If you have read through the material on our website, you may have noticed that we emphasize the win/win business paradigm.  This term may be new to you, and I wanted to share some background and detail with you about the intentions behind it.  In a nutshell, the idea is that if we can help your business win, we will win as well, so our intention is to do all we can to position our customers' business to win. 

If your experience in the Information Technology industry has been anything like mine, you have probably found very few vendors who you could completely trust based on their true intentions and approach to business.  Instead, you may have often found yourself concerned whether they were really serving you in their interactions with you.  You may have felt lied to, manipulated, coerced, betrayed, or abandoned at various points as it became obvious that your vendor placed their own interests ahead of your needs, often without even letting you know this was the case.  I personally have been responsible for large IT projects in which (of course) a few days before rollout one of my vendors suddenly announced that their deliverable was significantly different from what we'd agreed upon.  They had interpreted a portion of the contract in their favor without telling me, never putting the learnings they had gained from months of contact with my organization together with a sincere desire to support my success by working out any details that were uncomfortable for them.  The result was that my project was late and I was forced to pay them much more than I'd budgeted in order to close the gap.  I felt quite betrayed, and certainly didn't want to use or recommend them again.  This was definitely not an outcome in which we both came out ahead.  In fact, despite their getting more money, in the end both of us lost out because they didn't build the goodwill that they needed to grow their business.

After numerous such interactions, I realized that my personal and professional life was only going to be meaningful to me if I could embody a different way of doing business based on a genuine respect for anyone I established a relationship with - starting with myself - and a sincere commitment to finding a way that the relationship could support both parties in equality.   I don't take this commitment to building a win/win business lightly: it means in many cases reinventing every part of my business and avoiding some of the quick paths to success that I learned in the past.  Figuring out some of the hows and whys definitely keeps me up at night!  But it's also exciting: my entire experience of being in business is fresh, new and uplifting, and I'm seeing that the vendors and customers who I connect with begin to feel as excited as I do as they slowly start to understand what this means.  But this understanding takes time, for all of us.  In many cases we have to allow that the way things have always worked in the past isn't the only way that they CAN work.

I'd like to share a few of the insights I've had on my journey in this article, but I'm sure that there will be opportunities to share more of them with you in the future.  For example, I've had to redefine what sales means for a company committed to win/win relationships.  Traditional sales techniques theoretically revolve around finding a need and filling it, which seems like a win/win activity.  But all too often they involve creating an artificial need, subtly or overtly coercing buying decisions, using discounts as a means to get the customer to ignore their own business need, creating a personal relationship just to get a sale, and so on.  Even more confusing is the fact that something like a time limit or discount may be grounded in a legitimate business requirement for the vendor, but ends up being coercive because of the intention behind it.  So I've come to the conclusion that bringing sales into the win/win paradigm is really a matter of intention. My intention is my commitment to win/win and equality in relationships which is reflected in Enki's charter with statements like  "...to create wealth for our clients and hence for ourselves."

While this statement of intention is simple, some of the differences in my behavior with respect to sales that I want to see are quite complex and nuanced.  I don't even begin yo claim that I have all the answers yet.  For example:

Technology Used

• Cisco 1841 Integrated Services Router
• Cisco WIC-4ESW a 4-port 10/100BaseTx Ethernet switch interface card
• Cisco IOS 12.4 software

Network Diagram

Router Configuration

 
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1841
!
logging buffered 8192 debugging
!
resource policy
!
clock timezone PST -8
clock summer-time PDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip domain name foo.com
!

!--- This is the connection to the Wireless ISP. We mark this interface as external
!--- so NAT will translate using our external NAT address space pool.

interface FastEthernet0/0
 description wireless-isp Wireless Interface
 ip address 172.16.0.194 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
 no cdp enable
!

!--- This is the connection to the T1 ISP. Once again we mark this interface as external.

interface FastEthernet0/1
 description att Communications Interface
 ip address 172.16.1.130 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed 100
 no cdp enable
 no mop enabled
!

!--- Since this router only has 2 native Ethernet ports, and we need more that that
!--- it was necessary to add this switch module.  In order to get the traffic into the
!--- switch, we need to configure a Vlan. (see below)  The default Vlan for all
!--- ports is Vlan 1.

interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!

