's a new booklet now with new exercises and new scenarios that you have to do that you have to configure and that takes you to lunch time so same process you go for lunch and when you come back if there's a booklet on your desk you sit down and you complete the lab if there isn't you've failed you've got to sit and wait for the property so i go to lunch to come back there's a booklet on my desk so now is the troubleshooting piece and i don't know how it's done now because i know that the lab is just a one-day lab now but back then i mentioned earlier we had the physical equipment was all there and they wouldn't just mess with your configurations they would mess with your cables they would take a t1 cable and they would jam it in upside down well if you've ever used a t1 cable it doesn't go in upside down it's not made to go enough so the pins would bend so you'd have to look and identify that the pins are bent chuck the cable and grab another cable and so this was the troubleshooting section so i i got um i got there got the troubleshooting section that was that was the part i was looking forward to the most once i once i got to that part i was i was like i love troubleshooting because i had all my config memorized so first thing i did was do a show run and i thought well i didn't type that got rid of that command oh that's different that i don't get rid of that command oh there goes that photographic there was a different line between these two commands i gotta add that back in so that that part was easy got the physical stuff got my connectivity up and running and i passed and the only thing i got wrong in that two days was that stupid scent communities and you woke up you said like three in the morning and i realized yeah i knew i got it wrong yeah it was i i you know again i've been lucky i i was i was prepared i i really did burn up all of my um all of my vacation time to do the exam and that's not easy to do when you've got a she was four at the time i had a four-year-old daughter so i would take i would spend the day with her and then i would be up all night literally as soon as she went to bed i would be up all night in my lab and i had a stack of six 2500 routers a bunch of back-to-back t1 cables and i had an isdn emulator and i had a terminal server that i would hop to and a cat os switch and i would just go through scenario after saying back then you had to buy these scenarios online and then they'd send them to you in big stacks of paper had reams of paper with these scenarios so i basically went through every scenario every night all night until i i had them all memorized but i was still trying to this is the comment i made earlier about verifying things i would even though i had to memorize and exactly what to do for every single one of them i got more practice doing the show commands and the verification commands to know what to look for to know that it worked because i would still make a typo right but at that point i knew if i made a typo i knew exactly what it was like it's just because i looked at that output so many times and it was repetitive competitive so the repetition helped me a lot and you were labbing instead of sleeping is that what you said yeah i would i would maybe sleep i'd drop her off at school in the morning at like 8 o'clock 8 30 i'd sleep for like three hours and then i'd get up and start working again and then i let like three hours a day sleep you were doing yeah for six months that was the the vacation time was no that was like okay five weeks of vacation where i was really hardcore but yeah the six months previous was still yeah i was still doing a minimum of six seven hours a night so i was working and then i'd come home and then spend some time with my and it didn't mess with your retention or your mental health or anything just exhausting yourself i was no i was okay thirty i had plenty of energy there's no way i could do it yeah i i mean i think the uh that was tough it was tough but i i don't know i honestly don't know how i did it i really don't i mean i won't say it was easy it was it was tough i just i don't know that i could do it now but part of it was i really i really loved the technology like it's like today i'll go mess with i don't do any docker as part of my day job but i'm i'm trashing containers all day long because it's just stuff i like doing it's interesting so um so that stuff yeah networking has always been interesting to me so it was fun for me to do that it wasn't it didn't feel like work or it was a challenge for sure because i was learning a lot about the protocols but um it was just fun love what you do yeah always always excellent well he is roddy he has never failed a cisco exam he is ccie 7472 he is a cisco press author the book is cisco software defined access we will drop a link to our show notes and you can pick it up there and wherever books are sold i'm sure ronnie where can people find you twitter blog what you got today i'm going to lock my twitter after this episode you know i i i'm just i'm just thinking aj i may have failed one of the research about six years ago that's a different story for another time but um now you said that i was like oh that helps andy that's that no that is exactly what the listeners needed to hear that you got to fail yeah that's great yes yes don't don't don't do anything that i've done in the last 30 years don't have the attitude that i've had in the last 30 years no uh yeah i think i haven't so the question was where can you find me you can find me on twitter usually trolling people um my handle is it doesn't have a pronunciation i don't know there's this fourier on here you guys know my handle do you know what it means no idea the the squirrely no no no no arabic that's arabic that's my name in arabic but what is my hand okay what is my uh my twitter id um e-i-d-d-o-r yeah do you know what it is nope i do not come on all right so i do it's literally my first name backwards oh look at that and it's right here so we automatically go to acronyms that's just what we do yeah the squig the squiggly stuff that you pointed out andy is my name in arabic so very um yeah the squiggly stuff that's what he called it i didn't want to be andy insensitive so i just used the language that he used to be so good by my twitter my handle is e-i-d-d-r which is my first name backwards which now everybody knows the secret yeah and um that's that's where i hang out most i do have a youtube channel actually the uh i've got some sda dna center videos up on that youtube channel if you want to google me but you can what's your youtube channel i have just roddy i don't know hassan youtube yeah yeah i think you can find it yeah yeah it's in the notes i don't know i'm not good at selling promotion subscribers i'm really not good at celebrating i'm trying to do it i believe there's a there's a blog in there too right oh there's a blog ccie dot tv okay so the blog is mostly technical not cisco centric per se but there's also some cooking stuff on there because i am also i also love to cook it's my therapist you're you're in texas have you been to franklin barbecue i've been to franklin barbecue yes yes how is it if you like barbecue it's good i love barbecue i'm reading his book he's my hero when i come to texas definitely please go to franklin barbecue we can it's in austin it's about four and a half hours away from me but you let me know and and we'll get down there yeah it's like an hour and a half wait in line right to get this guy's yeah yeah yeah no it's good it's it is if you like barbecue i'm not huge on barbecue but if you like barbecued it's good barbecue for sure all right man yeah nice nice all right roddy thank you so much for joining us any any last-minute words no thanks for having me this was a lot of fun wasn't as weird as tim made it out to i knew he was going to like that man i did now and i honestly again if i if i i would have thought there's no way he came up with that just based on my tweet so i feel better that you already had that plan yeah um no it was a good time guys i i'm glad we finally got to do this aj you know i i give you guys i give you a shit about forgetting about me but um well much much deserved shit i feel lucky to be here and uh hopefully you know hopefully come back and do a demo for y'all join us again next week for another episode thanks again ronnie and have a good night hey everyone this is aj if you like what you heard today then make sure you subscribe to our podcast and your favorite podcatcher smash that bell icon to get notified of all of our future episodes also follow us on twitter and instagram we are at art of net eng that's art of n-e-t-e-n you can also find us on the web at art of network engineering.com where we post all of our show notes you can read blog articles from the co-hosts and guests and also a lot more news and info from the networking world thanks for listening you