Specializes in the design of networks and protocols to support leading edge applications where there is no "by the book" solution, such as transparently redundant firewalls and routers for high availability. Expert in the theory, practice, and mixing of TCP/IP, OSI, SNA, NetWare ( IPX ) and Windows ( SMB ) protocols.

Expert Witness & Consultant Testimony:

Dr. Jones is often retained as an expert witness and consultant providing expert reports, depositions and court room testimony in support of litigation for the legal community.

Addison-Wesley Articles Authored By Dr. Jones:

• Configuration for Transparently Redundant Firewalls
  Author Vincent Jones describes why it's both possible and practical to configure redundant firewalls to provide continued operation despite router or firewall failure and with minimal impact on security.

• Managing Multiple Routers at a Single Site
  Improving the availability of network services at a site requires more than simply installing a second router. Author Vincent Jones discusses three major configuration concerns that are unique to a LAN with multiple routers providing WAN connectivity.

• Multi-Homing--Connecting to Two ISPs
  Multihoming is an increasingly popular approach for enhancing Internet connectivity. While commonly associated with large routers and complex BGP configurations, Author Vincent Jones helps you to understand how the availability benefits of multihoming can be achieved at low cost using relatively simple techniques. But your multihoming strategy must be carefully planned to ensure that you actually improve the Internet availability seen by your company.

• A Comparison of Dial Backup Approaches
  In this article Author Vincent Jones discusses three popular mechanisms for implementing a dial backup solution for improving network availability, highlighting the benefits and drawbacks of each approach.

• Dial Backup for IPSec Tunnels
  Network availability in a VPN environment can be significantly enhanced through support of redundant communications links, either in the form of VPNs through other ISPs or as discussed by Author Vincent Jones in this article, via dial backup.

• O'Reilly Open Source Convention - Multi-Homing: Connecting to Two ISPs
  Many organizations depend upon Internet connectivity to support critical applications. Author Vincent Jones explains that a popular approach for improving Internet connectivity is to connect to more than one Internet service provider ( ISP ), a technique called multi-homing.

Dr. Jones has extensive experience providing proven solutions based on open standards and protocols to improve TCO ( total cost of ownership ) and enhance managability while minimizing the impact of failure on network operations for a wide range of unique application requirements. He combines in-depth theoretical knowledge with over 25 years of practical computer networking experience to understand the abilities and limitations of the TCP/IP, SNA, IPX, NetBIOS, and OSI protocol architectures; the optimal use of routers, switches, hubs, firewalls, and gateways in integrated LAN and WAN internetworks; and the state of the art and emerging trends in popular communications technologies.

Going beyond "rules of thumb" and "documentation checklists," Dr. Jones develops functional, cost effective performing network solutions that meet your specific needs. Since he understands the "why" as well as the "what" of networking, he knows which rules can be bent when necessary to satisfy unique application requirements and can frequently work around implementation deficiencies such as software bugs.

Technical Expertise:

• Design, implementation and troubleshooting of small, large and very large switched and routed networks using various bridging and routing protocols including BGP, EGP, EIGRP, HSRP, IGRP, integrated IS-IS, OSPF, RIP, TST and VRRP.

• Design of high availability networks with automated failover across redundant components and paths to support critical applications, from low-cost ISDN dial backup of a single link to high performance Enterprise networks with no single point of failure.

• Integration of multiple LANs and LAN technologies ( including Ethernet, Fast Ethernet, Gigabit Ethernet, Token Ring, FDDI and ATM ) both locally and over various WANs ( including X.25, ISDN, Frame Relay, and ATM ) using Routers, Switches and Bridges.

• Network monitoring and management using a variety of products ranging from point solutions such as MRTG and Whats-Up Gold to enterprise suites such as HP OpenView and CA Unicenter TNG.

• Theoretical and practical understanding of available LAN MAN, WAN and VPN technologies, protocols, and architectures, allowing development of solutions which are not supported "off the shelf."

Client needs vary widely and there is no such thing as a typical engagement. Over the years, projects have ranged from the theoretical analysis of emerging protocol standards to the diagnosis of intermittent hardware failures. Past projects of Dr. Jones include:

• Virtual private network with "around the Internet" dial backup.
• Assistance in the formulation of strategic and tactical plans.
• Orchestrating a data center move with no service interruptions.
• Fully redundant, multihomed Internet connectivity using low-cost routers.
• Load-balancing over-subscribed T1 links for a multihomed ISP.
• User transparent failover of redundant "stateful" firewalls.
• SNA support using redundant DLSw connections through NAT firewalls.
• Analog backup of ISDN backup of frame relay links.
• Evaluating firewall capabilities relative to unique organizational requirements.
• Network performance tuning and reliability enhancement.
• Development and presentation of training courses and seminars.
• RFP development and subsequent evaluation of responses.
• Extension of network management system capabilities to "unmanageable" components.

