Archive

Category Archives for "Networking with FISH"

Networking With Fish: YouTube Channel

Blogging, originally, was my go to and preferred method for sharing information to others – teaching, sharing, etc.  For a few corner case type things I found video (YouTube) to be a better tool for those specific items.  Recently, however, I am finding about half of my ideas of things I want to “pass on” to others… would be best (in my opinion) via video.

I’ve been trying to figure out and think about how best to have the two sharing tools – this blog site and the YouTube channel – best compliment each other.  So I have been experimenting with this.  What I have come up with that I like and works for me is the following…..

  • “Standalone Video” – If the YouTube is really a “standalone” and blogging with additional text around it here doesn’t “help” communicate what I’m trying to get across… then I won’t be blogging about it here.
  • “Video Series” – There will be series that will be building on each other – like the videos in the playlist “BGP Show and Tell: Beginners” and the playlist “Label Swapping Fun”.   Video series, I believe, would definitely benefit from larger big Continue reading

CiscoLive 2018: ‘Summer Camp for Geeks’

Are you ready for CiscoLive US 2018?  Ready for Summer Camp for Geeks?!    I think it is hard to truly be completely ready for the experience nowadays.  Why?  Because CiscoLive US is just huge with so many options of things to experience as an attendee…. more options than you have time for.  If you have been to CiscoLive US before… you KNOW this is true. And every year more and more …. and more and more … get added.  For 2018 my favorite CiscoLive add is the new ‘Content Cafe’ session type (30 minutes).  Other favorites of mine are the ‘Flip Sessions’ and the “Beers with Engineers”.  🙂

Deciding where to spend your time and energy during #CLUS can be overwhelming and daunting.

What is my absolute #1 suggestion to anyone going to a CiscoLive event?  Easy – “Begin with the End in Mind“.  Know what your priorities are and then schedule your week accordingly.

shutterstock_260169440

STEP #1: Create Your Cisco Live 2018 Priority List

Take your goals and translate them into a priority list.

STEP #2: Learn from the Past

If you have been to CiscoLive before… Continue reading

Resumes: “Begin with the End in Mind” – Musings from the FishBowl

I feel like I should go to some “Resume PTSD” meetings.. are there such things?  LOL.  I can imagine a dark room like they have in the movies for 12 step meetings.  Some podium up in the front where everyone has to tell their story.  The lead nods to me that it is my turn and I go up to the podium….

“Hello, my name is Fish, and I have Resume PTSD.  It all started for me one evening when I was 16 years old. I remember was in the family room of our house in Princeton, New Jersey… it was deep winter out so we had the fire in the fireplace going.  Dad walked across the room to sit by the fire… he put before him 2 stacks of resumes – one stack for people applying to be a Vice President and another stack for people applying to be a Lobby Ambassador and Admin.  I watched in appropriate 16 year old horror as he glanced at each piece of paper and within 5-10 seconds he decided if it went in the pile for definitely interview, or the pile for review resume again Continue reading

Woot Woot! 16 Weeks of Security Learning!! — SECURITY ZERO-TO-HERO

Just signed up last week for the Micronic’s “Security Zero-to-Hero” class. I am beyond stoked and excited!  I have been searching for awhile now for a class to take to help me really “go to the next level” in Security. But I just wasn’t finding the kind of class I was looking for. Every class I saw offered was either focused on one narrow aspect of the security landscape OR focused on helping people pass the CCIE Security.  Neither or which matched what I was searching for.

The class I was hoping to find would be structured more like a semester long college class with real world production discussions and also hands on labs. A class where … over weeks of learning and labbing in my personal time… the learning would just continue to seep deeper and deeper and the “aha” moments would just keep coming.  There were lots of one week classes to choose from. But, for me,  I just don’t see a one week class as a great “immersive” experience  into the complex landscape of the world of Security.  There is a “learning limit”, for me, as to how much my brain can retain Continue reading

Casting Call: Coming Soon on the “Networking with Fish” YouTube Channel

You know those times in life when you just know, in your heart of hearts, you are at the beginning of some incredible and life changing adventure?  Some new journey you will be embarking on that you know will be a watershed moment for you……. but you are still in the “seeing it” and “trying to figure it out” phase?   That phase where it feels like you almost cannot seem to keep up with the complex network of neurons firing in your brain.   The creativity starts and then a new idea comes along… neurons fire…. adrenaline rushes… you read something or someone says something…. and POW!…. ideas flood forward… and you get a few steps closer to clarity on that seeming elusive bigger picture still slowly taking shape.

The details are still forming… but the bigger picture is finally formed —   “Casting Call: Angling for Good Tech and Good Conversations”

Yes, you are right… I’m getting ahead of myself.

Okay… okay… let me slow down.

