Archive

Category Archives for "Networking"

Converting numbers on Linux among decimal, hexadecimal, octal, and binary

You might not be challenged very often to convert numbers from one numbering system to another but, when you are, you can do it with either of two fairly easy commands on the Linux command line.Converting in your head can be taxing, especially for longer numbers. While the decimal numbering system allows any digit in a number to have any of ten values (0-9), digits in hexadecimal numbers can have 16 (0-F), digits in octal numbers only eight (0-7) and digits in binary numbers only two (0-1).And, whether you like it or not, from time to time you are likely to run into numbers displayed in hex or octal, and knowing how to convert them from one number base to another can come in handy.To read this article in full, please click here

netlab: VRF Lite over VXLAN Transport

One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:

I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.

That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).

Read more …

Automation 18. LibreNMS to NetBox Sync for Brownfield Automation Deployment

Dear friend,

Today we’ll look into a question, which is raising quite often on various meetups related to network automation or various threads that is the addition of any automation components (say, NetBox) to the existing networking managing suit, where you already have some inventory (say, LibreNMS). We’ll take a look into multiple approaches and, as usual, will share some code snippets how you can do that.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

What Is Integration Between Different Automation Tools?

Integrating different automation tools is typically the most labor-intensive work, as it requires understanding of the tools you are integrating, their internal hierarchy and APIs capabilities. That is not even saying that you shall be proficient with a variety of technologies, such as REST API or GRPC API, JSON/Protobuf/XML, Postman and many other tools. That’s a lot, and may be not easy to start with.

The good news is that all these things you can learn at out Network Automation Training programs:

Continue reading

Broken commit diff on Cisco IOS XR

TL;DR

Never trust show commit changes diff on Cisco IOS XR.

Cisco IOS XR is the operating system running for the Cisco ASR, NCS, and 8000 routers. Compared to Cisco IOS, it features a candidate configuration and a running configuration. In configuration mode, you can modify the first one and issue the commit command to apply it to the running configuration.1 This is a common concept for many NOS.

Before committing the candidate configuration to the running configuration, you may want to check the changes that have accumulated until now. That’s where the show commit changes diff command2 comes up. Its goal is to show the difference between the running configuration (show running-configuration) and the candidate configuration (show configuration merge). How hard can it be?

Let’s put an interface down on IOS XR 7.6.2 (released in August 2022):

RP/0/RP0/CPU0:router(config)#int Hu0/1/0/1 shut
RP/0/RP0/CPU0:router(config)#show commit changes diff
Wed Nov 23 11:08:30.275 CET
Building configuration...
!! IOS XR Configuration 7.6.2
+  interface HundredGigE0/1/0/1
+   shutdown
   !
end

The + sign before interface HundredGigE0/1/0/1 makes it look like you did create a new interface. Maybe there was a typo? No, the diff is just broken. If you Continue reading

Worth Reading: Egress Anycast in Cloudflare Network

Cloudflare has been using ingress anycast (advertising the same set of prefixes from all data centers) for ages. Now they did a giant leap forward and implemented another “this thing can never work” technology: egress anycast. Servers from multiple data centers use source addresses from the prefix that’s advertised by all data centers.

Not only that, in the long-established tradition they described their implementation in enough details that someone determined enough could go and implement it (as opposed to the typical look how awesome our secret sauce is approach from Google).

Weekend Reads 120222


Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study shows.


75% of lookalike domains are registered with unrelated third parties and target these companies.


China’s antitrust watchdog, the State Administration for Market Regulation (SAMR), has proposed a revision of the nation’s competition law that targets tech firms.


A new report claims that Meta’s tracking Pixel has been used to collect your financial information when using popular tax filing services to send in your return.


Did you know that a Magniber ransomware infection can cost you a ransom of as much as US$2,500?


New York State has banned a practice becoming more common in the crypto-mining industry – the rescuing and repurposing of mothballed fossil fuel plants to exclusively provide energy for mining digital currency.


DDoS attacks target certain networks, flooding them with unwanted traffic from many different sources and causing interruptions to online services for legitimate users.


John the Ripper (JtR) is a popular password-cracking tool. John supports many encryption technologies for Windows and Unix systems (Mac included).


While in the near future most devices in the car will Continue reading

Surviving a Mastodon stampede

By now you’ve probably heard about Mastodon, the open-source microblogging platform that’s been gaining popularity since Elon Musk took over Twitter.A major feature of the platform is it’s de-centralized, distributed architecture that provides resilience, but a downside is that it can cause congestion and increase latency for the unprepared.Here’s how Mastodon works. Its servers (instances) operate semi-independently of each other, and users register with servers geared toward communities that interest them. But users can follow and interact with others from across the Fediverse—users hosted on other Mastodon instances as well as other services utilizing the open-source ActivityPub protocol from the Worldwide Web Consortium.To read this article in full, please click here

Hedge 156: Functional Separation in Network Design with Kevin Myers

Modularization is a crucial part of network design because it supports interchangeability, reduces the size of failure domains, and controls security domains. One critical aspect of modularization is functional separation, which argues for separating services onto specific physical and logical resources. Kevin Myers joins Tom Ammon and Russ White on this episode of the Hedge to discuss the theory and importance of functional separation in network design.

download

IPv6 flow analytics with Containerlab

CONTAINERlab is a Docker orchestration tool for creating virtual network topologies. The sflow-rt/containerlab project contains a number of topologies demonstrating industry standard streaming sFlow telemetry with realistic data center topologies. This article extends the examples in Real-time telemetry from a 5 stage Clos fabric and Real-time EVPN fabric visibility to demonstrate visibility into IPv6 traffic flows.

docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v $(pwd):$(pwd) -w $(pwd) \
  ghcr.io/srl-labs/clab bash

Run the above command to start Containerlab if you already have Docker installed. Otherwise, Installation provides detailed instructions for a variety of platforms.

curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.yml

Download the topology file for the 5 stage Clos fabric shown above.

containerlab deploy -t clos5.yml

Finally, deploy the topology.

The screen capture shows a real-time view of traffic flowing across the network during an iperf3 test. Click on the sFlow-RT Apps menu and select the browse-flows application, or click here for a direct link to a chart with the settings shown above. 
docker exec -it clab-clos5-h1 iperf3 -c 2001:172:16:4::2

Each of the hosts in the network has an iperf3 server, so running the above command will test bandwidth between Continue reading

Is SASE right for your organization? 5 key questions to ask

Secure access service edge (SASE) is a network architecture that provides a security-focused alternative to SD-WAN. First outlined by Gartner in 2019, SASE converges SD-WAN services with a range of Security-as-a-Service offerings. Gartner now forecasts that by 2024 at least 40% of enterprises will consider adopting SASE.The leading SASE vendors are a mix of networking incumbents and well-funded startups. These include Cato Networks, Cisco, Fortinet, HPE, Palo Alto Networks, Perimeter 81, Versa, VMware, and Zscaler.To read this article in full, please click here

1 2 3 3,047