Case Studies:

Some of the unique ways clients have benefited from the consultancy of Dr. Jones:

• Automatic Redundant Firewall Failover

  A client with very conservative firewall administration policies was suffering because even though they installed redundant firewalls, applications could not automatically take advantage of the redundancy because the static routing used would continue to deliver outbound packets to a down firewall. Dr. Jones designed a router and firewall configuration which allowed the firewalls to automatically take over for one another without degrading security or modifying the existing security policy.

• Data Center Move with No Service Disruption

  Normally, moving a data center requires a "flash cutover" of the network providing remote systems access. Dr. Jones developed a series of router configuration changes which allowed the data center routers to be moved one at a time, bringing down the old lines only after the new lines were proven, and providing uninterrupted user support for the entire duration of the move.

• Protecting an Extended LAN from Service Disruption Due to LAN Segmentation

  A remote warehouse consisting of multiple LAN segments connected by fiber links required communications with NO single point of failure. Dr. Jones designed a configuration that allowed users on the LAN to continue full operations ( except IPX ) if any router, WAN link, switch, or inter-LAN link failed, while loss of a hub, controller or user system would only affect the users on that piece of the network.

• Detecting a Timing Race Between Cooperating Processors in a Modular Controller

  A modular controller with two internal processors was failing intermittently in a critical control application. Dr. Jones worked with the manufacturer's engineers to track down the cause of the system lockup and develop a solution.

• Eliminating Router Dependency in an ISDN Backup Application

  Conventional ISDN dial backup configuration can only dial a single destination number for any single IP address. Dr. Jones developed an ISDN dial backup configuration which allowed any remote to call any core router as if all core routers were just different phone numbers for the same interface on the same route.

• Using DLSw Backup Peers to Control Route Utilization

  A worldwide organization had performance problems due to the high priority assigned to DLSw traffic on their international links when the SNA service was used for bulk transfers. Dr. Jones designed a configuration that forced only the SNA traffic onto a dedicated low speed link while retaining the ability to use the shared international links for backup.

• Critical Review of an Extended LAN RFP

  A large manufacturing facility was preparing to release an RFP to overhaul their factory floor communications. Dr. Jones provided a critical review of the RFP, detecting a number of inconsistencies and worked with the manufacturer's IS staff to ensure that all vital needs really were being covered.

• Async Dialup to Support Remote Sites Waiting for Frame Relay and ISDN Installation

  An expanding retail chain could not get the local RBOC to install frame relay and ISDN services to match their store opening schedules. Dr. Jones designed and implemented an asynchronous dial-in server and matching store router configurations to support all IP and IPX requirements over available POTS lines.

• Analysis of Redundancy Requirements for a Web Server Site

  A highly visible organization suffered multiple embarrassing web server failures over a period of several months. Dr. Jones was called in to review all aspects of the operation from validation of their selection of NT versus Unix servers, to analysis of firewall crashes, to suggestions on how best to work around ISP failures.

• Miscellaneous Examples of Other Projects

  Dr. Jones has been engaged in many challenging opportunities over the years, not all of which are suitable for full case study treatment. Here he presents some of the more interesting ones, including facilitating development of a strategic architecture, analysis of evolving standards, management consulting, protocol development, and hardware debugging.

White Papers:

Some general approaches to common networking problems. While most of the examples are based on Cisco routers, these techniques used by Dr. Jones can frequently be adapted to other vendors' implementations.

• Configuration for Transparently Redundant Firewalls

  Firewalls play a critical role in modern networks, and their importance is increasing as organizations recognize the vulnerabilities of internetworking. We can no longer be satisfied merely to have accomplished communications. The ability to communicate is now a given and the challenge is to do so safely and efficiently. It is possible and practical to configure redundant firewalls to provide continued operation despite router, access network, or firewall failure and this white paper illustrates one way that it can be done with no dependence on proprietary firewall or router capabilities. Impact on security is minimal because the only communications between inside and outside routers is through the firewalls and the only information trusted is whether or not a particular firewall can be used to reach a particular router on the other side. The firewalls do not exchange routing information with or otherwise trust any routers, and can continue to run in a conservative, secure configuration using network address translation, arbitrary state-sensitive filters, proxies, and static routing. An example configuration for Cisco routers is provided.

Redundant Routers with Redundant Firewalls

• Performance Impact of Backbone Speed in Switched LAN Architectures

  The classic extended LAN architecture of a backbone LAN connecting multiple local access LANs has been a popular approach since the 1980s. While LAN speeds have increased by over two orders of magnitude, the fundamental limitations of this architecture can still affect high performance applications. This white paper examines the impact of the store and forwarding delays incurred when interconnecting LANs running at different data rates, and shows how to quantify the impact of changing backbone and/or access LAN speeds so that upgrades can improve, rather than degrade, end-to-end performance.