I will soon be launching a new video series on my Networking with Fish YouTube Channel.

Casting Call: Angling for Good Tech and Good Conversations”

It all started Continue reading

The “Case of the Broken MPLS L3VPN”

In the last blog – “MPLS L3VPN: Label Following Fun with Fish” and its corresponding YouTube show and tell we basically set the stage for this blog and YouTube.  ?

Last we left our environment, we saw a successful ping between R1’s loopback and R2’s loopback. And we followed the label swapping in the core.

Now they can’t ping each other.  Time to put our Network Detective badge on and go for a ride-along in the Case of the Broken L3VPN.  I always always always learn the most while troubleshooting.  ?   So let’s go!

All PowerPoint diagrams in PDF format: Fish_Label_Fun.pdf

Sniffer Trace: Label_Following_Fun.pcap

YouTube Link: https://www.youtube.com/watch?v=TRVHHpaUZ-A&t=

I suggest downloading the PDF and the PCAP file and then clicking on the YouTube link.

MPLS L3VPN: Label Following Fun with Fish

I have to admit I LOVE MPLS.  Didn’t love it so much when I was first learning about it admittedly.  ?   I found it kinda hard at first.  Then a lightbulb came on for me –  MPLS, at the forwarding plane label switching level, was a lot like Frame-Relay switching but on steroids. That visual really helped.  It also really helped me with a “starting point” when teaching about labels, label switching, and label forwarding with others. ?  But now many young people don’t have that frame-relay switching world in their brain.  So when a college intern asked me a couple months ago if I wouldn’t mind doing an MPLS chalk talk…. I was trying to “see” in my mind how the heck I teach it without giving the audience that frame-relay switching connection. I thought about VLANs, trunks, Q-in-Q…. I just didn’t like any of them.  None of them seemed to fit at all.  I could only think of one way to show him the newbie basics – come up with an environment, build it, configure it, follow the propagation of labels… and then follow the labels.  So make sure you Continue reading

MPLS, L3VPN, Multicast, and mVPN Fun in the Lab: Building a MPLS L3VPN Unicast and Multicast Cloud (6 Part Blog Series)

I needed to build a MPLS cloud for something.  Thought I’d invite you along for the fun in the lab.  Party on!**

big_picture_party_fun

Ultimately what I want to do is have a multicast source up in the upper left in Headquarters and multicast receivers down in Site11 and Site 12 joining those groups.

For this blog series that will mean 6 blogs, plus zip files of the varying configs as we build them, plus sniffer traces for you to download and refer to.

MPLS Fun in the Lab: Building the MPLS Cloud – Part 1 of 6

Create the MPLS cloud and prep it for MPLS L3VPN Unicast for One L3VPN Customer

  • OSPF area 0
  • MPLS LDP neighbors between the PEs and the P
  • BGP VPNv4 peers from all PEs to the VPNv4 Route Reflector

MPLS Fun in the Lab: Connect a Customer – Part 2 of 6

  • Create a VRF in each PE.
  • Apply the VRF and IP addresses on the interfaces in each PE towards the CEs.
  • Create the BGP neighbors in the PEs towards the CEs.
  • Ping from HQ to Site 11
  • Look at the sniffer trace of the above Ping

MPLS Fun in the Continue reading

Understanding IPv6 – The 7 Part Blog Series and the 28 minute CHI-NOG Snippet

New to IPv6 or know someone who is?  Below you will find my 7 part blog series of my lessons learned during my IPv6 journey and how I now teach IPv6 to others newer to it.  Prefer a YouTube instead?  At the end you will find the very rapid paced .. 28 minute… presentation I did of this for CHI-NOG in 2016.

     Understanding IPv6: The Journey Begins (Part 1 of 7)

 

   Understanding IPv6: Link-Local ‘Magic’ (Part 2 of 7)

 

Understanding IPv6: A Sniffer Full Of 3s (Part 3 of 7)

 

  Understanding IPv6: What Is Solicited-Node Multicast? (Part 4 of 7)

 

  Understanding IPv6: Prepping For Solicited-Node Multicast (Part 5 of 7)

 

Understanding IPv6: The Ping Before Solicited-Node Multicast (Part 6 of 7)

 

Understanding IPv6: Solicited-Node Multicast In Action (Part 7 of 7)

 

 

 

Understanding IPv6: Solicited-Node Multicast In Action (Part 7 of 7)

 

The last few blogs in my series on IPv6 have focused on solicited-node multicast, which provides the functionality for Neighbor Discovery in IPv6 addressing. We ended the last blog with a cliffhanger, asking, “In IPv6, how do we find the Layer 2 MAC address associated with a Layer 3 IPv6 address?”