!--- This is where we configure the Vlan.  For the purposes of this example
!--- we are going to treat the Vlan interface just like an Ethernet Interface.
!--- We give it an IP address and tell NAT that is an inside interface.  This means that traffic
!--- coming into this interface from an "outside" interface will need to be translated from
!--- public address space to private address space.

interface Vlan1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip classless
!

!--- Since we have 2 active connections we need to have 2 default routes.  The wireless
!--- connection is much faster than the T1, so the wireless connection has a lower routing
!--- metric (0).  The lower the cost (metric) the higher the priority that route has when the
!--- router is making routing decisions.  In addition, if the 172.16.0.192 circuit should fail,
!--- the router will automatically take the 172.16.1.129 route because the other route
!--- would be deleted from the routing table until the circuit came back up.

ip route 0.0.0.0 0.0.0.0 172.16.0.193
ip route 0.0.0.0 0.0.0.0 172.16.1.129 10
!
!

!--- These are some NAT timings.  Since we don't have much address space here, we need to
!--- keep the table small and the timings short.  This client has about 45 employees and since
!--- we only have 8 addresses for each network, we need to be mindful of NAT table size and
!--- IP addresses.

ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation dns-timeout 300

ip nat pool wireless-isp-pool 172.16.0.199 172.16.0.206 prefix-length 28
ip nat pool att-pool 172.16.1.136 172.16.1.142 prefix-length 28

!--- The NAT pool we use for public/private address space mapping is determined
!---by which network the traffic is going to take.

ip nat inside source route-map wireless-isp-nap-map pool wireless-isp-pool overload
ip nat inside source route-map att-nap-map pool att-pool overload

!--- This is where the fun begins and this section of the configuration is where everything
!--- comes together.  Normally there would be no need for the route-map here.  But because
!--- we have a requirement to run in active-active with the two ISPs we need to use route-maps
!--- to control the NAT process.  These route-maps look to see which interface the traffic is
!--- entering the router from, then they look to see which host the traffic is destined for.  If the
!--- incoming traffic is destined for one of our servers, then we need to force a NAT translation
!--- such that when the traffic needs to leave the router it will take the proper route.

ip nat inside source static 10.10.10.21 172.16.1.131 route-map exchange-att extendable
ip nat inside source static 10.10.10.22 172.16.1.132 route-map webserver-att extendable
ip nat inside source static 10.10.10.23 172.16.1.134 route-map commserver-att extendable
ip nat inside source static 10.10.10.21 172.16.0.195 route-map exchange-wireless-isp extendable
ip nat inside source static 10.10.10.22 172.16.0.196 route-map webserver-wireless-isp extendable
ip nat inside source static 10.10.10.23 172.16.0.197 route-map commserver-wireless-isp extendable
!
ip access-list extended nat-list
 permit ip 10.10.10.0 0.0.0.255 any

!--- The next three ACLs are for the route-maps.  They define what interesting traffic is.
!--- Here are the inside addresses of our servers: Exchange, Web and Communications.

ip access-list extended exchange-acl
 permit ip host 10.10.10.21 any
!
ip access-list extended commserver-acl
 permit ip host 10.10.10.23 any
!
ip access-list extended webserver-acl
 permit ip host 10.10.10.22 any
!

!--- The next six route maps determine the server-to-network matching for NAT addresses.

route-map webserver-wireless-isp permit 10
 match ip address webserver-acl
 match interface FastEthernet0/0
!
route-map commserver-att permit 10
 match ip address commserver-acl
 match interface FastEthernet0/1
!
route-map commserver-wireless-isp permit 10
 match ip address commserver-acl
 match interface FastEthernet0/0
!
route-map webserver-att permit 10
 match ip address webserver-acl
 match interface FastEthernet0/1
!
route-map exchange-wireless-isp permit 10
 match ip address exchange-acl
 match interface FastEthernet0/0
!
route-map exchange-att permit 10
 match ip address exchange-acl
 match interface FastEthernet0/1
!

!--- These are the default NAT route-maps.  These are used for all traffic that is not covered
!--- by the above server route-maps.

route-map att-nap-map permit 10
 match ip address nat-list
 match interface FastEthernet0/1
!
route-map wireless-isp-nap-map permit 10
 match ip address nat-list
 match interface FastEthernet0/0
!
!
line con 0
line aux 0
line vty 0 4
!
end

Troubleshooting

It is possible to verify that everything is working correctly by looking at the NAT translation table.  Use the following commands:

 
show ip interfaces brief
show ip nat translation
show ip nat statistics
debug ip nat [list] [detailed]

Last month a client asked us to configure a wireless Internet connection to augment their preexisting T1 connection from a local ISP. The client had been experiencing high latency in their Internet traffic with occasional losses of service.  Fault tolerance in their Internet connection is very important to them and their business processes because their business model is highly dependent on worldwide network connectivity.

