Science is About Discovering the Truth

As someone who works in IT, I hear and read a lot of comments about science. One common but unfortunate claim is that “science is not about finding truth.” While I won’t get into what I think are the hidden philosophical reasons behind this claim, I do want to at least respond to it. It’s a short response.

The word science comes from the Latin scientia, meaning knowledge.

Plato said that knowledge is “justified true belief.” I’m not a big fan of Plato, but this is a good definition. Put another way, knowledge is what you believe to be true (a) that actually is true and (b) for which you have reason to believe is true. That’s less concise, but it hits all the important points.

If that’s not convincing, we could just skip to Encyclopedia Britannica, which says:

In general, a science involves a pursuit of knowledge covering general truths or the operations of fundamental laws.[1]

But a practical matter, if science isn’t about finding truth, then why should anyone care about it at all? If the purpose of science isn’t to discover truth, then it’s nothing more than fictional storytelling.

Why People Still Haven’t Adopted IPv6 (And Why You Should Learn It Anyway)

It’s 2017, and if you haven’t learned IPv6 yet, well, you’re not the only one. In December 2016, IPv6 turned 18 years old. Children who were in the womb when RFC 2460 was being drafted are now old enough to vote, get married, and purchase firearms in some states.

In honor of IPv6’s 18th birthday, allow me to share my theories on why people have been so slow to adopt IPv6. And why you still should consider learning it.

The “Lame name” theory

IPv6 terminology makes it sound like a new version of IPv4 and it’s not. It’s a totally different protocol with a similar name. If you’re familiar with the confusion between Java and JavaScript, you know what I’m talking about. People who set out to learn IPv6 are disappointed when they find out it’s almost nothing like IPv4.

The “Let’s split DHCP in half and spread its most popular functions across two protocols” theory

DHCP for IPv4 can provide clients with IP addresses, DNS servers, default gateways, TFTP servers, and pretty much anything else. DHCPv6 doesn’t have an option for providing a default gateway. If you want to push a default gateway to IPv6 clients, you have to use SLAAC.

The “all things to all people, places, animals, plants” theory

IPv4 has only a few address types that anyone actually uses. Colloquially, they’re public, private (RFC 1918 addresses like 192.168.1.1), and multicast (which includes broadcast). IPv6 has approximately one zillion different address types, including unique-local, link-local, unspecified, and global unicast. Although there are technical justifications for some of these, the plethora of address types makes no sense to anyone who doesn’t deeply understand why “layer 2” is even in the IT lexicon.

The “IPv4 apocalypse” theory

We’ve all heard the constant chicken-little talk about how we have to move to IPv6 yesterday or the internet will die. Driving this is the myth that all IPv4 addresses are gone. They’re not, and the U.S. government is sitting on tens of thousands it’s never going to use. What really happened was that in 2011, the Internet Assigned Numbers Authority (IANA) assigned the last of its available IP address space to regional internet registries (RIRs) which are responsible for doling out addresses. But the IPv4 addresses didn’t just go away. They still exist, and many of them are unused and can be reassigned.

The “NAT is a tool of the devil” theory

If you ever want to have fun, go on any IT forum and ask, “Why do we need IPv6 when we have NAT?” Actually, don’t. That would be trolling. But if you were to ask that question, you’d probably get a few responses hating on IPv4 NAT as a tool of the devil, which IPv6 will save us from… except it does NAT, too.

The “Why do I need both again?” theory

Implementing IPv6 almost always requires a multihomed (dual-stack) implementation, which people figured out about 30 years ago was a bad idea with IPv4 because it confuses everybody. IT admins translate this as, “More work for me.”

The “Because we can” theory

There are enough IPv6 addresses for every cell in your body to have its own internet. Seriously? This, like NAT, is another non-reason to adopt it. Yes, it’s cool that I can give my Uncle Milton’s ant farm its own Internet. But as far as business justification goes, nope.

Why you might want to learn IPv6 (hint: money)

Although IPv6 has been poorly marketed, it’s still worth learning. In fact, I believe in IPv6 so strongly that I’ve created several Pluralsight courses on configuring and troubleshooting it.

