When It HVAC Rains, It Seems Like It Pours

Ok, I'm not a fan of HVAC problems. But while I was in my basement last night, I noticed water on my basement floor. Ugh.
It was coming from where the coil was housed. I've seen this before, but couldn't remember what the problem was.  See below in the first picture. But then my wife reminded me that the hose line that directs condensation out of the unit was probably clogged up. And she was right. So I took our shop vac and put the hose on backwards so it would blow air out instead of vacuum and connected it to the water line. It cleared the line right out and no more clog.

A Daily Thought

The HVAC Verdit Is In...

I talked to my son-in-law today about yesterday's post.  If you didn't read it, we did some work on the HVAC intake where we basically covered every single crack/hole/entrance in the duct-work of the intake (in the crawlspace) that was not the actual intake vent ("return", as its called) inside the house.  I asked him if the "air seemed any better?" (meaning colder if you are from the South).  His reply was that yes, in fact, it actually does seem better.
That makes me feel good about fixing these two HVAC systems to be more efficient and cooler. If you are reading this, I would encourage you to take a look at yours also.
By the way, if you are thinking that it takes an HVAC guy to do something like this, don't think that.  I'm no where near that.

The Ole '35 House...

A few days ago, I posted about trying to fix my HVAC and that basement smell that was coming through the unit. And an unintended consequence of that fix was better efficiency of the unit, based on what we used to like the temperature at, as opposed to what we like it at now. So I decided to go over to the '35 house that we redid and look at that unit.
My son-in-law an I crawled under the house (something I'm generally opposed to) and looked at the intake of the unit.  And sure enough, something very similar. There were places in the intake where crawl space air was entering into the unit. They were not experiencing the same smell as I did, but I'm wondering more about the efficiency of the unit now.
So we put hvac tape everywhere there was an intake opening that did not belong, and now I'm just waiting to hear back from my son-in-law on if the is any difference.
After my experience, I would highly recommend you check out your own unit. I don't mean get someone to do it. I mean YOU do it. I've had hired hands come and look and never mention this, or fix that basement smell. I just don't think they are as interested as you are in your unit efficiency.

Romans 8:11

HVAC And The Basement Smell

Have you ever smelled the smell of a basement? If you have an unfinished basement, you probably know what I'm talking about.  Half of my house sits over a crawl space with a dirt floor. So imagine your basement smell inside your living area now. Not as strong as the basement, but you still notice it.
My house is an older house. Some people have said that it's just the way an older house smells. Well, I don't think that having the smell of your basement is normal. Or, it shouldn't be.  So I set off to fix this issue.
First, I called my HVAC guy. He came out and really didn't do much. And he charged me $75 for coming out. And, the smell was still coming through the HVAC when he left.
Next, I decided to pursue it myself. So, I ended up in the basement in the crawl space. I ended up finding an intake duct run that was slightly disconnected from the vent up on the main floor. Once I connected it back up and taped it up, I found that the problem of the smell upstairs was resolved.
Here is the interesting thing though. When we want to keep it cold at night for sleeping, we normally keep it at 69 to 70 degrees. Now, after fixing this intake issue, 73 degrees is too cold. Even tonight, 74 degrees was too cold. We have noticed that the efficiency of the HVAC system is much better now. All it took was for me to go down and examine the whole duct system and correct any problems that I saw. Now, our unit is doing much better.

Cisco Data Center: Enabling PBR (Policy Based Routing) On Cisco Nexus 9Ks

I've recently came upon the need to do some PBR (Policy Based Routing) on some core Nexus 9Ks within a data center environment.  Its interesting, to say the least, that Cisco is full of "We don't support" statements.  It makes me miss the Brocade days, even though they were not perfect either (although better).  So before we get into the config part, lets take a look at the "Cisco doesn't support" statements that they make:

