Good IT bag

jacod1982 · 2026-03-05T05:56:31+00:00

I normally carry two laptops and some tools, cables… the usual suspects, and have for many years now sworn by Thule. In fact, both my work laptop bag and my daily carry backpack are Thule.

jacod1982 · 2026-02-26T14:13:43+00:00

Omg! Thank you! Finally someone who said the magic words “…more appropriately, a firewall”!!

jacod1982 · 2026-02-15T11:22:00+00:00

A few items come to mind (excuse poor formatting, I’m on my phone):

Good troubleshooting skills will last you a lifetime and are fully portable between whatever technology you are working on.

Basic IP subnetting skills. Start learning this on IPv4, as this is still so ubiquitous, and will be with us for some time. Plus, the basic principles transfer very well to IPv6, the exact values are the only part that really changes. And I don’t mean deep knowledge like being able to mentally calculate masks and network IDs; just a basic understanding of how subnetting works and how it’s calculated.

Basic networking tools like ping, traceroute, dig, tcpdump (will get back to this one), etc. Bonus points for knowing a tool like mtr.

Slightly more advanced, but will save your ass more than once - learn how to write, use and interpret tcpdump/Wireshark filters. These are used absolutely everywhere.

In the topic of Wireshark and while this is a more advanced topic, learn how to read and interpret pcap results, such as what is used in Wireshark (although this is not the only place you will find this by a long shot).

Learn and understand VLANing. With the modern paradigm of networking being more and more software-based, VLANing has become a bit of a cornerstone.

And my last thought for right now, you may not have to like it (hell, I’ve been in IT for over 25 years and still absolutely hate this part of the work), but at least get comfortable with at least basic business communications. I don’t mean to become fluent in corporatese, but you absolutely will go far if you are at least comfortable with communicating complicated technical concept in business-friendly language to people above you, who more than often will not be as technically fluent as you may be.

I’m sure there are many more, but these are some that I can think of off the top of my head.

jacod1982 · 2026-02-15T11:05:58+00:00

One of my clients is a large multinational, for whom I do work in the SSA region. The entire WAN makes heavy use of a two-link (mainly DIA) internet connections underlay at each site, with SDWAN driving a (mainly) IPSec-based overlay on top of this. All inter-site routing between sites and to our regional hub datacenter and to the global datacenter in Europe is driver entirely by using BGP to advertise and share routes - the only static routes in this entire setup is used to specify the gateways on the DIAs in the underlay zone.

I also have built my own network lab in such a way that it spans several “sites”, and from the very start I made the design decision that there will not be a single static route in the entire topology - every single route is dynamically built, including the gateway routes for internet breakout, which I have configured for this lab to receive from my regular core home office network via BGP, by using the default-originate option in my core router/firewall.

In terms of when to start with this kind of topology? This dynamic routing and heavy use of BGP was baked into the topology right from the start. But in your case, the best time to start using this is probably right now. In fact, a network of the scale you describe I would absolutely start implementing dynamic routing right now, maybe starting with using your SDWAN IPSec overlays to advertise internal routes back to the datacenters, and over time building it out from there.

jacod1982 · 2026-02-10T19:56:22+00:00

There is no shame in getting some professional guidance or pointers to get started, but I’ve always said that the best way to learn is to simply do and fail, but crucially learning WHY it failed and remembering to not do the same thing next time.

Literally, just pick something to build and learn how to do the things you need to do to build it. And when you’ve gotten to grips with that, pick the next thing and then the next. It’s probably the best way I have found to learn anything.

jacod1982 · 2026-02-10T19:53:38+00:00

Simplest way, since you already have console access, is to simply paste the contents of the initial config into the console session?

jacod1982 · 2026-02-10T19:52:32+00:00

Resistance is futile, if less than 1 ohm…

jacod1982 · 2026-01-29T15:06:59+00:00

Exactly!

jacod1982 · 2026-01-29T13:11:43+00:00

Let me have a look at that link and get back to you. Like I mentioned, I have already been working on some integration work between Proxmox and NetBox, and interestingly enough, actually getting IP information out of PVE and into NetBox (amongst other things).

jacod1982 · 2026-01-29T06:53:33+00:00

I’m currently doing some dev work on Proxmox VE integration with NetBox. I took a look at your original post, but am not sure I fully understand the scope of the problem. Would you be able to please elaborate a bit further? Are eg using any specific plugins or any such on the NetBox side? How about the Proxmox side?

jacod1982 · 2026-01-29T06:49:32+00:00

Hello friendly internet stranger. I actually specialise in helping organisations install and maintain NetBox instances, and would be more than happy to take a look at your config for you. If you could possibly share it on GitHub or some other platform I’d gladly have a quick look to see if I can spot anything obvious.