Here are three big reasons to consider adding IPv6 to your set of skills:

  • It’s is like a sports team. The big boys are rooting for it. I’m talking about Cisco, Juniper, ISPs, Google, et alia. They want to see it win, and they’ll pay to make it happen. If you know IPv6, you can be on the receiving end of some of those payments.
  • The confusion and complexity around IPv6 has made experts that much more valuable to companies who have already invested in IPv6 infrastructure.
  • If you know IPv4, IPv6 isn’t that hard to learn once you realize that it’s a distinct protocol and not a new version of IPv4.

For further IPv6 learning, check out my Pluralsight courses:

Troubleshooting IPv6 at the desktop:

Practical Networking

Configuring and troubleshooting IPv6 on Cisco routers:

Basic Networking for CCNP Routing and Switching 300-101 ROUTE
Troubleshooting Cisco Networks: IPv6 Routing Protocols for CCNP R&S 300-135 TSHOOT

You failed your CCNP exam. Now what?

You took one of the Cisco CCNP Routing and Switching certification exams. You went to the exam center, sat down, and started the exam. About 2 hours later, you saw the dreaded news appear on the screen:

You didn’t pass.

I’ve failed certification exams in the past, so I can relate to the facepalm-worthy feeling you get when you realize you dropped a couple of Benjamins on an exam that you just failed. I know the feeling of wanting to give up, the thoughts of thinking that this whole certification thing is stupid, and the desire to assign blame to whomever or whatever led to your failure.

Failing certification exams is a reality of any IT professional. And from what I’ve seen, sadly, not many people handle failure very well. I want to talk through this.

This isn’t meant to be a pep talk or a “you’ll do better next time” motivational speech. Neither is it meant to be an assignment of blame to you or anyone else. Rather it’s a cold, hard look at why you failed, and how you can pass next time.. or the time after that.

Why you failed

I’ve taken a lot of Cisco certification exams and read a lot of Cisco books over the years and I’ve noticed a pattern. Cisco likes to play off of common misconceptions and little known technical facts. Here’s a non-real but representative example:

Two switches are connected via an 802.1Q trunk. You delete the switched virtual interface for VLAN 1 but both switches still exchange CDP messages. What will prevent CDP messages from traversing VLAN 1 without affecting Cisco IP phones?

Select the best answer:

A. Prune VLAN1 from the trunk

B. Disable VLAN1

C. Disable CDP globally

D. Disable CDP on the trunk

E. None of these

If you’ve watched my Pluralsight course series on the CCNP SWITCH exam, you’ll recall that you can’t disable VLAN1 or prune it from a trunk. Well, you can try to prune it, but CDP messages will still pass. But do you disable CDP globally or just on the trunk interface? This is where obscure knowledge comes in. Cisco IP phones use CDP to get voice VLAN information, so disabling CDP globally is out. That leaves only two answers: disable CDP on the trunk interface or none of the above. Disabling CDP on the trunk interfaces will certainly stop the CDP messages from moving between the switches, and it won’t affect Cisco IP phones since CDP messages never leave a collision domain.

Now here’s the thing: I made that question and answer up on the fly. You have to be able to do that if you want to do well on the exam.

The exam blueprint is like The Oracle, and sometimes just as wrong

If you remember The Matrix movies, you’ll remember the Oracle, a computer program that supposedly knows all. After seeing the Oracle for the first time, Neo asks Morpheus how accurate the Oracle’s “prophecies” are. Morpheus responds with something to the effect of, “Try not to think of it in terms of right and wrong. The Oracle is a guide to help you find the path.” Not surprisingly, it turned out the Oracle was kinda wrong on some stuff.

Well, the blueprint is a lot like that. It has stuff that never shows up on any exam. This is mainly because if the exam covered the entire blueprint, it would be 8 hours long. It also leaves off some topics that do appear on the exam. The lesson here is don’t depend on the exam blueprint. Make sure you know the topics for prerequisite and related exams. If you’re taking CCNP SWITCH, make sure you know the topics for ROUTE. If you’re taking TSHOOT, make sure you know ROUTE and SWITCH. Of course, make sure you know all the CCNA R&S topics upside down and backwards.