1.  A policy-based routing route map can have only one match or set statement per route-map statement.
2.  A match command cannot refer to more than one ACL in a route map used for policy-based routing.
3.  The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.
4.  Using a prefix list as a match criteria is not supported. Do not use a prefix list in a policy-based routing route-map.
5.  Policy-based routing supports only unicast traffic. Multicast traffic is not supported.
6.  Policy-based routing is not supported with inbound traffic on FEX ports.
7.  Policy-based routing is not supported with Layer 3 port-channel subinterfaces.
8.  An ACL used in a policy-based routing route map cannot include deny access control entries (ACEs).
9.  Policy-based routing is supported only in the default system routing mode.
10.  The Cisco Nexus 9000 Series switches do not support the set vrf and set default next-hop commands.
11.  Policy-based routing traffic cannot be balanced if the next hop is recursive over ECMP paths. Instead, use the set {ip | ipv6} next-hop ip-address load-share command to specify the adjacent next hops.
12.  Beginning with Cisco NX-OS Release 6.1(2)I3(2), the Cisco Nexus 9000 Series switches support policy-based ACLs (PBACLs), also referred to as object-group ACLs. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
13.  If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Now, lets get into the config of this.  I have two Nexus 9Ks as my core.  I'm using L3 ports in this particular case.
CORE2(config)# feature pbr
CORE2(config)#  ip access-list PBR_2_9504s_PERMIT
CORE2(config-acl)# permit ip 10.45.0.0/16 any
CORE2(config-acl)# exit
CORE2(config)# ip access-list PBR_2_9504s_DENY
CORE2(config-acl)# permit ip 10.45.0.0/16 10.0.0.0/8
CORE2(config-acl)# exit
CORE2(config)# route-map PBR_2_9504s deny 10
CORE2(config-route-map)# match ip address PBR_2_9504s_DENY
CORE2(config-route-map)# route-map PBR_2_9504s permit 20
CORE2(config-route-map)# match ip address PBR_2_9504s_PERMIT
CORE2(config-route-map)# set ip next-hop 192.168.10.1 192.168.10.2 load-share

Now, lets apply it to the two L3 interfaces:
int eth 1/1
ip policy route-map PBR_2_9504s
int eth 2/1
ip policy route-map PBR_2_9504s

Lets look at the config for a moment.  Notice that the route-map references two statements.  "route-map PBR_2_9504s deny 10" points to ACL "PBR_2_9504s_DENY" in the statement "match ip address PBR_2_9504s_DENY". That is because of this particular "Cisco doesnt support" statements:
An ACL used in a policy-based routing route map cannot include deny access control entries (ACEs).
Then you move on to the permit statements, of which you want to permit the particular action.  In this case, I want to set the next hop to two different IPs (because of the redundancy in the network).  "route-map PBR_2_9504s permit 20" gets me to the permit actions.  It points to the ACL of "PBR_2_9504s_PERMIT" in the command "match ip address PBR_2_9504s_PERMIT".  Next, I send it to the next hops with the load sharing command "set ip next-hop 192.168.10.1 192.168.10.2 load-share".  I then apply it to the interfaces.

Now, some other things to know about the Nexus 9K and PBR.  You have to have Enterprise Services licensing.
CORE2# sh license usage
Feature                      Ins  Lic   Status Expiry Date Comments
                                 Count
--------------------------------------------------------------------------------
TP_SERVICES_PKG               No    -   Unused             -
NETWORK_SERVICES_PKG          Yes   -   Unused Never       -
LAN_ENTERPRISE_SERVICES_PKG   Yes   -   In use Never       -
--------------------------------------------------------------------------------
CORE2#

Next, the load-sharing is per flow, not per packet.  This is per Cisco documentation:
"You can optionally configure this command for next-hop addresses to load balance traffic for up
to 32 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow to a particular IP
next-hop address."

Also, if you use the "set" command in the first part of the route-map, it will have no effect.  Cisco says this:
"The set command has no effect inside a route-map... deny statement."

Python

OK, so if you read yesterday's post, you will understand where I'm going with this.  Today, I've started my 10 minutes of Python for each day.  I'm not saying it will be fast going, but you have to start somewhere.

Some Career Thoughts

Hi all. I hope you guys are doing well. I wanted to ask you a question. Have you noticed in the last year or so, that the job description for the "network engineer" has changed? I have. It appears that now, if you don't have Python and scripting skills, along with server experience, then you may not be a candidate for them. The job landscape is getting interesting for sure. It certainly appears that its time the network guy now has to grow into something more than routing and switching.

