A few months ago, a friend asked me for feedback on what kinds of network technologies should be taught in school (college level). I spent a few minutes writing this up and decided I might as well post it here too.
I have yet to encounter anybody using AppleTalk. In fact, I haven’t used AppleTalk since the mid 90’s (not to be confused with AFP over TCP/IP which is not uncommon anywhere there are Macs).
Fiber Channel (Fabrics, Zones)/10/40G/Converged: This is not normal networking in terms of tools and debugging. High level theory helps cover the bases, but anybody who will deal with storage in mid to large businesses needs to know how FC works. Networks are moving to 10G+, and with that, comes converged. Bundling FC and 10G on the same cable is fantastic. Cards allow for logical partitioning so you can do something like partition off 4G of FC and 6G of Ethernet.
People will whine if I leave out iSCSI, but its a crappy way to do things. There isn’t much to it, if you understand TCP/IP. All the traditional SCSI errors show up when you lose connectivity to the block device (which can happen if you have too much congestion on the switch, or you’re just pushing too much traffic and the switch can’t handle it. I’ve seen both, and losing a block device is not pretty. Best case, the machine reboots. Worst case, the contents of the volume are toast).
Everybody uses BGP externally, lots of places use it internally to handle dynamic routing. Some places use wierd things like RIP, others prefer OSPF (it bugs me when they have to create a new protocol for a new version of IP). Advantage of ISIS, it will route anything.
Its not complicated, but lots of companies use this for multi-site/multi-campus. Its good to at least have some lab experience with it.
This is used all the time to tie sites together. Sometimes hub and spoke, sometimes full mesh, depends on the goal. Pushing routing over IPSec is can be a pain. ISIS can help with that. Facilitates running your routing protocols over IPSec. You may not be able to do MPLS or BGP dynamic updates over GRE, depends on implementation. ISIS can tunnel anything, appletalk, DECnet, its great.
With the depletion of IPv4 prefixes, this is no longer optional. I would not hire a network engineer who didn’t have (at least) solid lab experience with IPv6. HE tunnels are free. You can connect lots of devices to them, including many common consumer routers that are flash-able by something F/OSS if they don’t support a 6to4 tunnel natively. Once you have a tunnel, you can route either a /64 or a /48 to your house and practice all sorts of networking with IPv6 including a v6-only network. Yes, I know that vendor support is not perfect, but its getting better and the world won’t stop and wait. Understand the purpose of SLAAC, DHCP, privacy extensions (implications for network devices), minimum denomination of a practical usable block is /64. Tools don’t work on smaller blocks (like DHCP).
NAT is not a security technology. MPLS is not a security technology. There is no excuse for not using SSH. Even crappy brocade routers allow DSA keys (part of what makes them crappy, they don’t use anything else). I wouldn’t fire somebody for using telnet, but it would be a teachable moment for the entire team about what not to do. Bro is great, you can configure it to fire off alerts when it finds regex matches, like “Password:” If you really care about encrypted communication between you and a network device, look at Juniper (don’t get me started on Juniper, thats a whole conversation by itself. Suffice to say they make working on a network device pleasant again). They support ECDSA, RSA, and ED25519 (and have for about a year). IPSec tunnels should be at least as good as Suite B. Anybody that configures 3DES security gets an ‘no pass’.
Understanding how radio signals propagate, and reflect. Frequencies, wavelengths, interactions, antennas, signal loss. This will come in handy when figuring out where to place WAPs so they don’t clobber each other, or have gaps with out signal. Metal in walls significantly reduces signal range. Maybe just have them get a Technician Ham License. The knowledge is more useful than you’d think.
SDN is important. That said, its just network virtualization/abstraction. Yeah, there are lots of details that aren’t the same, but if you understand systems virtualization+automation and networking well, the concepts fold across pretty well. Check out OpenFlow. Last I looked, the OpenStack virtualization platform was integrating OpenFlow capabilities. Should be able to find a F/OSS platform to play with that on.
I know its a little nerdy, but check out blockdiag. Its a slick way to generate network diagrams from a text file that you can version and keep track of its history. Its reminiscent of the ‘dot’ language.
Lastly, if you’re still attaching yourself to network devices with a cable, its time to break free. Check out Air Console. They’re fantastic. Happy customer for several years now.
Footnotes and References¶
So what do you think? Leave your comments below.