Episode Cover Image

210-If you’re routing, you fail with Jeremiah Ginn

digital transformation, ai
Dissecting Popular IT Nerds
210-If you're routing, you fail with Jeremiah Ginn
Loading
/

Jeremiah Ginn

Jeremiah Ginn is a father, teacher, engineer, architect, author, advocate, and veteran focused on investing in others. He leads SDN evangelism across Fortune 500 companies. His 25 year tech career has spanned SD-WAN, SASE, NFV, multi-tenant cloud, and network infrastructure. He is an IEEE member contributing to SDN, SD-WAN, and SASE standards. As a cybersecurity evangelist at Acuative, he drives innovation to scale their XDR and cyber risk control offerings that reduce insurance costs by 70%.

If you’re routing, you fail with Jeremiah Ginn

We discuss cyber challenges with guest Jeremiah. Drawing from over 3,000 customers, Jeremiah explores SD-WAN problems. We tap into connectivity hurdles to clouds and data centers. Stressing SASE’s security integration, Jeremiah emphasizes perspective from specialists over reports. His hands-on experience uncovers customer issues and learning through criticism. We unlock lessons from Jeremiah’s interactions for navigating security obstacles.

Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast

digital transformation, ai

3 Key Takeaways

Episode Show Notes

[5:06] Discussion on limitations of relying solely on Gartner Magic Quadrant reports.

[6:01] Importance of speaking with experienced practitioners for real-world advice.

[22:14] Understanding electrical engineering principles is key to truly grasping network device behavior.

[24:57] Shift from hands-on device management to more abstracted interfaces with SDN/SD-WAN.

[30:01] Benefits of bandwidth aggregation with SD-WAN.

[33:50] Importance of encrypted tunnels/security baseline with SD-WAN.

[34:20] Value of fast failover capabilities enabled by SD-WAN approaches.

[34:48] Integrating security through converged SASE frameworks.

[40:47] Moving “beyond routing” mindset is important evolution.

[41:36] Openness to criticism and continuous learning maximize success.

Transcript

Speaker 0 | 00:09.565

All right, welcome everyone back to Dissecting Popular IT Nerds. Today, Jeremiah Ginn, an author, author of Diving into Secure Access Service Edge. That’s just the tip of the iceberg, I guess, when it comes to cybersecurity. You put your title as cybersecurity. innovator, which is great. It’s a small field of work. There’s hardly anyone going into security nowadays, as you of course know. There’s very few of you. I was told a while back that using sarcasm is a behavioral derailer. Thank you for being on the show. Your job nowadays is definitely… It’s a wide, it’s very far and wide. And I would love to know how anyone decides on what to focus on at all. But you’ve written the book. So why don’t we just start there? And let’s just start with why the book to begin with. And I don’t talk security too much because it’s definitely not an area of, I would say it’s an area of my expertise as far as knowing everybody and knowing kind of like. who doesn’t know what they’re talking about and who does, but it’s not my area of, I’m not going to be the pen tester. Let’s just put it that way. But let me let you speak for a second. Tell us about the book real quick and why the book and how you got there.

Speaker 1 | 01:32.692

Sure. So what happened was for whatever reason, I got into AT&T product and the SD-WAN Center of Excellence at AT&T. And I ended up working with over 3,000 different customers on SD-WAN over the last five years. Now, the great thing about seeing that kind of volume is that you see the same problems over and over again. You see patterns, right? You see trend analysis. And it just becomes a way of working. And what we found was a lot of times the customers were going through the same learning cycle. We all understand Gartner’s hype cycle. And so you go. You go through and you get this trough of disillusionment, and that’s usually where most of these projects stop for a couple of years.

Speaker 0 | 02:20.290

Can we address that point just real quick? Just because I talk about, we talk about Gartner and people say it’s a pay-to-play model. And then you’ve got some CEOs and C-levels sometimes that say, don’t bring me anything that’s not on the Gartner Magic Quadrant. And okay, that’s fine and good. I see Gartner Magic Quadrant as a snapshot in time. I don’t see it as the real-time finger on the pulse of what a company is actually doing. But you said Troth, and I don’t know. How much value, what can you take from Gartner Magic Quadrant, and why is it glazing people over or creating more confusion than clarity sometimes?

Speaker 1 | 02:58.194

Sure, sure. Well, first of all, as you mentioned, it’s not pure science. It does offer value, though. What we see, the value of the Magic Quadrant, especially when you’re like, I studied 77 different SD-WAN. branded products in my journey, right? And all that was back in 2018 that I studied 77 different brands. What we found was if you look at what Gartner was publishing, what it allowed you to do is say, all there’s this noise, there’s like 70, 100, 1,000 different products that we got to look at. How do I get that list down to 10 or less?

Speaker 0 | 03:33.680

And that’s the same with everything. That’s not just, it’s not even just, I mean, that could be, well, I guess not email. You got Microsoft and Google, you know, but CRM or numerous products, telecom. I mean, you mentioned AT&T. So, you know, there’s there’s a lot of options, period today.

Speaker 1 | 03:54.812

Yeah. And so it’s like, how do I drown out the noise? How do I get focused? How do I create a list of if I’m the CIO for XYZ Corp? How do I get to a manageable number of participants? in a particular market that I can create an educated decision from, right? How do I do that? And so following Gartner allows you to get down to that top 10 or less. You look at the magic quadrant, then you take all those over the upper right-hand quadrant, and then you do a POC, you do an evaluation, you do comparison, and then you look at the financials and you really see… you know, bang for buck, am I getting more than what I’m paying for, you know, in that deal? But it really is.

Speaker 0 | 04:36.700

I don’t know how we got on this tangent, but I love it. I like it because that’s kind of like my day job, right? Because that takes a lot of time, right? So in most IT directors or IT leaderships, they don’t, when they’re doing negotiations, they don’t do them every day, all day, every single day. They’re doing it once a year or every three years or every five years, depending on when contracts roll out, then they’ve got to go, okay, so now. I’m going to go to, where do I start? I’ll go to the magic quadrant, call John down the street, my other buddy that did this. And now let’s start, let’s call these guys up. And oh my gosh, now the sales reps like just hammering me all day long. And then you’ve got, okay, now they come in in the suits and ties or on zoom or whatever it is. And there’s a lot of, I would say, I call it street knowledge or word on the street knowledge that you might not know. So in my example, always is look at Zoom, for example. Ironically, we’re on Zoom right now. Everyone listening. Zoom during COVID. What are they? Are they in the Gartner Magic Quadrant? Yeah, of course. Are they in the upper right hand? I don’t even need to look. I know they are. They have to be in the upper right, right? Because are they the leader in the market space? Yes. Are they printing money right now? Yes. What will the Gartner Magic Quadrant not tell you? during COVID, they stood up, give us a standing ovation. We’re amazing. You know, we’re the leader send out the droves of sales reps to call everybody and convert them, buy out contracts, do all this stuff. What they won’t tell you is how overloaded their operations department was, or they won’t tell you is, yeah, I mean, it’s yeah, it’s going to install. Yep. Smoothly. Yep. You know, I mean, it’s kind of like, like, what do you want to know? What do you want to know? That’s not on the Gartner Magic Quadrant. Well, you need to know, you need to have someone that’s literally done probably a thousand Zoom installs over the last, you know, 10 months to tell you, this is what you need to be prepared for. You need to understand that there’s a project manager that’s a butt in the seat, you know, with a whole stack of orders. You need someone bird dotting your order, bird dogging your order. You need to know who their boss is. You need to be able to escalate to a VP level. You need to be able to walk people through all this stuff. So that’s just my. my two cents on the Gartner thing. It’s only going to get you so far. And then when you mentioned the POC and everything, well, you can mention, you can, as a, as a leader, you could spend three to eight months evaluating all these providers and putting together a spreadsheet with the, you know, different rating, different ratings and weights and measures of who’s better and all this type of stuff that could take you three to eight months. You don’t need to really need to do it that way. And that’s the, that’s the, uh, I guess the secret that we hold behind the scenes here.

Speaker 1 | 07:11.166

Well, that’s a great point because in my book, one of the things, one of the conclusions I got to is 80, 85% of the market for SASE or SD-WAN or SDN, cybersecurity, they’re really going to end up going with a managed service provider model. The reason for that is the managed service providers have enough labor to do a proper evaluation on a consistent basis. They’re following a DevSecOpt. practice where they’re creating an MVP, they’re iterating, they’re improving, and they’re collecting feedback. Most people have such a hard time with criticism, whether it’s constructive or not, that they can’t handle a feedback loop. But people call them every day, tell them, you know, your product’s broken. It doesn’t work. It doesn’t do this stuff. But the managed search writer being a little bit agnostic from the branded solution can then be that advocate for you and they can analyze all that stuff and have enough labor to go after it. That was one of the conclusions I got to was the evolution of software is new releases every three weeks, new generations of technology every 18 weeks because of DevOps.

Speaker 0 | 08:18.250

Right. It’s insane. It’s insane. I just thought about going down a rabbit hole and I’m in my head right now. I’m realizing that we can’t do that because that’ll be like another show. Why the title for the book?