Sunday Thought: Value

Sometimes, it happens. You are making a living, but in the wrong place. I've seen this with a friend of mine in particular. I saw this below, and it makes me think of him each time I see it. Its OK to think better of yourself than your employer thinks of you. In fact, you should. They don't know you like you know you. Besides, they look at you from a "performance" standpoint. That's not how God looks at you.

Update...

Hey guys. I hope all is well with you. I wanted to take some time to give you an update on how things are going here.
First, I have to say I have missed regularly posting on this blog. It's something that crosses my mind often as something I "need to go do", but time has just not permitted. I've put a lot of effort in the past into this site, and I have to say I've missed doing so recently. So when you see me put up things that are not technical recently, it's really just to get something up here as a thought, etc.
At this point, I'm taking a CISSP class once a week, for three hours each night. I thought this would keep me on track in my studying, but the truth is that it hasn't. The reality is that it's just made me feel like I need more time. The problem is that life gets in the way of studying. I've realized that as being a middle aged, responsible person, there are just the things you "have" to do in life over the things you "need" or "want" to do. Honestly, making a living, getting things fixed, spending time with your loved ones, etc, is just more important than studying. And the reality is that there are only a certain amount of hours in the day. I'll get the studying done at some point, but with White Rhino and the rest of life going on, I'll just have to pace it as I can.  It's going to happen, just in the time I can make it happen. I've noticed that as I was younger and trying to get certifications, it was much easier to do. Either that, or I didn't prioritize life's problems, challenges, etc correctly. I've just noticed that now, it takes me a little longer to obtain these certification goals. Either way, I'm not sad about it, and if you are reading this and have felt the same way, don't you feel bad either. Life is more than certifications.
I've noticed a few things, especially listening to the people that teach this CISSP class. These people get up and talk about themselves in an intro. And it sounds impressive, I must say. But there are some realities I've noticed. First, either they know everything about the subject matter they are talking about, but they lack in many other areas in life. Meaning, if their car broke down, they wouldn't know how to fix it. But they sure can do this security thing or that without problem. But again, don't ask them how to fix a plumbing leak or change the air filter in the HVAC. They won't know. I'm not saying this is bad, they just aren't "well rounded". You have to decide which you prefer in life, and no answer is wrong, just different than the next guys decision.  For me, when people depend on me in life, I'd rather be "well rounded" in my knowledge. That's just me.
I've also noticed that as I probe the people teaching this class (and other technical people), when I dive deeper into a topic, they may not actually know the answers. For instance, a guy talked about building generators in the CISSP class. When I asked him a specific question about how it worked, he didn't really know. He just knew the basic that it kept the power on. Not a big deal to me, as he probably knew how to change a flat tire on his car. Which I respect.  My observation and point here is that everyone has knowledge in something, but may not actually know everything. People tend to hide that from other people. No big deal, just remember that as you talk to people. They may act like they know everything, but they don't.
I've rambled on long enough about the CISSP. I'll get it like I did the SSCP recently, just in MY time.
Now, some recent things: I cut the end off my finger off. No big deal, it's healing nicely. I thought it would be noticeable when it was done healing, but it looks like you won't be able to notice either at all or much. It still probably needs a few more weeks to heal, and I think it will be fine. I did this fixing a toilet of all things. One small note on this: funny how super glue can stop bleeding. Next, I've had to learn about some hvac stuff. Fixing some leaks in the duct system. Not fun, but something that I've had to get into recently to fix a problem I've had. Also, maintaining the cars.  Just something you have to do when you are responsible for the vehicles. I actually love working on cars. I could name many other things going on, but you get the point. That's why studying is just not the number one priority right now.
Now, let's get to the most important thing going on. Read your Bible. That's where real knowledge and wisdom is at. Not certification wisdom or changing the oil in your car wisdom. Life wisdom. God (YHWH) doesn't lie to you. He created this life, and He knows how you should live it. And if you don't recognize that name in parenthesis, look it up. The God of the Bible actually tells us His name. Do the research, you will be glad you did.

Sunday Thought: The Heart

These two seem to go hand in hand. The heart can be deceitful.