September 2, 2009 3:38 PM
Pick an IP address... go on, any IP address
A little knowledge is a dangerous thing. The trouble with making systems easy to configure is that people who have no business putting IT in their job title anywhere, suddenly think they can manage networks, servers and applications, and they’re causing chaos.
I was recently doing some work for a ‘major UK Service Provider’ on the firewalls in their Data Centres. Now I appreciate that this company hosts a lot of services and applications for its customers, and things can get a bit complex, but when an application developer calls me and says “We have this new application and we don’t know what TCP ports it uses—could you have a look at the firewall logs and see what’s getting dropped from the server’s IP address, so we know what it’s doing?” I do have a couple of teensy issues.
Quite apart from the rather obvious complaint that I have enough to do without doing his job for him, I’m sure the firewall manufacturer is absolutely delighted that its state-of-the-art, high performance stateful firewall is being used as a souped-up protocol analyser.
In fact, there are network analysers available, but setting them up apparently takes too long, so it’s ‘easier’ (for who, I wonder) to just look on the firewalls.
But the real issue is of course that not only did this person not know how his application worked, he wasn’t even embarrassed by the fact. And he is most certainly not alone. This wasn’t an isolated request.
Is it too much to expect that people know the basics of their jobs? I had to explain subnet masking the other day to someone who knew that a /28 mask covered 16 addresses (including the network and broadcast addresses) but believed that you could pick any IP address as the starting address and the mask would magically just include the next 15 addresses. He had no idea of how the mask actually worked, or that there might be some limitation as to the blocks of addresses you could identify. He didn’t know what contiguous meant either.
Which wouldn’t have mattered so much if this person wasn’t responsible for requesting ranges of addresses to be advertised over the network and through the firewalls. Needless to say, a whole lot of reconfiguration had to be done to unpick the rubbish that had been asked for. And no, he wasn’t new to the job.
We don’t have time these days to take on extra work that we shouldn’t have to be doing in the first place. It’s frustrating and annoying and does nothing to engender good inter-team relations. Not going by some of the one-sided phonecalls I’ve overheard recently, anyway! So can we please all stop playing with fancy GUIs and wizards and take the time to get to grips with the boring fundamentals?
By the way—my application developer? He had the server IP address wrong too.
Subscribe to this blog
Email
Permalink
Print
Contact Us
Twitter Profile
Linked-in Profile