Each exam blueprint is a guide. It’s a guide to the other exam blueprints.

How to pass next time.. or the time after

If you’ve already taken a CCNP exam, the next time you go in to take the same exam, you’re technically “brain dumping” parts of it. I’m not talking about cheating. I mean you’ve seen the exam already, and you have a feel for what the questions are like. If you’ve got lots of time and money, you can take the same exam over and over again, getting slightly better each time until you pass. I don’t recommend this strategy, not just because it’s expensive, but because it puts you in the super awkward situation of telling others how many times you took the exam. Trying until you pass is respectable, but you should have some serious expertise to show for it. If I’m interviewing you and it took you 5 tries to pass a CCNP exam, I’m going to grill you hard on the technical questions.

If you want to have a great chance of passing the next time, then study for the certification one step higher than the one you want to attain. If you’re studying for the CCNA, act like you’re studying for the CCNP. If you want the CCNP, act like you’re studying for the CCIE. Obviously the topics are different. You don’t need to study multicast in-depth for your CCNP. But for the topics that overlap, it’s better to overshoot than aim for the bare minimum.

Copying a File from Within a Remote Powershell Session

Recently I needed a way to copy a certificate file from within a PowerShell session to another Windows machine without opening a nested PowerShell session.

Here’s my setup:

  • A Windows 10 laptop, from which I’m remoting
  • NC1, a Server 2016 virtual machine I’m remoted into. It’s a member of a domain.
  • HYPERV1, the Server 2016 machine I want to copy a certificate file to. It’s not a member of a domain.

I execute all of the following commands on NC1, the VM I’m remoted into.

Here’s the first thing I tried. The HYPERV1 machine is not a member of a domain, so the following doesn’t work:
$ Copy-Item .\nccert.cer \\hyperv1\c$
Access is denied
+ CategoryInfo          : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand

What about specifying the -Credential parameter? That doesn’t work either.
$ Copy-Item .\nccert.cer \\hyperv1\c$ -Credential hyperv1\administrator
The FileSystem provider supports credentials only on the New-PSDrive cmdlet. Perform the operation again without specifying credentials.
+ CategoryInfo          : NotImplemented: (:) [], PSNotSupportedException
+ FullyQualifiedErrorId : NotSupported

And that error pretty much tells me what I need to do: use the New-PSDrive cmdlet!
$ New-PSDrive -Name H -PSProvider FileSystem -root \\hyperv1\c$ -Credential hyperv1\administrator
$ Copy-Item .\nccert.cer h:\
$ Remove-PSDrive -Name H

Installing the VMware ESXi Embedded Host Client

As most everyone knows, the old VMware vSphere C# client has been on its way out for years. One of the things keeping it alive is the fact that not everyone has a vCenter Server, and even those who do don’t necessarily use the Web Client. Sadly, there are some really cool features the old Windows client can’t touch, such as exposing hardware-assisted virtualization to individual VMs.

If you have a home lab and don’t need vCenter, thee ESXi Embedded Host Client gives you web-based access to these hidden features of your standalone ESXi host without having to spin up a real vCenter server.

Here’s how to install it:

  1. Shut down all VMs and place the host in maintenance mode
  2. SSH into ESXi and execute the following
    [[email protected]:~] esxcli software vib install -v http://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-4393350.vib
  3. Browse to https://[ESXi]/ui
    You should see the login screen:
    VMware ESXi Embedded Host Client Login Screen
  4. Log in using whatever credentials you use in the old C# vSphere client. You should see something that looks an awful lot like the vSphere Web Client:
    VMware ESXi Embedded Host Client Initial Screen

How to Fix the Blurry, Fuzzy, Ugly Text in Windows 10

After upgrading my Lenovo ThinkPad to Windows 10, I was so pumped. The upgrade went smoothly, all my apps worked, but then I noticed something: some apps had blurry, fuzzy text.

Ugly, blurry, fuzzy text on Windows 10:

vSphere-on-Windows-10-with-fuzzy-text

This might not bother some people, but to me it felt like trying to read a wet book with my glasses off. Most everything else looked sharp and normal, so I knew it wasn’t a native resolution or global DPI scaling issue, which is what most of my Google-fu turned up.

