I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me


Cisco Live 2022 is in full effect in Las Vegas, They say there are 16k attendees in person this year but inn the Mandalay Bay Conference center it seems pretty empty. Not that I am complaining... I wanted to post up some of the slide decks of talks that looked interesting.  I assume you can register online and see the same decks but I wanted to post them here so I can go back and have a place to see them later.

Cisco SD-WAN: Start Here - BRKENT-2108

Start your SD-WAN journey here, we will explain the platform architecture, the different components of the solution and how they interact with each other and secured the user to application traffic.


Architecting Next Generation Wireless Network with Catalyst Wi-Fi 6E Access Points - BRKEWN-2024
This session deep dives into the newly introduced Wi-Fi6E standard in 6GHz band.  

Designing MPLS based IP VPNs - BRKMPL-2102

This session describes the implementation of IP Virtual Private Networks (IP VPNs) using MPLS.

Cisco IT's Journey to SASE for remote work - BRKCOC-2032

This session will discuss how Cisco IT is using some of Cisco's latest cloud security solutions, alongside SDWAN as a Service from Cisco Plus, to supply high performance and reliable remote worker and branch connectivity.

Cisco SD-WAN - The Usual Suspects - BRKENT-2183
In Cisco SD-WAN, establishing your WAN Edge routers as a part of the overlay is essential to building and operating a successful network.


Enabling Cloud Services at the Edge with App Hosting on Catalyst 9000 - BRKENS-1090
Did you know that you can run applications natively on Catalyst 9000 series platforms to enable Cloud services?

How to Securely Build a Product - BRKARC-2021

INTERACTIVE SESSION Security threats are very real today. Product security must be designed in from the start, not added as an afterthought.

Simple Leaf/Spine with a touch of TOR - Network Designs for the Modern Data Center - BRKDCN-2229

There are times when your Leaf/Spine network runs out of ports (even as it never should). No worries, there are ways how to scale further and no, we don't talk about FEX :-) Let us guide you through a Leaf/Spine network and an additional TOR (Top of Rack) layer. 


7 Ways to Fail - on Wi-Fi 6(E) - BRKEWN-1742
It is all about how to do Wireless networks ‘wrong’ and if you understand why it’s wrong, it’s easier to do it right the next time.


High Density Wi-Fi Design, Deployment, and Optimization - BRKEWN-2087
This session will cover an array of detailed tips, tricks, and tools for configuring and optimizing High Density WiFi networks in today's most challenging environments, including valuable real-world insights on how the latest Cisco Catalyst Access Points, antennas, and Catalyst wireless controllers can be leveraged to deliver an optimized and reliable user experience.

Hierarchical SD-WAN Overview and Principles - BRKENT-2292

Hierarchical SD-WAN is a new foundational capability that underpins the journey to multi-cloud and SDCI. This major evolution of Cisco SD-WAN introduces new capabilities to support a truly scalable 2-level customer overlay, improve Cloud OnRamp for MultiCloud and expand Managed Service Providers solutions. 

Advanced Troubleshooting of cat8k,asr1k, ISR and SD-WAN Edge Made Easy - BRKTRS-3475

In this session, we will explain the architecture of the Catalyst 8000, ASR1000 / ISR / CSR / XE SD-WAN Edge series and demonstrate forensic techniques for control plane and data plane. We will also see how common but complex feature such as SD-WAN Edge, crypto (IPsec), Zone Based Firewall and NAT can be troubleshot easily in practice.  




There is a new flavor of protocol reflection attacks on the streets!  

The TCP Middlebox reflection attack is the first reflection attack to utilize the TCP protocol. Traditionally the TCP protocol was not susceptible to spoofed source packets because of its state based nature (three way handshake).  Researchers at University of Maryland and the University of Colorado discovered that many network devices, such as load balancers, proxies, and firewalls, could be susceptible to specifically-crafted packets that could generate amplified traffic (up to 65x) at a victim.  These devices could be inherently susceptible to the spoofing because many of these devices have to contend with Asynchronous network traffic and out of order packets.