Speaker 1 | 08:34.259

Really, it’s about… getting off the dime and getting it done. So, you know, really when we talk about, you know, getting into something that we don’t know the details about, you know, we’re diving into it to where we can go through the learning process to be able to get started. We saw hundreds of large enterprise companies, probably more than half to Fortune 500, take three years with very talented IT staffs to get 10 sites. out of a thousand installed with SD-WAN. Three years to get 10 sites out of a thousand or more. Some of these companies had 20 or 30,000 locations and it took them three years to get the first 10 sites installed because of the paradigm shift going from routing to SD-WAN.

Speaker 0 | 09:18.755

Okay. So that’s a good, it’s so crazy that we’re talking about this right now. Cause I remember we spoke about this a week ago before we decided to do this thing. And in between that time and now I’m dealing with… somebody that’s considering um they’re basically doing a isp consolidation okay or isp um renegotiation and looking at fiber and backup and tertiary backup and all this stuff right and they made one comment to me we’re thinking of going bgp i was just like that’s interesting that they just said that’s a lot you Yeah, you know, like we’re thinking of going BGP and I’m thinking to myself, and then it started to kind of all come together like, okay, so this is why you need a cloud connect to Azure. Okay. And I’m thinking, okay, so why not consider, you know, SD-WAN? And to some people, it just seems kind of like, it’s just that like thing that they heard about. like maybe as familiar with it as you and me, or they looked at some providers and they were all garbage or they looked at, or it didn’t, it didn’t make sense. It was more of an SD-WAN light with a, with an equipment piece sitting at the edge. It wasn’t really like a fully meshed network with backhauling data and everything that you want. And security was a big question mark around it. Well, how are we going to secure this? We’re going to have to, you know, go Fortinet or we’re going to have to go Meraki or something. You know, there’s like all these kind of like all these questions that, that were. you know, coming up. And I thought, you know, you just need to talk with, you know, you need to talk with a good Velocloud person. You need to talk with, you know, at least, you know, I’m a big fan of Cato when it comes to international and getting around the, you know, Chinese firewalls, you know, at least just, you know, talk with these people because you might not have to do that heavy lift yourself and you might not see it now, but it’s, like you said, it could be, you know, two years later and we’re still not, we’re really not operating like we imagined it or needed it to. It’s kind of just like a like a pipe dream right now. And then, you know, they’re talking about what we need, you know, you know, disaster avoidance redundancy with the data centers for for, you know, like ERP in case in case, you know, the Internet connection to this, you know, ERP, you know, whatever server that we have sitting here on site goes down. And we need to be able to have it, you know, active, active replicate over here. And that’s that’s why BGP. So talking to you, what do you have to say from, you know, hearing all that story?

Speaker 1 | 11:39.428

Well, the first thing is when you said you mentioned BGP, the main point in SD-WAN is if you’re routing, you failed. SD-WAN is secure forwarding of data based on a layer seven knowledge of where that data is going to go.

Speaker 0 | 11:54.300

This is great. No one’s ever said that. And I’ve been doing this for a long time. But I want you to, yes, to keep talking.

Speaker 1 | 12:02.807

Sure, sure. So there was a lot of questions. you know, maybe 2020, because as some players got more aggressive in SD-WAN, there was a discussion of, do you need DPI, deep packet inspection? And the answer is 100% of the time, yes, because without it, so what we’re doing with DPI is we’re just being aware of the application, right? We’re learning layer seven, we’re trying to associate the application with a forwarding policy, a quality policy, and a security policy, right? So It should always be forwarded and secure. So without DPI, you’re going to have to create some sort of policy that says this IP address equates to this application. The reality is what we want to do is we want to use a secret sauce. Like you mentioned Velocloud, right? VMware, NSX, SD-WAN, right? But Velocloud, you know, that company went to market, went gangbusters with like 75 employees on the payroll. And what they did was they did a lot of really cool summarization. It’s awesome. I told you that.

Speaker 0 | 13:06.468

And now they sold to VMware in Cheching.

Speaker 1 | 13:09.589

Yeah. Yeah. Well, they did a good job. But one of the things I learned from the Velo guys, the original guys over there, was really, you know, we were trying to get SD-WAN to conform to the way we’ve done routing for the last 40 years of the market or however long we’ve been using it in production. We’ve been trying to get it to conform. And the reality is what they’ve done is they’ve eliminated the need for us to do. crazy, predictive policy-based design. We’re using the same word policy, but we’ve got two different contexts. So like policy-based routing, especially the way Cisco does policy-based routing, is prescriptive routing. It is forcing the packet to do exactly what you tell it to do, when you tell it to do it, how you tell it to do it, right? With SD-WAN, we’re taking a hands-off approach. Our policy is more of a statement of a goal that we want the traffic to use whatever. First path, whatever layer one, layer two, layer three mechanism gives us the best quality tied back into our quality policy and keeps us consistently secure based on a security policy. We didn’t have that in the routing world. We had prescriptive routing, right? Which we call policy-based routing, but it was really prescriptive. And with SEWAM, we got to kind of take the opposite approach, do a hands-off and say, hey, I want your secret sauce to do its job. And I want to lightly tell it what my goals. Does that make sense?

Speaker 0 | 14:31.096

Yeah, it’s amazing. I want to hear you answer the question about data center failover, active-active.

Speaker 1 | 14:40.838

Sure. Well, first of all, the problem with cloud computing is it’s a marketing term. So what cloud computing looked like at Google is you could go cut the electricity in any one of their data centers and nobody knew the difference except for their NOC resources, the people in operations watching it.

Speaker 0 | 14:59.043

Should be.

Speaker 1 | 14:59.704

Yeah, how it should be. When we went to cloud computing, it was just basically a rebranding, a marketing rebranding of data center hosting or hosting of compute.

Speaker 0 | 15:10.907

Yeah, that’s like the famous meme, you know, like the cloud is just somebody else’s computer, right?

Speaker 1 | 15:16.628

That’s right.

Speaker 0 | 15:18.068

That’s not like this. But go ahead.

Speaker 1 | 15:20.909

So you have to think about how you get it to the application, where the application is resilient. So you don’t want ActiveAct. What would you? want is you want to securely forward across all available paths to that end destination. And what you want is an application model that looks kind of like a load balancer sandwich model. Are you familiar with that term?

Speaker 0 | 15:42.397

I mean, I’m familiar with load balancing. I’m familiar with sandwiches. You know, I mean, I’m usually thinking I’m not familiar with the load balancing sandwich model. I’m definitely familiar with aggregation and application stacking and that type of thing. But go ahead.

Speaker 1 | 15:58.880

Sure. Well, let’s go on a limb and let’s assume whatever application we’re using is built with redundancy in mind, not active, active, not active, standby, not active, failover. Right. None of those mechanisms, because those mechanisms work us down into a worst case scenario, right? So let’s imagine we’ve got a global load balancer that’s based on DNS, that the application exists in 12 data centers, and you’re going to send the workload wherever closest.

Speaker 0 | 16:28.036

based on yes i love you for i love you for putting it that way all right so why should i go yeah why should i go all the way to seattle when i can go to houston if i’m in i don’t know kansas that’s right they’re right so that’s the external load balancing based on the application is that did i understand that correctly as in late oh yeah yeah yeah just

Speaker 1 | 16:46.931

making sure synthetic uh transaction testing and where we’ve got a pretty good idea of of our performance levels. And so sometimes when you’re on the application side of the house, you’re creating a model and you’re like, dude, I’ve got tons of capacity, but my end user experience is suffering. I don’t know why. Right. So a lot of times that synthetic transaction testing allows us to get a prediction of what the end user experience is going to be. And what we’ve found is over the last couple of years, tons of CIOs, their actual paycheck is tied to a end user experience score.

Speaker 0 | 17:21.947

Of course. Yeah. Not only that, and that’s another side topic, but I think, and this is just a suggestion for IT directors that are out there that are having a hard time getting their executives to understand their value to the company, right? Because a lot of times it’s like, how do we get executives to understand that I’m valuable or that I’m creating value? Well, you just said there’s a scorecard. You need to create a scorecard for yourself or be able to score yourself. the the it and you just mentioned a scorecard right that the seat that the the sea like a internal nps score yes yeah like an end user experience but what else can you do if you don’t have that you can create one for yourself or you can go to your executive and say hey i would like a model that’s more management by business of objectives and that’s called an mbo an mbo for people that don’t know what that is out there because a lot of higher level enterprise companies or mid-market companies have MBOs connected to their IT director. And that scares some IT people because it’s based on performance, but you can bonus based on performance. So you can make more money. So if you feel like you’re just a line item, you’re just stuck in a cost center, line item on the budget, being squeezed as much as you can all the time. offer an mbo connect your it department to all the other departments in the company and say if we do better if we increase efficiency if we increase end user performance which is based on these metrics and these uh kpis i want to get paid more money and if i don’t then i guess i don’t know put me on a performance improvement plan or something i don’t know who knows i mean maybe you don’t want to go that far but um i know i i think a performance-based culture which i

Speaker 1 | 19:01.668

also talk about in the book is it’s positive and negative, right? So you’ve got to understand when you’re underperforming, you’ve got to understand when you’re overperforming, and you’ve got to kind of take the emotion out of it, right? So football players take negative criticism really well, right? They learn how to take that and use it as a motivator to improve their performance. But the human population on a whole, whenever you give them constructive criticism, they melt.