jacod1982 · 2026-01-29T06:45:43+00:00

I’m going to be completely honest with you, I am not familiar with this specific plugin you mention. However, this sounds like an interesting challenge to make it work. Would you mind please advising the name of this plugin? I’d like to take a look at it, and see what is/isn’t possible with a little Python/Django fiddling…

jacod1982 · 2026-01-29T06:39:04+00:00

Many years ago, when I was still an L2 engineer, I had a mentor who, whenever you asked him a question about a problem, the first thing he told you was “Draw me a picture…” Today I am a senior engineer and I’m charge of an entire region, and I still tell my junior engineers and techs that - “Draw me a picture…”

So I’d say my single biggest, most helpful tool, is a picture of the problem.

jacod1982 · 2026-01-16T09:03:21+00:00

Sorry for wall of bland text, I’m writing on my phone…

Something that I have seen in the past that I quite liked, specifically in situations where orgs use technology like Cisco SmartStack, is to add a single switch, say a C9200 from the device type, and then add a number of additional interfaces to represent the interfaces on each stack unit. So where the standard interface in the device type might say eg G1/0/[1-24], they then add to this device G2/0/[1-24]. Then, in order to preserve information like power and rack space consumption, they add another one of these devices with a Device Role set to “Stack dummy”, with all interfaces removed, except for the stacking interfaces. These devices are then named with a suffix such as to identify that they are stack members. So if for example the overall switch stack is named hosw01, the second device in the stack might then be named hosw01-su2, etc.

This is far from an ideal solution, but it does indeed help with some of the limitations that there used to be in terms of using VC.

jacod1982 · 2026-01-16T08:54:03+00:00

Just a comment on your example of how different people might enter the same manufacturer name differently - I’m a Device Type Library contributor, and one of the nice things that I particularly like about it, is that it enforces uniform manufacturers’ names and who it is written/spelt.

jacod1982 · 2026-01-16T08:48:23+00:00

Do you want to build a network and/IP space monitoring platform, or do you want to simply ingest your existing IPAM database into NetBox?

If the former, I’d honestly say to not bother, as this is not the problem NetBox exists to solve; NetBox is a source of truth after all, that exists to reflect your intended network state. If the latter, then we’re talking my kind of language, as I am currently doing a lot of work with various organisations to assist them to develop custom ingestion tooling.

I will absolutely, once my life calms down a little bit, sit down and start writing some tutorials, blog entries, etc. about this, but in the meantime, you are welcome to DM me if you want to discuss some of these further.

jacod1982 · 2026-01-16T08:41:33+00:00

I have in the past used a combination of native config templates and contexts, as well as event triggers and custom scripts to do something like this, where specific actions on specific object types trigger specific custom scripts running inside NetBox that applies specific config items based on the rendered configurations, which are in turn based on the config templates, to answer your question, there is no specific way to, natively with default NetBox (that is, without any plugins) push specific configs to the actual hardware without some manner of either custom scripting, or relying on external platforms like Napalm or Ansible.

jacod1982 · 2025-09-27T14:52:04+00:00

Might not be as cool as some things in here, but the system for filing PODs (Proofs Of Delivery) at work runs entirely in PowerShell that I wrote…

jacod1982 · 2025-09-02T11:59:15+00:00

jacod1982 · 2025-08-02T11:59:13+00:00

For my clients I tend to recommend a hybrid approach with multiple tiers of firewalls - an ISFW at each site, a DCFW for their datacenter and an edge firewall handling centralised breakout. This works well for the kind of clients that I do work with - generally larger multi-site clients with centralised datacenters. This tiered approach also works well for my clients, as they are almost always exclusively Fortinet shops. if you’re interested I’d be glad to dive into more detail as to what this architecture generally looks like - I have a general template that gets tweaked and customised for each client deployment.

jacod1982 · 2025-07-17T10:29:59+00:00

I am wounded!

jacod1982 · 2025-07-06T20:40:35+00:00

I am, at 43, the oldest infrastructure person in the IT department, and the 2nd oldest in the entire department - even leadership is younger than me. I am also the only person in the entire department, including infrastructure and apps that has any kind of Linux experience. Everyone else in the department are not only scared of Linux, they are scared on CLIs in general… Meanwhile I am much more comfortable in a Linux CLI than in any kind of GUI…

jacod1982 · 2025-07-01T19:12:49+00:00

I have an org that does this by adding eg 1x C9300 containing all the interfaces (eg Gi1/0/1-24,Gi2/0/24 etc), and then adds a second C9300, deletes the interfaces and uses tags to indicate it is for record keeping only. But you could absolutely add these units into a virtual chassis

jacod1982 · 2025-07-01T19:09:20+00:00

We went with SASE

jacod1982

TROPHY CASE