Akamai did a really great write up on what they saw and how they mitigated the attack. https://www.akamai.com/blog/security/tcp-middlebox-reflection


Shadow Server also has a write up. https://www.shadowserver.org/news/over-18-8-million-ips-vulnerable-to-middlebox-tcp-reflection-ddos-attacks/

So on to your firewalls:

The out of the box Palo Alto Firewalls do not appear to have any mitigation configured by default to protect against this attack.  But its not the end of the world.  Palo Alto and many other security vendors have low level TCP protection that basically normalizes TCP traffic and cuts out the flood attacks, malformed protocol attacks, etc., before they are even processed by your firewall. This minimizes  impact on the device resources like CPU and memory for these types of attacks.


In the Palo Alto world this is called "Zone Protection Profiles". If you run BPA (Best Practice Assessment) - which you should - then the Zone Protection Profiles are often flagged if you don't have them configured. 


The zone protection profile is pretty strait-forward to set up but, before you start, you need to do a little research and investigation into your device

  1. You need to determine the maximum CPS or connections per second your device can handle. This is a list of devices and their specs on the Palo Alto Networks site. https://www.paloaltonetworks.com/products/product-selection
  2. Next you will want capture some metrics around how many CPS your devices are seeing. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps
  3. Next you will want to do a few calculations and configure your zone protection profile. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles


Here is the "Cool SH*T Props" to Palo Alto Networks...when you create a zone protection profile, by default under the Packet Based Protection > and > 'TCP Drop the TCP SYN with Data' and 'TCP SYN ACK with Data' are already checked. This means when you apply your newly configured zone protection profile to your security zone it will protect you from current Middlebox vulnerability by dropping any of the cleverly crafted SYN packets because they would be larger then 0 bytes.



So I wanted to post a little bonus. Here is a quick and easy flood protection calculator I threw together in google sheets, just add your average CPS.


It's official!  Formula 1 has announced their newest US Grand Prix in Sin City.  I admit, I watched some Formula 1 in the late 90s but kind of fell out of following it...but since becoming a Covid hermit, and stumbling across Netflix's Drive to Survive, I am back in. 


Thanks to Netflix's Drive to Survive and the dramatic conclusion to the 2021 season driver championship, Formula 1 has taken hold in the US and F1 is taking advantage of the increased popularity.  Over the last few years there has been only 1 US GP at CODA in Austin, but the 2022 F1 calendar will be racing in Miami at the Miami International Autodrome for the first time. 


Lets get down to what we came for: the Las Vegas GP... 


The track is going to be a high-speed street course that races through the streets of Las Vegas and down the Strip.  It will be 3.8 miles long and have an estimated top speed of 212 mph.  With 14 corners, 3 straits, and 2 DRS zones the experts are predicting this is going to be low drag, high-speed course like Monza or Spa. 


Race Circuit

The race dates have not officially been released, but the rumors are it will be the weekend after Thanksgiving.  Also to take advantage of the venue, it will be a Saturday night race 10pm to midnight-ish... That time-frame makes sense because it would be early Sunday morning in Europe and afternoon in Asia and the Middle East.  Also how spectacular will it look having those cars racing through all the sights and lights of Las Vegas at night??  Seriously this could be a spectacular race.  


Prior to the race they will resurface all the roads that will be raced on to ensure they are smooth and ready for racing, and I cant imagine the amount of lighting and infrastructure they will need to build to accommodate the race. That would be an interesting documentary, behind the scenes of what it takes to put on the Las Vegas GP... Just Saying! 


Formula 1 Live Las Vegas Announcement

There is not a lot of information about race specifics since we are still a ways out.  I imagine people including myself might be booking rooms.  But before you book - one word of warning - last time I looked hotels in Las Vegas do not allow the windows to be opened so if you were expecting to book a room over-looking the strip, it may not be what you where hoping for, but we will wait and see.  


One thing is for sure, those of us who have been to Las Vegas and been on the strip know how epic the occasional Lambo or Ferarri sounds when they blaze by.  I cant wait to hear 20 F1 cars tearing down the same road - it will be epic.


Driver Reactions about Las Vegas Race


Best guess course route


I wanted to provide some links to Las Vegas GP resources. Its pretty few and far between but I will add them as I come across them.







  • 1 oz. Malibu rum
  • 1/2 oz. Kahlua
  • 1/2 oz. dark cocoa liquor
  • 1 C hot chocolate
  • Whipped cream and chocolate shavings for topping if desired.



Prepare hot chocolate as per your recipe. Add rum and Kahlua. Top with whipped cream and shavings if used.