They decided to purchase a wireless connection from a local ISP to augment their existing bandwidth and solve their reliability problems.  Once installed, this would give the client an additional 2-3 Mbits of wireless connectivity.  They purchased a Cisco 1841 router with a NM-4ESW WIC as the network gear that would be managing the connections.

What's very interesting about this situation is that the company wanted both circuits to be active and configured in a fault tolerant manner such that if one circuit failed all internet traffic would transparently be routed through the working connection.  In addition, when the failed circuit came back up, the traffic would transparently return to the active-active flow model.

In addition, they had 3 servers that needed to be exposed to the Internet as part of their day-to-day operations.  They were the Microsoft Exchange server, a web server, and a communications server.  The challenge with this setup is that the systems needed to be NAT-ed to 2 separate public address spaces simultaneously, and the router needed to be configured in such a way as to keep it all straight.

One of the most important things is to configure the router to avoid routing loops.  This is where traffic enters the router from Network A but leaves the router from an interface connected to Network B, which can result in lost data, timing problems, or intermittent traffic flow failures.

In order to keep this from happening I used  route-maps to determine which interface originated the traffic and an access control list (ACL) to determine if the traffic was interesting (actionable.)  These two criteria would then be used to create the NAT mapping between source and destination, which in turn would determine which router interface the traffic would leave through.

For example, a user on the Internet wishes to talk to the Client's Web Server.  The routing for this user is such that the network traffic will flow through the wireless link (see network diagram.)  When the user's packet hits the router interface, the router will determine if it is destined for one of the Client's three servers.  If there is a match, it will then look to see which interface the packet originated from.  In this example, that would be FastEthernet0/0.  The router would then build a NAT translation entry mapping the Web Server into the wireless ISP's address space.  When the Web Server replies to the users' request, the router would look at the NAT table, see the address translation, and know which interface to send the traffic back to the user on. 

The Cisco IOS keeps a NAT table of inside/outside address pairs, where inside is the private address space and outside is the global address space.  So all I have to do is to control how the traffic gets NAT-ed and the router will take care of the rest.

Click here for the details of the implementation including router configuration and network diagram.

This technique is a cost-effective way to increase bandwidth as well as reduce dependence on a single network provider and its physical infrastructure.  Coupled with redundant routers, this approach provides a solution for fully redundant branch office connectivity.

Over the next few years, power consumption will become the number one concern of data center managers.  With increasing instability of global oil production and a continued rise in the world’s demand for oil, energy prices will only continue to go up.  In addition, as our leaders accept the reality of Global Warming, you can expect carbon mitigation and alternative energy costs to be included in the price of the electricity you buy.  Even at today’s increased electricity prices, industry pundits claim that the cost of the electricity to run your servers during their lifetime will equal their purchase cost.  For owners of existing data centers, power consumption also limits their ability to add capacity, since as server density rises both the power consumption per rack and the total heat output of their equipment may exceed their facility’s capabilities.

To manage power consumption, you have to understand how power is used in your data center.  While all the power used generates heat, only some of the power is actually used to perform computations for your business.  The rest is lost to inefficiencies and cooling costs.  Most of today’s servers have an AC power supply in them that is about 65% efficient.  So, in a typical server with a 400 watt power supply, 140 watts are lost as heat due to power supply inefficiency, and 40 more watts due to fans that remove the waste heat from the server case, delivering only 220 watts to the CPU, memory, disk drives, and motherboard components, or wasting $0.45 of every electrical power dollar you spend. When you take into account the energy you need to blow the hot air out of your rack, through your air handler, and to run the chillers or air conditioners, your overall efficiency can easily drop below 50% - only half the electricity you buy is actually serving your business!

In the coming weeks, I’ll be writing some articles detailing how you can reduce power consumption in your data center, both by increasing efficiency as well as increasing utilization of your servers.  You can pick them up later by bookmarking the ENKI infrastructure blog page.