• Cisco 11.2 IOS Configuration for Redundant DLSw Connecting Ethernet Attached Devices

  Data Link Switching ( DLSw ) can provide excellent connectivity for IBM SNA applications. However, when the SNA devices are Ethernet rather than token ring attached so that source routing is no longer end-to-end, configuring redundant DLSw peers will result in an unstable network. While Cisco has introduced redundant Ethernet capability in IOS 12.0, this paper presents a DLSw peering configuration that will work with any IOS release starting with 11.2 to provide hot-standby capability and eliminate single points of failure, without introducing the switch compatibility challenges and subsequent manual configuration needs of the Cisco capability.

• Using Dial-on-Demand Routing to Trigger Backup Links on Cisco Routers

  Cisco provides the backup interface command set to support dial backup and bandwidth on demand. While these commands work well for bandwidth on demand, the requirement that the CSU/DSU lose carrier in order to trigger backup can result in unnecessary network outages. This paper shows how floating static routes can be used with Cisco Dial-on-Demand Routing to initiate the dial backup based on routing table changes, a much more dependable source of reachability data.

• Using BGP to Trigger Multiple Levels of Dial Backup on Cisco Routers

  Cisco does not support dial backup of dial backup links, such as using ISDN to backup a frame relay link and then use analog modems to backup the ISDN. This paper shows how BGP can be used in an EIGRP or OSPF routed network to force a backup link to be established in the event that the preferred dial on demand alternative route can not be established. Unlike the backup interface command set, this approach can be extended to work across multiple routers at a location or to provide any number of levels of dial backup.

• Using the AUX Port on Cisco Routers for IP/IPX Router Communications

  The need to support IPX routing as well as TCP/IP creates additional challenges when designing dial backup solutions. This paper shows how to support both IP and IPX routing between Cisco Routers using PPP between the AUX ports connected to analog modems. While the example uses EIGRP for IP routing and RIP for IPX routing, the actual choice of routing protocols should be arbitrary as the routing protocol is used only to control the activation of floating static routes.

• Automated Analysis of Cisco Log Files

  Tremendous amounts of useful operations data and warnings of pending failures are available in the router logs. The challenge is that as the network gets larger, so do the number of entries in the logs, which can quickly grow to unmanageable size. Automating the analysis of router logs is essential to allow using the router logs as a proactive network management tool. Many organizations fail to take full advantage of the available information because of the high initial cost of programming around the various inconsistencies in the way various events are reported, the frequency with which individual entries are delayed, duplicated or missing, and the need to customize software to match their network configuration. This paper looks at some of the techniques used by Networking Unlimited, Inc to improve the accuracy of automated log analysis and make it a cost-effective tool for network management and improving network reliability.

• Multi-Homing Connecting to Two ISPs

  Many organizations depend upon Internet connectivity to support critical applications. One popular approach for improving Internet connectivity is to connect to more than one Internet Service Provider ( ISP ), a technique called multi-homing. Multi-homing can be very effective for ensuring continuous connectivity-- eliminating the ISP as a single point of failure--and it can be cost effective as well. However, your multi-homing strategy must be carefully planned to ensure that you actually improve connectivity and do not inadvertently introduce unnecessary single points of failure.

• Redundant Routes in IPSec VPNs

  Building a virtual private network ( VPN ) using IP Security Protocol ( IPSec ) is a popular cost-saving approach to wide area networking. One disadvantage of using a VPN is the scarcity of convenient tools to provide resilience in the face of router, firewall, or network failure. The challenge is to automatically detect failure of an IPSec connection so that an alternate route can be used. This white paper looks at two different approaches Networking Unlimited, inc. has used to meet the challenge: using a GRE tunnel to make the IPSec transport appear as a point-to-point link, and using BGP directly over the IPSec transport. Example Cisco router configurations are provided for each approach.

The following one-day tutorial presentations are available for presentation by Dr. Jones at your conference or facility:

1. How Networks Work: The Limits of Modern Networking.

2. Network Design for High Availability.

3. Cisco Router Log Analysis Using Perl.

4. Hubs, Bridges & Routers: The Tools of Networking.

5. Managing Networks with SNMP.

6. To BGP or Not to BGP: Making the Internet Connection.

Dr. Jones specializes in applying the theory of networking to the solution of real world problems.

Whether designing a highly redundant network infrastructure to maximize reliability or improving the performance and manageability of an existing network, Dr. Vincent C. Jones, PE can help you get more for your networking dollars.