Archive for April, 2011

Book Review: IPv6 for Enterprise Networks

April 27, 2011 Leave a comment

I just finished reading “IPv6 for Enterprise Networks”, published by Cisco Press.   All I can say is that unless you have the hots for IP protocol discussions, this book will not rock your world.   It’s not that it is a poorly written book, it’s just that I don’t find IPv6 to be exciting.   That being said, the authors do a very good job in covering the material.

As is typical of tech books, we start with the obligatory history lesson.  Why should we transition to IPv6?  Simple, we are running out of IPv4 addresses.  Lesson over.  There is more to it in the book, but let’s be real here:  The largest driver is the lack of IPv4 addresses.

With that chapter out of the way, the book covers the basics of network design.  This is a chapter that appears in a number of Cisco Press books.  It’s a good reinforcement of network design principles that we should all do well to remember.

Now that two basic chapters are out of the way, the authors delve into IPv6 itself, how it is different from IPv4, and how to get from here to there.  This is where the book shines.  It’s a great reference for making the transition from IPv4 to IPv6.

As part of making the transition, the authors discuss the pros/cons of many of the various migration strategies such as running a dual protocol stack, running a hybrid network, and more as they relate to the different types of networks (campus, branch, data center, and so on).  It should be noted that each network type has its own chapter.  There is simply too much information that the readers need to be aware of that it would be a disservice to cover them together.

The authors simply could have ended the book there, but that would have made for incomplete book in my opinion.  Thankfully, they kept going and included a chapter on managing an IPv6 network.  While much remains the same, there are differences that may arise that readers should be aware of.  In some cases, it’s just how to enable the monitoring/reporting capabilities of the equipment.  In other cases, IPv6 just handles things differently.

As with most Cisco books, there are plenty of screen shots, command lines, and such given that the reader should be able to copy from to get from point A to point B.  I like this.  Far too many books out there have too few examples.

The last item covered turns out to be my favorite: setting up a lab.  While it is not a monkey script type of chapter (type this, click this) it still gives the reader enough detailed information to be successful.  Personally, I think that if you need a monkey script, then maybe this is one area where you shouldn’t be working.  What really surprised me in this chapter was the inclusion of screenshots from an ESXi host showing how to configure it for IPv6.  Talk about timely and relevant.

Would I recommend this book?  Yes.  While not exactly a page turner for most people (again, we are talking IPv6 here), it is a very good reference guide for making the transition from IPv4 to IPv6.

Book Review: PKI Uncovered, Certificate-based Security Solutions for Next-Generation Networks

How do you rate/review a technical book?    I could go on and on about different methodologies, but basically, I think a technical book is good if I can read it without having to take a ton of breaks, if I walk away with an understanding of the technology, and if it meets the needs of why I read it in the first place.

What makes me take breaks?  Really dry, super-down-in-the-weeds writing.  I am not a PhD candidate, nor do I live for reading IEEE RFCs.  It’s been said that if you want to write for the masses, it has to be at an 8th grade level  (I may be wrong, it could be 6th or 10th grade).    Techies are generally not “the masses”, but we still don’t want to be bored.   Nor do we want to see if you can use every word in the dictionary that has more than six syllables.

Even when writing at a level that the masses can follow, a good technical writer still needs to be able to impart the desired information in such a way that it can be retained and be of value.   Good writers provide clear examples, use analogies when appropriate, and know when enough is enough.

One could argue that if I end up with an understanding of the technology, then it is a good book regardless of how hard it was to read.   But since this my blog and I am writing the review, my rules win.

Now on to the review…

I just finished reading PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks from Cisco Press.  All-in-all, it’s a decent book.  Just for grins, I read the intro/preface to see who was the intended target audience and I think it misfired in that sense.  It’s not technical enough for the die-hard techies (thankfully – see above about taking breaks) and it’s too technical for the C-level (and other managerial types) it listed.

This book follows a traditional chapter layout approach: theory, examples, troubleshooting, and integration with other products.

The first chapter is a refresh on cryptography.  It explains what it is, characteristics, and the major components.  I would have liked more info in this chapter, but it really is just meant to be a quick refresh before delving into PKI.

The next few chapters focus on components of a public key infrastructure, how to set it up, troubleshooting, and design.

The final chapters deal with integrating PKI with other Cisco technologies/product such as VPNs, Unified Communications, and such.  As mentioned on the back cover, the book “offers specific, detailed guidance on using PKI with Cisco ..” products and it does not disappoint.

So what did I like about this book?  I really liked the fact that this book has plenty of examples and screen shots.  Being Cisco-centric, this book does a great job of explaining how to setup PKI on Cisco gear.  There is also a very good chapter on how to troubleshoot your public key infrastructure.  The authors provide numerous process flow charts, log parsing examples, and more to help troubleshoot a technology that can be very cryptic (no pun intended) to figure out.  If you are a Cisco shop, consider certain aspects of this book to be like a cookbook: follow the examples shown, you should end up with a working public key infrastructure.

This is also the book’s downside.  Once you get past the first few chapters, this book is heavily Cisco focused. This isn’t a problem if you know that before purchasing.  After all, it is a Cisco Press book.  I’ve only read about 10 Cisco Press books and I read them because I wanted to know about Cisco product.  And to be fair, the back cover does state that the book is for “Cisco customers”.

Another positive quality of this book is that it provides some very good design principles, such as having multiple/redundant certificate servers (in the proper hierarchy).  Too many times I’ve seen tech books provide designs that have many built-in single points of failure.  This isn’t one of those books.

In my opinion, there are only two areas for improvement: writing style and technical depth.  The writing style is dry.  If you’ve read some of my other blog posts, you will undoubtedly have noticed that I’m very informal most of the time.  I also like to inject some humor into my writings every now and then.  That being said, this book could use some could use some lightening up.

As for technical depth, I would have liked a bit more on just a few topics.  Not super-techie, but a bit more.  For example, the book mentions Diffie-Hellman but doesn’t get into the workings of it.  Same can be said for a few other items.  I figure if you are going to mention something, then do it justice and not just cover it in a line or two.  I would hazard a guess that D-H isn’t discussed in much detail because it really isn’t germane to the book’s topic.  For those topics that are germane, the authors do a good job.  Deep enough, but not so deep as to put the average techie to sleep.

So would I recommend this book?  If you are a Cisco shop looking to implement PKI, then most definitely.   If you are not a Cisco shop, then half of this book may not be of value.  For theory and principles, I think you would see value in it.  It’s a judgment call at this point.  As for myself, I would consider this book a good buy just for the first few chapters.  The rest of it is bonus material.

Categories: Book Reviews, cisco Tags: ,