The fix (hint: not prescription eyeglasses)

The fix turned out to be crazy stupid. Well, more stupid than crazy. Go into the Properties of the app that’s rubbing salt water in your eyes:

vSphere-on-Windows-10-properties

Navigate to the Compatibility tab. Check that “Disable display scaling on high DPI settings” check box, apply the settings, then launch the app again.

vSphere-on-Windows-10-with-sharp-text

That’s what I’m talking about. The window is bigger, and the text doesn’t look like garbage.

But wait, there’s more! (PowerShell)

If you’re a PowerShell 1337 scripter, you may run into a similar issue. Check this out:

PowerShell-with-ugly-fuzzy-blurry-font

If you’ve ever hooked up a computer to an old CRT television using an RF converter, well, this is about what it looks like. Ugly as homemade sin, as they used to say. Don’t worry about the error. I left it to highlight how horrendously eye-stab-worthy this console looked when I first opened up a can of PoSH on my newly minted Windows 10 upgrade.

The fix? Go to PowerShell properties:

PowerShell-on-Windows-10-properties

Navigate to the Options tab (intuitive, right?). Check the box “Use legacy console” (duh), then apply the settings. Relaunch PowerShell.

PowerShell-with-sharp-font

The image makes it look a bit fuzzy still, but on my screen it looks crisp and sharp.

New book! Learn Cisco Network Administration in a Month of Lunches

The pre-release of my new book, Learn Cisco Network Administration in a Month of Lunches, is available from Manning Publications’ early access program.

The book is a tutorial designed for beginners who want to learn how to administer Cisco switches and routers. Set aside a portion of your lunch hour every day for a month, and you’ll start learning practical Cisco Network administration skills faster than you ever thought possible.

Study Tips for the CCNP Routing and Switching Certification

If you’re studying for or considering the CCNP R&S certification, here are a few things to keep in mind:

The CCNP exam tests CCNA-level skills and knowledge, too

This is a good thing, because it helps weed out those who “brain dump” the exams. If you got lucky with OSPF on your CCNP exam, you’re not going to get lucky on the CCNP ROUTE exam. You really DO need to know this stuff. You can’t just pass the CCNA composite exam and then forget everything. You have to have a solid foundation to build on. You’re never too educated to go back and revisit the fundamentals.

Spend most of your time studying configuration and troubleshooting at the command line interface.

There’s no hard and fast rule on this, but a good rule of thumb is make sure AT LEAST 50% of your time is spent in IOS. Both the ROUTE and SWITCH exams have some simulations, but the TSHOOT exam has a LOT. If you’re not proficient with the command line interface, you won’t pass. Again, this weeds out the dumpers, and it raises the difficulty level of attaining the cert.

Write down all your questions in one place and periodically revisit them.

You’ll be amazed at how many questions you will learn the answer to without realizing it. Some questions you’ll look at and think, “Duh, that one’s easy. How did I not know that before?” From my CCIE studies, I have a list of questions that I organized by category: Layer 2, Layer 3, Security, QoS, etc. Writing down questions also reminds you of how much you DON’T know, highlights your misconceptions, and becomes a de-facto study guide. The last thing you want going into the exam is a false sense of security.

The exams cover a LOT of topics, and some of them are pretty in depth.

This is where a lot of people get frustrated, confused, or just overwhelmed. They look at the exam topics, see the magnitude of it all, and try to study and memorize everything about everything.

This is one of the biggest reasons I’m creating a series of CCNP R&S courses for Pluralsight.

The first one, Basic Networking for CCNP Routing and Switching 300-101 ROUTE was released this month. In each course I focus on real-world customer requirements and then demonstrate how to configure them step-by-step, explaining each command as I go. When watching the courses, you’ll quickly get an idea of what areas you need to study more and what areas you already know.

Not only that, each course module includes an assessment which thoroughly tests your knowledge of the relevant exam material. And, if you get an answer wrong, it will take you to the exact spot in the course where I cover that particular topic. It’s an incredibly effective way to study and learn quickly.

Check out the entire CCNP Routing and Switching learning path on the Pluralsight blog.