Speaker 0 | 19:31.664

then they have a hard time with us the funny thing is when you get that though when you get that though you live you live more it might be scary you might be scared it might be scary it might be i’m not just showing up and feeling comfortable in life but how i think people don’t realize that being uncomfortable in life and and going in and pushing beyond the boundaries that you’re the things that make you uncomfortable and then pushing beyond those that’s when we really start to kind of I don’t know, feel alive and kind of more invigorated. That’s just my point. I think stress sets in honestly, when you’re not doing that. And when you’re not living to your full potential or really pushing yourself, it’s kind of like you get stressed when you’re like, I wonder if I’m going to have a job today when I come into work. That’s when stress comes in. We’re not really, when you’re not really pushing this. Okay. So anyways, back to the routing and BGP and failover. And so how does that work when you’ve got two data centers that you’ve been thinking about doing BGP routing? you know like how does that fail over no no we’re good like like you know atomic bomb hits one data center like you know what it doesn’t matter because now the data center is going to just pick up the remaining traffic but at least you’re using both of them at the same time that’s what i’m understanding you’re saying yeah well that’s a deep design issue but from the sd lamp perspective what your goal is is to forward across all available paths to all available destinations where the application resides right so you’re at all times in real time and being the most efficient possible, not paying for something that you, and not using it. Yeah,

Speaker 1 | 21:02.357

your job is to get it there securely and safely and on time with the right quality mechanism in it, right? And you’re measuring against those quality mechanisms. You’re actively doing that as part of the SD-WAN secret sauce.

Speaker 0 | 21:17.110

So where are people going to get hung up on this? I think you hinted at it when you said you’re not routing. You’ve got to make that paradigm shift. You’re no longer routing. And maybe you feel like that’s your job, because I’m a router. Well,

Speaker 1 | 21:31.460

2018 and 2019, I got cussed out on a regular basis. I got cussed out by CCIEs that were amazing engineers that had been doing this for 20 to 30 years. Some of them were really low CCIE numbers. They’re like, it doesn’t work like that, Jeremiah. You can’t tell me that. They’d cuss me out and refuse to talk to me for six months. Then they would call me back six months later, apologize, and then ask me to teach them what I was trying to teach them the first time. And the reason for that is all of our understanding of network engineering is based on electrical engineering, which ties into computer systems engineering. So if you follow the bouncing ball, what happens is if you understand the way the electricity works as it flows through the router’s main board, Has it applies to the network interface? Has it functions through there? Every generation of technology, you could run a calculation and tell what that device is going to do, right? So you can calculate it forward and backwards. You can reverse engineer it. You can understand all of this. And so a lot of people don’t think about this consciously. But the guys that trained me back in 1997 had 42 years of electrical engineering experience, and they started teaching me how to work on Cisco router. And from the main board up, all of that is electrical engineering. And you’ve got to understand when you’re configuring the router, how that applies to the way everything’s going to work, you know, through the boards, through the cards, through, you know, through everything there, because the behavior is governed by electrical engineering theory.

Speaker 0 | 23:08.429

Do you think people actually do that? I don’t think anyone’s thinking. I don’t think I don’t think the general. You guys. thinking about electricity and how it flows through a router i mean that’s pretty deep yeah i think they know routing protocols i think they know like how to configure something you know what i mean yeah that’s what from decimal to x to binary would

Speaker 1 | 23:31.883

that’s effectively what we’re doing is we’re trying to communicate with electrical engineering signaling on the device uh and we do that in form of commands like all the you know the 30 year ccies They know all the commands by heart. They can do it in their sleep. And, you know, you say, hey, I got this problem. They’ll spit out a command to you. You type in that command. It’s going to give you the where it hurts model so you can fix it. Right? You can make it better. But all that’s based on electrical engineering. So maybe they don’t, you know, I don’t think they’ll think about it consciously, but that’s really where it’s coming from. And all those commands we’re putting in the router are really converting it to where you can leverage the machine to work the way the machine is designed to work. which comes from all that theory. Now, when we go to virtual machines, right, we’ve got a hypervisor that disaggregates our relationship with the operating system, which disaggregates our relationship with the board functionality. We, again, at this point, don’t care how it works, right? It’s like… um you know do we care whether our water meter on our house is analog or digital no no we we don’t care you know what what’s governing the flow we just expect it to flow the base the capacity of the pipes right so if i’ve got a two inch water pipe it’s going to flow x amount of gallons per hour no matter what we do so long as it’s flowing optimally there’s no uh clogs of the plumbing we don’t care about that so now we get over to st-wan we got st-wan that’s that’s disaggregated at least a couple levels software-defined networking mechanisms. And so now what we do is we’re essentially using some sort of an abstracted code that is interfacing at those levels where we used to hands-on keyboard, you know, doing the command line interface type work, the CLI type work. So now we’ve got to take a lot of that stuff for granted or we have to accept that it’s going to work as a design, which was one of the early things with Bellacloud. that I had so much trouble with is I had to take the word for it, how it worked. And I didn’t like that, right? Because here I am, a network engineer that’s been doing this for 20 some odd years, 25 years at this point. And I’ve got all this experience and I’ve implemented hundreds of thousands of Cisco devices. So I know how all that works. But I had to stop and say, this is a new paradigm. This is that point. where it changed. Not like every three years we’d been changing. This is a complete different change, a complete disaggregation. And I’ve got to look at it differently. I’ve got to look at it from the programmer’s viewpoint. The programmer says, my application needs to work. It needs to work within a certain level of quality. It needs to provide a quality user experience, and it needs to be secure.

Speaker 0 | 26:21.688

Understood. Understood. Why should we do it this way, other than it’s just the new thing? That’s not new. That’s not new anymore. Okay. So it works better. How?

Speaker 1 | 26:32.232

Well, the first thing, let’s talk about management operations. I can manage a thousand devices in the same labor cycle as I can manage 10 devices the old way.

Speaker 0 | 26:40.717

Because?

Speaker 1 | 26:42.158

Yeah, because the object modeling, right, when we look at the SD-WAN secret sauce, one of the things it’s going to do is it’s going to relate to the device in kind of an object model basis where I can. simultaneously upgrade a thousand devices and it’s got a one-to-one with each of those thousand devices whereas the old way i would have used a script so i would have grabbed uh you know i would have pushed out a script to all yes this is and i would have expected you know 92 to 97 and and assumingly assumingly that’s

Speaker 0 | 27:16.538

harder to do and time consuming and in the new way you can do that more often if you if you have a bunch of jobs come through more often so you don’t have to your network doesn’t have to be um i don’t know kind of waiting for an upgrade i don’t know how else to say that i guess but i understood understood it’s easy to manage uh endpoints i guess really not as endpoints or kind of as endpoints you don’t have to manage a bunch of individual routers or at least in a meraki case you don’t have to log into each router and make changes you can make it across your entire network easier um did i understand that correctly yeah yeah and it’s the relationship of the tools so we’ve spent the last

Speaker 1 | 27:50.798

20 years trying to develop tools. Like I used one point Cisco works to, to be able to control the the code and the devices and to be able to update it and audit it. And it was, it never worked correctly. This works correctly because we’re not going all the way down. What we’re doing is we’re auditing and real time, all the configurations because they’re tied back to the policy on the device. Right. The policy management is keeping all the policies in sync across the board. And what we’re able to do is like, I think I did 2,900 routers, the configuration and the operating system in like, I want to say it was 20 minutes twice. So 40 minutes, you know, upgraded 2,900 routers, you know, using this type of model, you know, using Ansible, right? And. that was not a way that physical routing center worked. Does that make sense?

Speaker 0 | 28:52.012

And now with the SD-WAN?

Speaker 1 | 28:54.053

It’s 15 seconds, right? Yeah, 15 seconds. Okay.

Speaker 0 | 28:59.355

So I just wanted to make sure that we were clear, like the difference, right? You know, that was still 40 minutes. This is, yeah, 15 seconds. Okay. What else? Other than just making changes to routing, I mean, just why? What else? Well, it’s not just that. I mean, it’s like location stacking. It’s all the other tools on top of it. It’s bandwidth aggregation. It’s packet inspection. It’s forward error correction. It’s cleaning up QoS. It’s making the Internet better. It’s I mean, I can. What else do we have that I am forgetting?

Speaker 1 | 29:31.009

Well, let’s just say. So years ago, we tried to do layer-through-aggregation a bunch of different ways, right? I used to have a thing called a packeteer, and I could basically take multiple T1s and bond them together. And then we came up with ATM inverse mocks IMO, which allowed us to effectively do that. So we basically created kind of an inverted belly button model with a telco, and we could aggregate multiple circuits together and create a kind of a fake ATM circuit and talk back natively to their ATM. switch.

Speaker 0 | 30:03.974

Just speak, Hey, just speaking to the microphone a little bit more, cause you’re getting farther away. I can tell. And this is so, this is so, I need this to be clear, but go ahead.

Speaker 1 | 30:13.976

Okay. So let’s take a look at bandwidth aggregation with SEM. So I’ve got a customer and not focused on any one brand because I’ve got at least 10 different branded SEM solutions. A little bit in the same way. This customer has four active. circuits at all time in every one of their locations and they have the ability to plug in a fifth which is a v-set at any time right so so if i i e l or v-set okay never mind yeah i’m not i’m not a satellite that’s funny no so we brought satellite back because natural disasters um you know take out a lot of the right i get it but like i mean what are you saying is v-set the fifth option over lte what about lte well

Speaker 0 | 31:02.990

point lte’s down okay hurricane you know tornado whatever right okay i got you make sense make sense yeah so uh so we mentioned we got fiber and then we got fiber then we got cable then we’ve got uh a bonded copper lte fixed wireless point line of sight and satellite okay um we got them all what

Speaker 1 | 31:30.318

the normal conversation with the average network engineer, network manager, is going to be, okay, so what’s primary and what’s secondary? I’m like, no, they’re all primary, right? And by policy, what we’re going to do, we’re going to forward across all of them, right? But let’s say, like, say they’ve got MPLS, they’ve got some sort of dedicated internet, then they’ve got broadband, the LTE, and then satellite’s number five, right? So we’re going to put them in, and it’s obviously cheaper for me to run over broadband. But I’m going to be concerned about anything that’s super latency sensitive, anything especially critical like my RTP traffic, my voice traffic. And so I’m going to prioritize my voice traffic and probably one to five applications to run over MPLS because I can trust the SLA. So I’m going to have a five guidance SLA that’s contracted with my search provider. So I’m going to have maybe 10 to 20% of my bandwidth is going to be MPLS. Then I’m going to have a… maybe 30 to 7% of my bandwidth is going to be some sort of dedicated interaction solution. It’s still a bit of fire, but it’s a commercial-grade type enterprise. And then I’m going to have probably at least that much bandwidth and maybe four or five times the bandwidth I need on broadband because it’s cheap. Right? And then I’m going to have whatever I could get locally out of the LTE, the 5G, the whatever, from a fixed mobile type of access. And then I’ll have satellite, which will give me whatever it can get, right? So now I’ve got all these out there, and I’m going to prioritize my RTP traffic with the most reliable circuit. And then I’m going to prioritize my business traffic for most applications. It’s going to go across identity and internet access because I’ve got tons of bandwidth. I’m going to have my bolt load track.

Speaker 0 | 33:27.667

Okay. Look, look, you’re okay. So just for the sake of everyone out there, you’re glazing over the CEO right now. We need to get, let’s get, let’s quit quickly to the point. Cause he just fell asleep and we don’t want to lose him. So I’m just being honest. Like, you know, let’s let’s let, because I do want to help. Cause I had this conversation the other day too, with someone that was like, you know, the guy was talking and then like, I saw the CEO getting ready to walk out of the room. And then we said, Hey, by the way, this is what it’s going to do for you. Um, So I do want to get to the security aspects of this. So give me the quick short story of all of that.

Speaker 1 | 33:58.905

Okay. So the main point of that is we’re actively forward across home at the same time, and we’re prioritizing just for convenience. But the reality is any of our traffic can go across any of those at the same time. And what it does is increase our total available bandwidth. You know, just like aggregation would. But they’re not primary or secondary. They’re not tertiary. They’re not low-balance.

Speaker 0 | 34:19.959

It’s all at the same time. Right. It’s all at the same time. So if one drops, it’s like fatal. It’s fail over in, in, in sub milliseconds. It’s not like, there’s not like, it’s not, it’s not load balancing where the switch needs to happen. And the other thing needs to turn on the call is that the voice call is still active. Yeah. Everything is still active because you’re sending like, basically copies of the same packet. If I understand that correctly.

Speaker 1 | 34:48.404

Well, that’s forward error correction, but yes. So forward error correction would sit across two tasks at the same time. You would not notice that you lost the pattern on voice.

Speaker 0 | 34:57.166

Talk to me about security real quick. How does security change? I want to know how security changes in this world because that’s what we were supposed to be talking about, but this is great. And I want to know someone that’s worried about security in this environment and, well, there’s going to be a cloud application to it. And then what about security and how about connecting to third party? I don’t know. Azure, AWS, or something like that? How does that work in this world? So it’s a two-part question, security, then Azure.

Speaker 1 | 35:22.555

Okay, so the first thing is the security, and this is a big topic, but security is no less than your point-to-point VPN tunnel over IPsec or a TLS connection, right? You’re always going to have that unless you do something massive to shut it down. You’re going to always have a secure tunnel on every one of those. We call them an overlay, right? But essentially what it is, it’s an encrypted tunnel that is following the security policy that you built into your SD-WAN solution. But it does it by default. It comes out of the box doing that, right? And then you’ve got to do a lot of work to break it. So that’s the first concern. The second concern with security came in with SASE. What we wanted to do is we wanted to, you know, we’ve understood for most of our career that security is layered. defense in depth, that sort of thing. But really what we wanted is to book in security. We’re tying the firewall, the cloud firewall, the SWIG, the CAS. We’re tying all this stuff in together with SASI, and it’s being integrated with the SD-WAN solution. So now we’ve got clean handoffs between what would have been a, like a debarkation point for a security mechanism. Now it’s all integrated. So we integrated it via ABI. And we’re logically handing off between these things. And what we’re doing is we’re logging to the same SOC for all these services. So now we can have a security team have oversight and verify that we are being effective at making sure the traffic gets there securely and taking off security. So that’s the main security discussion that a lot of people get nervous around.

Speaker 0 | 37:09.054

It allows for checks and balances and it allows for security. It allows for security to have a, just checks and balances. It just allows for checks and balances. I don’t know how else to say that, I guess.

Speaker 1 | 37:21.062

Yeah. Well, in DevOps, we call it feedback, and we use that feedback to trigger a function.

Speaker 0 | 37:26.547

Azure connections, cloud connections in general, speaking with SaaS providers, increasing, not productivity is not the word, if not efficiency, what’s the word? Just feedback. How fast the application works, not, you know, going to the least path, you know, least path, you know, of resistance type of thing. Efficiency, I guess. I don’t know. I’m at a loss for words right now.

Speaker 1 | 37:53.806

Latency.

Speaker 0 | 37:54.806

Yes, quality.

Speaker 1 | 37:55.687

Yeah, but I would say back to inequality because one of our chief quality mechanisms is the latency required for an application to be successful.

Speaker 0 | 38:04.832

Performance. Performance was the word I was thinking of. Okay, so how do we increase performance across applications that are in the cloud? Yeah,

Speaker 1 | 38:12.917

so we can go direct to Azure Reliability Zone. We can go ahead and do that. We can also apply ExpressRoute over to it. And almost every one of these SD-WAN providers have an API that’s already got some sort of built-in. Like in the Velocloud story, they’ve got the Velocloud gateways that are already there at the edge. And it’s really quick to click through and publish.

Speaker 0 | 38:34.052

uh connection and azure i’m just saying i guess my point is do you should you be paying for some sort of additional connection or cloud connection out of azure no you say so my point is my point there to people listening is that is a savings yeah or an offset or an offset i guess but go ahead and dedicate it what

Speaker 1 | 38:54.404

My customers that have dedicated, like, say, going through FNX Cloud Exchange connections into Azure, it’s generally for a transitory type solution, right? So they’re going from on-premise to the cloud, and they’ve got several steps or milestones in the process of doing that. And so what they need those is for two to three years while they transition. But as they get those applications published directly in Azure. Really, you want to leverage TLS security over IP set, and you want to be able to try to go straight from whatever the device is, straight using the applications here, straight into that application.

Speaker 0 | 39:38.268

For people learning, can you explain that?

Speaker 1 | 39:42.211

Yeah, so essentially, we can go to HTTP on anything that’s your SSL or TLS encrypted tunnel that goes to the application. has you build up those applications correctly and they’re published in Azure completely, right? They’re not dependent on data that you have in your data center, right? So they’re just in Azure, or their whole ecosystem is in Azure. They don’t need anything from your premise, right? Now your users need to get access to it and it’s in Azure. They can get onto it through any internet connection if you’ve got correctly published cloud security, you know, from Azure. right you know your software uh gateway secure web gateway you know that sort of function which you know which can be uh you know multiple brands but it’s yeah it’s published right apparently ads with azure now you can guarantee security from the device that’s being used to access the application that’s in azure using that security in the end and you don’t no longer need the product now matter of fact over the next 10 years we’re going to see More than 80% of corporate offices go to like a guest Wi-Fi type solution and have no private network on purpose.

Speaker 0 | 40:56.278

So this comes full circle to what you said at the beginning and last time, which is if you’re routing, you fail. That’s right. I love it. I just really want to like, you know, I want to ruffle as many feathers as possible. I think we might title this episode. If you’re routing, you fail.

Speaker 1 | 41:15.654

Yeah.

Speaker 0 | 41:17.872

journey and went through all the same trial and error and everything that that everybody else is going to have to go through but the reality is it’s a lot of error and failure because it’s i think this has been a a um a very good show i really appreciate it what other words of advice and wisdom do you have i’m sure we could talk for hours but you know what what other what would be if you had one thing to say to people out there listening to it directors and it leaders people that might be um um I don’t know, haven’t seen the light yet, so to speak, or don’t even know, or, you know, because you don’t know what you don’t know, right? Like in, I’ve had, I’ve had 50% of IT leaders, I hate that saying, and I’ve had other people say, you don’t know what you don’t know, literally that they say it, right? So you don’t know what you don’t know. So what would be your one piece of, and how much do we not know, right? It’s like so much, like, especially with how fast the world is changing and different, you know, just providers and the cloud and security and everything. We didn’t really even touch on anything as far as what could happen in your security network. But if you had one piece of advice other than buy your book, which I’m sure they can find on Amazon. Is it on Amazon?

Speaker 1 | 42:29.080

Yeah. All they’re going to do is search Jeremiah again on Amazon. I’m going to talk to him several times.

Speaker 0 | 42:34.124

Jeremiah again. G-I-N-N. Diving into secure access service edge. But if you had one piece of advice or a thing to say, what would it be?

Speaker 1 | 42:42.752

It’s really perpetual learning, which is not effective if you can’t take constructive or criticism feedback. Most of my success in my career is taking negative feedback and turn it into a learning experience where I use this as the hop-off point to start learning something I wasn’t aware of, something I didn’t.

Speaker 0 | 43:02.727

Excellent. Thank you so much for being on the show. This has been a pleasure.

Speaker 1 | 43:06.290

Yes, sir. Thank you so much. I really appreciate being invited.

Speaker 0 | 43:18.281

and well

210-If you’re routing, you fail with Jeremiah Ginn

Speaker 0 | 00:09.565

All right, welcome everyone back to Dissecting Popular IT Nerds. Today, Jeremiah Ginn, an author, author of Diving into Secure Access Service Edge. That’s just the tip of the iceberg, I guess, when it comes to cybersecurity. You put your title as cybersecurity. innovator, which is great. It’s a small field of work. There’s hardly anyone going into security nowadays, as you of course know. There’s very few of you. I was told a while back that using sarcasm is a behavioral derailer. Thank you for being on the show. Your job nowadays is definitely… It’s a wide, it’s very far and wide. And I would love to know how anyone decides on what to focus on at all. But you’ve written the book. So why don’t we just start there? And let’s just start with why the book to begin with. And I don’t talk security too much because it’s definitely not an area of, I would say it’s an area of my expertise as far as knowing everybody and knowing kind of like. who doesn’t know what they’re talking about and who does, but it’s not my area of, I’m not going to be the pen tester. Let’s just put it that way. But let me let you speak for a second. Tell us about the book real quick and why the book and how you got there.

Speaker 1 | 01:32.692

Sure. So what happened was for whatever reason, I got into AT&T product and the SD-WAN Center of Excellence at AT&T. And I ended up working with over 3,000 different customers on SD-WAN over the last five years. Now, the great thing about seeing that kind of volume is that you see the same problems over and over again. You see patterns, right? You see trend analysis. And it just becomes a way of working. And what we found was a lot of times the customers were going through the same learning cycle. We all understand Gartner’s hype cycle. And so you go. You go through and you get this trough of disillusionment, and that’s usually where most of these projects stop for a couple of years.

Speaker 0 | 02:20.290

Can we address that point just real quick? Just because I talk about, we talk about Gartner and people say it’s a pay-to-play model. And then you’ve got some CEOs and C-levels sometimes that say, don’t bring me anything that’s not on the Gartner Magic Quadrant. And okay, that’s fine and good. I see Gartner Magic Quadrant as a snapshot in time. I don’t see it as the real-time finger on the pulse of what a company is actually doing. But you said Troth, and I don’t know. How much value, what can you take from Gartner Magic Quadrant, and why is it glazing people over or creating more confusion than clarity sometimes?

Speaker 1 | 02:58.194

Sure, sure. Well, first of all, as you mentioned, it’s not pure science. It does offer value, though. What we see, the value of the Magic Quadrant, especially when you’re like, I studied 77 different SD-WAN. branded products in my journey, right? And all that was back in 2018 that I studied 77 different brands. What we found was if you look at what Gartner was publishing, what it allowed you to do is say, all there’s this noise, there’s like 70, 100, 1,000 different products that we got to look at. How do I get that list down to 10 or less?

Speaker 0 | 03:33.680

And that’s the same with everything. That’s not just, it’s not even just, I mean, that could be, well, I guess not email. You got Microsoft and Google, you know, but CRM or numerous products, telecom. I mean, you mentioned AT&T. So, you know, there’s there’s a lot of options, period today.

Speaker 1 | 03:54.812

Yeah. And so it’s like, how do I drown out the noise? How do I get focused? How do I create a list of if I’m the CIO for XYZ Corp? How do I get to a manageable number of participants? in a particular market that I can create an educated decision from, right? How do I do that? And so following Gartner allows you to get down to that top 10 or less. You look at the magic quadrant, then you take all those over the upper right-hand quadrant, and then you do a POC, you do an evaluation, you do comparison, and then you look at the financials and you really see… you know, bang for buck, am I getting more than what I’m paying for, you know, in that deal? But it really is.

Speaker 0 | 04:36.700

I don’t know how we got on this tangent, but I love it. I like it because that’s kind of like my day job, right? Because that takes a lot of time, right? So in most IT directors or IT leaderships, they don’t, when they’re doing negotiations, they don’t do them every day, all day, every single day. They’re doing it once a year or every three years or every five years, depending on when contracts roll out, then they’ve got to go, okay, so now. I’m going to go to, where do I start? I’ll go to the magic quadrant, call John down the street, my other buddy that did this. And now let’s start, let’s call these guys up. And oh my gosh, now the sales reps like just hammering me all day long. And then you’ve got, okay, now they come in in the suits and ties or on zoom or whatever it is. And there’s a lot of, I would say, I call it street knowledge or word on the street knowledge that you might not know. So in my example, always is look at Zoom, for example. Ironically, we’re on Zoom right now. Everyone listening. Zoom during COVID. What are they? Are they in the Gartner Magic Quadrant? Yeah, of course. Are they in the upper right hand? I don’t even need to look. I know they are. They have to be in the upper right, right? Because are they the leader in the market space? Yes. Are they printing money right now? Yes. What will the Gartner Magic Quadrant not tell you? during COVID, they stood up, give us a standing ovation. We’re amazing. You know, we’re the leader send out the droves of sales reps to call everybody and convert them, buy out contracts, do all this stuff. What they won’t tell you is how overloaded their operations department was, or they won’t tell you is, yeah, I mean, it’s yeah, it’s going to install. Yep. Smoothly. Yep. You know, I mean, it’s kind of like, like, what do you want to know? What do you want to know? That’s not on the Gartner Magic Quadrant. Well, you need to know, you need to have someone that’s literally done probably a thousand Zoom installs over the last, you know, 10 months to tell you, this is what you need to be prepared for. You need to understand that there’s a project manager that’s a butt in the seat, you know, with a whole stack of orders. You need someone bird dotting your order, bird dogging your order. You need to know who their boss is. You need to be able to escalate to a VP level. You need to be able to walk people through all this stuff. So that’s just my. my two cents on the Gartner thing. It’s only going to get you so far. And then when you mentioned the POC and everything, well, you can mention, you can, as a, as a leader, you could spend three to eight months evaluating all these providers and putting together a spreadsheet with the, you know, different rating, different ratings and weights and measures of who’s better and all this type of stuff that could take you three to eight months. You don’t need to really need to do it that way. And that’s the, that’s the, uh, I guess the secret that we hold behind the scenes here.

Speaker 1 | 07:11.166

Well, that’s a great point because in my book, one of the things, one of the conclusions I got to is 80, 85% of the market for SASE or SD-WAN or SDN, cybersecurity, they’re really going to end up going with a managed service provider model. The reason for that is the managed service providers have enough labor to do a proper evaluation on a consistent basis. They’re following a DevSecOpt. practice where they’re creating an MVP, they’re iterating, they’re improving, and they’re collecting feedback. Most people have such a hard time with criticism, whether it’s constructive or not, that they can’t handle a feedback loop. But people call them every day, tell them, you know, your product’s broken. It doesn’t work. It doesn’t do this stuff. But the managed search writer being a little bit agnostic from the branded solution can then be that advocate for you and they can analyze all that stuff and have enough labor to go after it. That was one of the conclusions I got to was the evolution of software is new releases every three weeks, new generations of technology every 18 weeks because of DevOps.

Speaker 0 | 08:18.250

Right. It’s insane. It’s insane. I just thought about going down a rabbit hole and I’m in my head right now. I’m realizing that we can’t do that because that’ll be like another show. Why the title for the book?

Speaker 1 | 08:34.259

Really, it’s about… getting off the dime and getting it done. So, you know, really when we talk about, you know, getting into something that we don’t know the details about, you know, we’re diving into it to where we can go through the learning process to be able to get started. We saw hundreds of large enterprise companies, probably more than half to Fortune 500, take three years with very talented IT staffs to get 10 sites. out of a thousand installed with SD-WAN. Three years to get 10 sites out of a thousand or more. Some of these companies had 20 or 30,000 locations and it took them three years to get the first 10 sites installed because of the paradigm shift going from routing to SD-WAN.

Speaker 0 | 09:18.755

Okay. So that’s a good, it’s so crazy that we’re talking about this right now. Cause I remember we spoke about this a week ago before we decided to do this thing. And in between that time and now I’m dealing with… somebody that’s considering um they’re basically doing a isp consolidation okay or isp um renegotiation and looking at fiber and backup and tertiary backup and all this stuff right and they made one comment to me we’re thinking of going bgp i was just like that’s interesting that they just said that’s a lot you Yeah, you know, like we’re thinking of going BGP and I’m thinking to myself, and then it started to kind of all come together like, okay, so this is why you need a cloud connect to Azure. Okay. And I’m thinking, okay, so why not consider, you know, SD-WAN? And to some people, it just seems kind of like, it’s just that like thing that they heard about. like maybe as familiar with it as you and me, or they looked at some providers and they were all garbage or they looked at, or it didn’t, it didn’t make sense. It was more of an SD-WAN light with a, with an equipment piece sitting at the edge. It wasn’t really like a fully meshed network with backhauling data and everything that you want. And security was a big question mark around it. Well, how are we going to secure this? We’re going to have to, you know, go Fortinet or we’re going to have to go Meraki or something. You know, there’s like all these kind of like all these questions that, that were. you know, coming up. And I thought, you know, you just need to talk with, you know, you need to talk with a good Velocloud person. You need to talk with, you know, at least, you know, I’m a big fan of Cato when it comes to international and getting around the, you know, Chinese firewalls, you know, at least just, you know, talk with these people because you might not have to do that heavy lift yourself and you might not see it now, but it’s, like you said, it could be, you know, two years later and we’re still not, we’re really not operating like we imagined it or needed it to. It’s kind of just like a like a pipe dream right now. And then, you know, they’re talking about what we need, you know, you know, disaster avoidance redundancy with the data centers for for, you know, like ERP in case in case, you know, the Internet connection to this, you know, ERP, you know, whatever server that we have sitting here on site goes down. And we need to be able to have it, you know, active, active replicate over here. And that’s that’s why BGP. So talking to you, what do you have to say from, you know, hearing all that story?

Speaker 1 | 11:39.428

Well, the first thing is when you said you mentioned BGP, the main point in SD-WAN is if you’re routing, you failed. SD-WAN is secure forwarding of data based on a layer seven knowledge of where that data is going to go.

Speaker 0 | 11:54.300

This is great. No one’s ever said that. And I’ve been doing this for a long time. But I want you to, yes, to keep talking.

Speaker 1 | 12:02.807

Sure, sure. So there was a lot of questions. you know, maybe 2020, because as some players got more aggressive in SD-WAN, there was a discussion of, do you need DPI, deep packet inspection? And the answer is 100% of the time, yes, because without it, so what we’re doing with DPI is we’re just being aware of the application, right? We’re learning layer seven, we’re trying to associate the application with a forwarding policy, a quality policy, and a security policy, right? So It should always be forwarded and secure. So without DPI, you’re going to have to create some sort of policy that says this IP address equates to this application. The reality is what we want to do is we want to use a secret sauce. Like you mentioned Velocloud, right? VMware, NSX, SD-WAN, right? But Velocloud, you know, that company went to market, went gangbusters with like 75 employees on the payroll. And what they did was they did a lot of really cool summarization. It’s awesome. I told you that.

Speaker 0 | 13:06.468

And now they sold to VMware in Cheching.

Speaker 1 | 13:09.589

Yeah. Yeah. Well, they did a good job. But one of the things I learned from the Velo guys, the original guys over there, was really, you know, we were trying to get SD-WAN to conform to the way we’ve done routing for the last 40 years of the market or however long we’ve been using it in production. We’ve been trying to get it to conform. And the reality is what they’ve done is they’ve eliminated the need for us to do. crazy, predictive policy-based design. We’re using the same word policy, but we’ve got two different contexts. So like policy-based routing, especially the way Cisco does policy-based routing, is prescriptive routing. It is forcing the packet to do exactly what you tell it to do, when you tell it to do it, how you tell it to do it, right? With SD-WAN, we’re taking a hands-off approach. Our policy is more of a statement of a goal that we want the traffic to use whatever. First path, whatever layer one, layer two, layer three mechanism gives us the best quality tied back into our quality policy and keeps us consistently secure based on a security policy. We didn’t have that in the routing world. We had prescriptive routing, right? Which we call policy-based routing, but it was really prescriptive. And with SEWAM, we got to kind of take the opposite approach, do a hands-off and say, hey, I want your secret sauce to do its job. And I want to lightly tell it what my goals. Does that make sense?

Speaker 0 | 14:31.096

Yeah, it’s amazing. I want to hear you answer the question about data center failover, active-active.

Speaker 1 | 14:40.838

Sure. Well, first of all, the problem with cloud computing is it’s a marketing term. So what cloud computing looked like at Google is you could go cut the electricity in any one of their data centers and nobody knew the difference except for their NOC resources, the people in operations watching it.

Speaker 0 | 14:59.043

Should be.

Speaker 1 | 14:59.704

Yeah, how it should be. When we went to cloud computing, it was just basically a rebranding, a marketing rebranding of data center hosting or hosting of compute.

Speaker 0 | 15:10.907

Yeah, that’s like the famous meme, you know, like the cloud is just somebody else’s computer, right?

Speaker 1 | 15:16.628

That’s right.

Speaker 0 | 15:18.068

That’s not like this. But go ahead.

Speaker 1 | 15:20.909

So you have to think about how you get it to the application, where the application is resilient. So you don’t want ActiveAct. What would you? want is you want to securely forward across all available paths to that end destination. And what you want is an application model that looks kind of like a load balancer sandwich model. Are you familiar with that term?

Speaker 0 | 15:42.397

I mean, I’m familiar with load balancing. I’m familiar with sandwiches. You know, I mean, I’m usually thinking I’m not familiar with the load balancing sandwich model. I’m definitely familiar with aggregation and application stacking and that type of thing. But go ahead.

Speaker 1 | 15:58.880

Sure. Well, let’s go on a limb and let’s assume whatever application we’re using is built with redundancy in mind, not active, active, not active, standby, not active, failover. Right. None of those mechanisms, because those mechanisms work us down into a worst case scenario, right? So let’s imagine we’ve got a global load balancer that’s based on DNS, that the application exists in 12 data centers, and you’re going to send the workload wherever closest.

Speaker 0 | 16:28.036

based on yes i love you for i love you for putting it that way all right so why should i go yeah why should i go all the way to seattle when i can go to houston if i’m in i don’t know kansas that’s right they’re right so that’s the external load balancing based on the application is that did i understand that correctly as in late oh yeah yeah yeah just

Speaker 1 | 16:46.931

making sure synthetic uh transaction testing and where we’ve got a pretty good idea of of our performance levels. And so sometimes when you’re on the application side of the house, you’re creating a model and you’re like, dude, I’ve got tons of capacity, but my end user experience is suffering. I don’t know why. Right. So a lot of times that synthetic transaction testing allows us to get a prediction of what the end user experience is going to be. And what we’ve found is over the last couple of years, tons of CIOs, their actual paycheck is tied to a end user experience score.

Speaker 0 | 17:21.947

Of course. Yeah. Not only that, and that’s another side topic, but I think, and this is just a suggestion for IT directors that are out there that are having a hard time getting their executives to understand their value to the company, right? Because a lot of times it’s like, how do we get executives to understand that I’m valuable or that I’m creating value? Well, you just said there’s a scorecard. You need to create a scorecard for yourself or be able to score yourself. the the it and you just mentioned a scorecard right that the seat that the the sea like a internal nps score yes yeah like an end user experience but what else can you do if you don’t have that you can create one for yourself or you can go to your executive and say hey i would like a model that’s more management by business of objectives and that’s called an mbo an mbo for people that don’t know what that is out there because a lot of higher level enterprise companies or mid-market companies have MBOs connected to their IT director. And that scares some IT people because it’s based on performance, but you can bonus based on performance. So you can make more money. So if you feel like you’re just a line item, you’re just stuck in a cost center, line item on the budget, being squeezed as much as you can all the time. offer an mbo connect your it department to all the other departments in the company and say if we do better if we increase efficiency if we increase end user performance which is based on these metrics and these uh kpis i want to get paid more money and if i don’t then i guess i don’t know put me on a performance improvement plan or something i don’t know who knows i mean maybe you don’t want to go that far but um i know i i think a performance-based culture which i

Speaker 1 | 19:01.668

also talk about in the book is it’s positive and negative, right? So you’ve got to understand when you’re underperforming, you’ve got to understand when you’re overperforming, and you’ve got to kind of take the emotion out of it, right? So football players take negative criticism really well, right? They learn how to take that and use it as a motivator to improve their performance. But the human population on a whole, whenever you give them constructive criticism, they melt.

Speaker 0 | 19:31.664

then they have a hard time with us the funny thing is when you get that though when you get that though you live you live more it might be scary you might be scared it might be scary it might be i’m not just showing up and feeling comfortable in life but how i think people don’t realize that being uncomfortable in life and and going in and pushing beyond the boundaries that you’re the things that make you uncomfortable and then pushing beyond those that’s when we really start to kind of I don’t know, feel alive and kind of more invigorated. That’s just my point. I think stress sets in honestly, when you’re not doing that. And when you’re not living to your full potential or really pushing yourself, it’s kind of like you get stressed when you’re like, I wonder if I’m going to have a job today when I come into work. That’s when stress comes in. We’re not really, when you’re not really pushing this. Okay. So anyways, back to the routing and BGP and failover. And so how does that work when you’ve got two data centers that you’ve been thinking about doing BGP routing? you know like how does that fail over no no we’re good like like you know atomic bomb hits one data center like you know what it doesn’t matter because now the data center is going to just pick up the remaining traffic but at least you’re using both of them at the same time that’s what i’m understanding you’re saying yeah well that’s a deep design issue but from the sd lamp perspective what your goal is is to forward across all available paths to all available destinations where the application resides right so you’re at all times in real time and being the most efficient possible, not paying for something that you, and not using it. Yeah,

Speaker 1 | 21:02.357

your job is to get it there securely and safely and on time with the right quality mechanism in it, right? And you’re measuring against those quality mechanisms. You’re actively doing that as part of the SD-WAN secret sauce.

Speaker 0 | 21:17.110

So where are people going to get hung up on this? I think you hinted at it when you said you’re not routing. You’ve got to make that paradigm shift. You’re no longer routing. And maybe you feel like that’s your job, because I’m a router. Well,

Speaker 1 | 21:31.460

2018 and 2019, I got cussed out on a regular basis. I got cussed out by CCIEs that were amazing engineers that had been doing this for 20 to 30 years. Some of them were really low CCIE numbers. They’re like, it doesn’t work like that, Jeremiah. You can’t tell me that. They’d cuss me out and refuse to talk to me for six months. Then they would call me back six months later, apologize, and then ask me to teach them what I was trying to teach them the first time. And the reason for that is all of our understanding of network engineering is based on electrical engineering, which ties into computer systems engineering. So if you follow the bouncing ball, what happens is if you understand the way the electricity works as it flows through the router’s main board, Has it applies to the network interface? Has it functions through there? Every generation of technology, you could run a calculation and tell what that device is going to do, right? So you can calculate it forward and backwards. You can reverse engineer it. You can understand all of this. And so a lot of people don’t think about this consciously. But the guys that trained me back in 1997 had 42 years of electrical engineering experience, and they started teaching me how to work on Cisco router. And from the main board up, all of that is electrical engineering. And you’ve got to understand when you’re configuring the router, how that applies to the way everything’s going to work, you know, through the boards, through the cards, through, you know, through everything there, because the behavior is governed by electrical engineering theory.

Speaker 0 | 23:08.429

Do you think people actually do that? I don’t think anyone’s thinking. I don’t think I don’t think the general. You guys. thinking about electricity and how it flows through a router i mean that’s pretty deep yeah i think they know routing protocols i think they know like how to configure something you know what i mean yeah that’s what from decimal to x to binary would

Speaker 1 | 23:31.883

that’s effectively what we’re doing is we’re trying to communicate with electrical engineering signaling on the device uh and we do that in form of commands like all the you know the 30 year ccies They know all the commands by heart. They can do it in their sleep. And, you know, you say, hey, I got this problem. They’ll spit out a command to you. You type in that command. It’s going to give you the where it hurts model so you can fix it. Right? You can make it better. But all that’s based on electrical engineering. So maybe they don’t, you know, I don’t think they’ll think about it consciously, but that’s really where it’s coming from. And all those commands we’re putting in the router are really converting it to where you can leverage the machine to work the way the machine is designed to work. which comes from all that theory. Now, when we go to virtual machines, right, we’ve got a hypervisor that disaggregates our relationship with the operating system, which disaggregates our relationship with the board functionality. We, again, at this point, don’t care how it works, right? It’s like… um you know do we care whether our water meter on our house is analog or digital no no we we don’t care you know what what’s governing the flow we just expect it to flow the base the capacity of the pipes right so if i’ve got a two inch water pipe it’s going to flow x amount of gallons per hour no matter what we do so long as it’s flowing optimally there’s no uh clogs of the plumbing we don’t care about that so now we get over to st-wan we got st-wan that’s that’s disaggregated at least a couple levels software-defined networking mechanisms. And so now what we do is we’re essentially using some sort of an abstracted code that is interfacing at those levels where we used to hands-on keyboard, you know, doing the command line interface type work, the CLI type work. So now we’ve got to take a lot of that stuff for granted or we have to accept that it’s going to work as a design, which was one of the early things with Bellacloud. that I had so much trouble with is I had to take the word for it, how it worked. And I didn’t like that, right? Because here I am, a network engineer that’s been doing this for 20 some odd years, 25 years at this point. And I’ve got all this experience and I’ve implemented hundreds of thousands of Cisco devices. So I know how all that works. But I had to stop and say, this is a new paradigm. This is that point. where it changed. Not like every three years we’d been changing. This is a complete different change, a complete disaggregation. And I’ve got to look at it differently. I’ve got to look at it from the programmer’s viewpoint. The programmer says, my application needs to work. It needs to work within a certain level of quality. It needs to provide a quality user experience, and it needs to be secure.

Speaker 0 | 26:21.688

Understood. Understood. Why should we do it this way, other than it’s just the new thing? That’s not new. That’s not new anymore. Okay. So it works better. How?

Speaker 1 | 26:32.232

Well, the first thing, let’s talk about management operations. I can manage a thousand devices in the same labor cycle as I can manage 10 devices the old way.

Speaker 0 | 26:40.717

Because?

Speaker 1 | 26:42.158

Yeah, because the object modeling, right, when we look at the SD-WAN secret sauce, one of the things it’s going to do is it’s going to relate to the device in kind of an object model basis where I can. simultaneously upgrade a thousand devices and it’s got a one-to-one with each of those thousand devices whereas the old way i would have used a script so i would have grabbed uh you know i would have pushed out a script to all yes this is and i would have expected you know 92 to 97 and and assumingly assumingly that’s

Speaker 0 | 27:16.538

harder to do and time consuming and in the new way you can do that more often if you if you have a bunch of jobs come through more often so you don’t have to your network doesn’t have to be um i don’t know kind of waiting for an upgrade i don’t know how else to say that i guess but i understood understood it’s easy to manage uh endpoints i guess really not as endpoints or kind of as endpoints you don’t have to manage a bunch of individual routers or at least in a meraki case you don’t have to log into each router and make changes you can make it across your entire network easier um did i understand that correctly yeah yeah and it’s the relationship of the tools so we’ve spent the last

Speaker 1 | 27:50.798

20 years trying to develop tools. Like I used one point Cisco works to, to be able to control the the code and the devices and to be able to update it and audit it. And it was, it never worked correctly. This works correctly because we’re not going all the way down. What we’re doing is we’re auditing and real time, all the configurations because they’re tied back to the policy on the device. Right. The policy management is keeping all the policies in sync across the board. And what we’re able to do is like, I think I did 2,900 routers, the configuration and the operating system in like, I want to say it was 20 minutes twice. So 40 minutes, you know, upgraded 2,900 routers, you know, using this type of model, you know, using Ansible, right? And. that was not a way that physical routing center worked. Does that make sense?

Speaker 0 | 28:52.012

And now with the SD-WAN?

Speaker 1 | 28:54.053

It’s 15 seconds, right? Yeah, 15 seconds. Okay.

Speaker 0 | 28:59.355

So I just wanted to make sure that we were clear, like the difference, right? You know, that was still 40 minutes. This is, yeah, 15 seconds. Okay. What else? Other than just making changes to routing, I mean, just why? What else? Well, it’s not just that. I mean, it’s like location stacking. It’s all the other tools on top of it. It’s bandwidth aggregation. It’s packet inspection. It’s forward error correction. It’s cleaning up QoS. It’s making the Internet better. It’s I mean, I can. What else do we have that I am forgetting?

Speaker 1 | 29:31.009

Well, let’s just say. So years ago, we tried to do layer-through-aggregation a bunch of different ways, right? I used to have a thing called a packeteer, and I could basically take multiple T1s and bond them together. And then we came up with ATM inverse mocks IMO, which allowed us to effectively do that. So we basically created kind of an inverted belly button model with a telco, and we could aggregate multiple circuits together and create a kind of a fake ATM circuit and talk back natively to their ATM. switch.

Speaker 0 | 30:03.974

Just speak, Hey, just speaking to the microphone a little bit more, cause you’re getting farther away. I can tell. And this is so, this is so, I need this to be clear, but go ahead.

Speaker 1 | 30:13.976

Okay. So let’s take a look at bandwidth aggregation with SEM. So I’ve got a customer and not focused on any one brand because I’ve got at least 10 different branded SEM solutions. A little bit in the same way. This customer has four active. circuits at all time in every one of their locations and they have the ability to plug in a fifth which is a v-set at any time right so so if i i e l or v-set okay never mind yeah i’m not i’m not a satellite that’s funny no so we brought satellite back because natural disasters um you know take out a lot of the right i get it but like i mean what are you saying is v-set the fifth option over lte what about lte well

Speaker 0 | 31:02.990

point lte’s down okay hurricane you know tornado whatever right okay i got you make sense make sense yeah so uh so we mentioned we got fiber and then we got fiber then we got cable then we’ve got uh a bonded copper lte fixed wireless point line of sight and satellite okay um we got them all what

Speaker 1 | 31:30.318

the normal conversation with the average network engineer, network manager, is going to be, okay, so what’s primary and what’s secondary? I’m like, no, they’re all primary, right? And by policy, what we’re going to do, we’re going to forward across all of them, right? But let’s say, like, say they’ve got MPLS, they’ve got some sort of dedicated internet, then they’ve got broadband, the LTE, and then satellite’s number five, right? So we’re going to put them in, and it’s obviously cheaper for me to run over broadband. But I’m going to be concerned about anything that’s super latency sensitive, anything especially critical like my RTP traffic, my voice traffic. And so I’m going to prioritize my voice traffic and probably one to five applications to run over MPLS because I can trust the SLA. So I’m going to have a five guidance SLA that’s contracted with my search provider. So I’m going to have maybe 10 to 20% of my bandwidth is going to be MPLS. Then I’m going to have a… maybe 30 to 7% of my bandwidth is going to be some sort of dedicated interaction solution. It’s still a bit of fire, but it’s a commercial-grade type enterprise. And then I’m going to have probably at least that much bandwidth and maybe four or five times the bandwidth I need on broadband because it’s cheap. Right? And then I’m going to have whatever I could get locally out of the LTE, the 5G, the whatever, from a fixed mobile type of access. And then I’ll have satellite, which will give me whatever it can get, right? So now I’ve got all these out there, and I’m going to prioritize my RTP traffic with the most reliable circuit. And then I’m going to prioritize my business traffic for most applications. It’s going to go across identity and internet access because I’ve got tons of bandwidth. I’m going to have my bolt load track.

Speaker 0 | 33:27.667

Okay. Look, look, you’re okay. So just for the sake of everyone out there, you’re glazing over the CEO right now. We need to get, let’s get, let’s quit quickly to the point. Cause he just fell asleep and we don’t want to lose him. So I’m just being honest. Like, you know, let’s let’s let, because I do want to help. Cause I had this conversation the other day too, with someone that was like, you know, the guy was talking and then like, I saw the CEO getting ready to walk out of the room. And then we said, Hey, by the way, this is what it’s going to do for you. Um, So I do want to get to the security aspects of this. So give me the quick short story of all of that.

Speaker 1 | 33:58.905

Okay. So the main point of that is we’re actively forward across home at the same time, and we’re prioritizing just for convenience. But the reality is any of our traffic can go across any of those at the same time. And what it does is increase our total available bandwidth. You know, just like aggregation would. But they’re not primary or secondary. They’re not tertiary. They’re not low-balance.

Speaker 0 | 34:19.959

It’s all at the same time. Right. It’s all at the same time. So if one drops, it’s like fatal. It’s fail over in, in, in sub milliseconds. It’s not like, there’s not like, it’s not, it’s not load balancing where the switch needs to happen. And the other thing needs to turn on the call is that the voice call is still active. Yeah. Everything is still active because you’re sending like, basically copies of the same packet. If I understand that correctly.

Speaker 1 | 34:48.404

Well, that’s forward error correction, but yes. So forward error correction would sit across two tasks at the same time. You would not notice that you lost the pattern on voice.

Speaker 0 | 34:57.166

Talk to me about security real quick. How does security change? I want to know how security changes in this world because that’s what we were supposed to be talking about, but this is great. And I want to know someone that’s worried about security in this environment and, well, there’s going to be a cloud application to it. And then what about security and how about connecting to third party? I don’t know. Azure, AWS, or something like that? How does that work in this world? So it’s a two-part question, security, then Azure.

Speaker 1 | 35:22.555

Okay, so the first thing is the security, and this is a big topic, but security is no less than your point-to-point VPN tunnel over IPsec or a TLS connection, right? You’re always going to have that unless you do something massive to shut it down. You’re going to always have a secure tunnel on every one of those. We call them an overlay, right? But essentially what it is, it’s an encrypted tunnel that is following the security policy that you built into your SD-WAN solution. But it does it by default. It comes out of the box doing that, right? And then you’ve got to do a lot of work to break it. So that’s the first concern. The second concern with security came in with SASE. What we wanted to do is we wanted to, you know, we’ve understood for most of our career that security is layered. defense in depth, that sort of thing. But really what we wanted is to book in security. We’re tying the firewall, the cloud firewall, the SWIG, the CAS. We’re tying all this stuff in together with SASI, and it’s being integrated with the SD-WAN solution. So now we’ve got clean handoffs between what would have been a, like a debarkation point for a security mechanism. Now it’s all integrated. So we integrated it via ABI. And we’re logically handing off between these things. And what we’re doing is we’re logging to the same SOC for all these services. So now we can have a security team have oversight and verify that we are being effective at making sure the traffic gets there securely and taking off security. So that’s the main security discussion that a lot of people get nervous around.

Speaker 0 | 37:09.054

It allows for checks and balances and it allows for security. It allows for security to have a, just checks and balances. It just allows for checks and balances. I don’t know how else to say that, I guess.

Speaker 1 | 37:21.062

Yeah. Well, in DevOps, we call it feedback, and we use that feedback to trigger a function.

Speaker 0 | 37:26.547

Azure connections, cloud connections in general, speaking with SaaS providers, increasing, not productivity is not the word, if not efficiency, what’s the word? Just feedback. How fast the application works, not, you know, going to the least path, you know, least path, you know, of resistance type of thing. Efficiency, I guess. I don’t know. I’m at a loss for words right now.

Speaker 1 | 37:53.806

Latency.

Speaker 0 | 37:54.806

Yes, quality.

Speaker 1 | 37:55.687

Yeah, but I would say back to inequality because one of our chief quality mechanisms is the latency required for an application to be successful.

Speaker 0 | 38:04.832

Performance. Performance was the word I was thinking of. Okay, so how do we increase performance across applications that are in the cloud? Yeah,

Speaker 1 | 38:12.917

so we can go direct to Azure Reliability Zone. We can go ahead and do that. We can also apply ExpressRoute over to it. And almost every one of these SD-WAN providers have an API that’s already got some sort of built-in. Like in the Velocloud story, they’ve got the Velocloud gateways that are already there at the edge. And it’s really quick to click through and publish.

Speaker 0 | 38:34.052

uh connection and azure i’m just saying i guess my point is do you should you be paying for some sort of additional connection or cloud connection out of azure no you say so my point is my point there to people listening is that is a savings yeah or an offset or an offset i guess but go ahead and dedicate it what

Speaker 1 | 38:54.404

My customers that have dedicated, like, say, going through FNX Cloud Exchange connections into Azure, it’s generally for a transitory type solution, right? So they’re going from on-premise to the cloud, and they’ve got several steps or milestones in the process of doing that. And so what they need those is for two to three years while they transition. But as they get those applications published directly in Azure. Really, you want to leverage TLS security over IP set, and you want to be able to try to go straight from whatever the device is, straight using the applications here, straight into that application.

Speaker 0 | 39:38.268

For people learning, can you explain that?

Speaker 1 | 39:42.211

Yeah, so essentially, we can go to HTTP on anything that’s your SSL or TLS encrypted tunnel that goes to the application. has you build up those applications correctly and they’re published in Azure completely, right? They’re not dependent on data that you have in your data center, right? So they’re just in Azure, or their whole ecosystem is in Azure. They don’t need anything from your premise, right? Now your users need to get access to it and it’s in Azure. They can get onto it through any internet connection if you’ve got correctly published cloud security, you know, from Azure. right you know your software uh gateway secure web gateway you know that sort of function which you know which can be uh you know multiple brands but it’s yeah it’s published right apparently ads with azure now you can guarantee security from the device that’s being used to access the application that’s in azure using that security in the end and you don’t no longer need the product now matter of fact over the next 10 years we’re going to see More than 80% of corporate offices go to like a guest Wi-Fi type solution and have no private network on purpose.

Speaker 0 | 40:56.278

So this comes full circle to what you said at the beginning and last time, which is if you’re routing, you fail. That’s right. I love it. I just really want to like, you know, I want to ruffle as many feathers as possible. I think we might title this episode. If you’re routing, you fail.

Speaker 1 | 41:15.654

Yeah.

Speaker 0 | 41:17.872

journey and went through all the same trial and error and everything that that everybody else is going to have to go through but the reality is it’s a lot of error and failure because it’s i think this has been a a um a very good show i really appreciate it what other words of advice and wisdom do you have i’m sure we could talk for hours but you know what what other what would be if you had one thing to say to people out there listening to it directors and it leaders people that might be um um I don’t know, haven’t seen the light yet, so to speak, or don’t even know, or, you know, because you don’t know what you don’t know, right? Like in, I’ve had, I’ve had 50% of IT leaders, I hate that saying, and I’ve had other people say, you don’t know what you don’t know, literally that they say it, right? So you don’t know what you don’t know. So what would be your one piece of, and how much do we not know, right? It’s like so much, like, especially with how fast the world is changing and different, you know, just providers and the cloud and security and everything. We didn’t really even touch on anything as far as what could happen in your security network. But if you had one piece of advice other than buy your book, which I’m sure they can find on Amazon. Is it on Amazon?

Speaker 1 | 42:29.080

Yeah. All they’re going to do is search Jeremiah again on Amazon. I’m going to talk to him several times.

Speaker 0 | 42:34.124

Jeremiah again. G-I-N-N. Diving into secure access service edge. But if you had one piece of advice or a thing to say, what would it be?

Speaker 1 | 42:42.752

It’s really perpetual learning, which is not effective if you can’t take constructive or criticism feedback. Most of my success in my career is taking negative feedback and turn it into a learning experience where I use this as the hop-off point to start learning something I wasn’t aware of, something I didn’t.

Speaker 0 | 43:02.727

Excellent. Thank you so much for being on the show. This has been a pleasure.

Speaker 1 | 43:06.290

Yes, sir. Thank you so much. I really appreciate being invited.

Speaker 0 | 43:18.281

and well

Share This Episode On:

HOSTED BY PHIL HOWARD

Dissecting Popular IT Nerds Podcast

Weekly strategic insights from technology executives who understand your challenges

Are You The Nerd We're Looking For?

ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.

QR Code