 

Time to put the pieces together
In this series of blogs, I have laid out all the varying puzzle pieces needed to answer this question. Let’s start putting those puzzle pieces together.

In this blog, we learned that, if a device has an IPv6 global address of 2001:DB8::AB:1/64, then, according to RFC 4291, it must also “compute and join” the IPv6 solicited-node multicast address FF02::1:FFAB:1.

By the same logic, that means the node associated with the IPv6 address of 2001:DB8::AB:2 must “compute and join” the IPv6 solicited-node multicast address FF02::1:FFAB:2.

So our first puzzle piece gets us to here:

But so what? How does that get us any closer to getting the DMAC associated with Router B’s IPv6 global unicast address? All it did was give us a multicast address that this IPv6 unicast address must join.

Let’s add another piece of the puzzle. From this Continue reading

Understanding IPv6: The Ping Before Solicited-Node Multicast (Part 6 of 7)

In a previous blog, we looked at the basics of IPv6 solicited-node multicast. Going back to our Router A and Router B environment, if we sniff the wire while pinging from Router A’s IPv6 address to Router B’s IPv6 address, what will we see? Spoilers! Suffice it to say we will see some IPv6 solicited-node multicast very much in action.

 

Ping in IPv4

Before we jump into IPv6, let’s first do an IPv4 ping from Router A to Router B. When we sniff the wire we can review the mechanisms of how IPv4 does all of this on the wire.

When ping 10.10.10.2 is entered on Router A, the router knows it is being asked to build an ICMP echo request message and put it “out on the wire” with a destination IP address of 10.10.10.2. But in order to make the request “ready” to put out on the wire to get to 10.10.10.2, Router A needs more than simply the destination IPv4 address.

For the purposes of this post, we will look at four things the router needs before sending the ICMP echo request out on the wire. These Continue reading

Understanding IPv6: Prepping For Solicited-Node Multicast (Part 5 of 7)

Solicited-node multicast: I stumbled and tripped a bunch over this one in the beginning.  Well, that isn’t 100% true. Admittedly, at first, I really just ignored it, which really got in the way of my understanding some of the fundamentals of Neighbor Discovery Protocol (NDP).

But before we jump into solicited-node multicast, let’s review link-local scope multicast addresses.

Multicast is all around you
Multicast is all around your current IPv4 network. You might not think so if you haven’t enabled IP multicast routing and PIM, but it’s there. Pretty much everywhere you turn, it’s there.

Let’s return to our RouterA/RouterB environment. But let’s have IPv4 only running right now, like probably a lot of your routers in your environment.

Show IP interface
This is often an overlooked command, which is a shame because there is a great deal of very useful information that is given in the output. For now, we’re going to focus on the line “multicast reserved groups joined” and ignore all the other lines.

See? Lots and lots of multicast! To be specific, lots of “Local Network Control Block (224.0.0.0 – 224.0.0.255 (224.0.0/24),” according to the Internet Continue reading

Understanding IPv6: What Is Solicited-Node Multicast? (Part 4 of 7)

IPv6 solicited-node multicast somtimes seems to confuse those new to IPv6 in the beginning. I think this is because it seems so foreign and new. In this post, we will explore exactly what IPv6’s solicited-node multicast is and the rules of creating such an address as told to us by RFC 4291.

However, before we start on what’s new and different, let’s look at what solicited-node multicast has in common with IPv4 and IPv6 constructs that we already know.

In this blog post, we looked at IPv6 link-local scope multicast addresses. One of the examples was FF02::A. This address is for all devices on a wire that want to “talk” EIGRP with one another.

Focusing specifically on FF02::A and how routers join it, we can see and say three things:

  • Local: FF02::A is local to the wire.
  • Join: Each device “joins” FF02::A by just “deciding to listen” to the IPv6 link-local scope multicast address FF02::A. Then, by extension, it listens to the corresponding MAC address for that multicast IPv6 address (33:33:00:00:00:0A).
  • Common interest: As we can see, these varying groups have something in common that they would all like to hear about. For FF02::A, the common interest — the “connection” Continue reading

Understanding IPv6: A Sniffer Full Of 3s (Part 3 of 7)

“What the heck?” Yup, that pretty much summed up my confusion the first time I saw it. A sniffer trace full of threes.

The first thing it reminded me of was my days with Token Ring and locally administered addresses (LAAs). This was for two reasons:

  1. I could only see these MAC addresses being used as destination MACs, not as source MACs. This was the same with my experience with LAAs in token ring
  2. The MAC addresses seemed so pretty and clean, like the Token Ring LAA typically used for a 3745 IBM front-end process — 4000.3745.0001. Just look at them. Four threes, followed by a bunch of zeros, and then just one little number.

Help from Wireshark

I hope you are familiar with Wireshark; I use it all the time. It shows “reality” on the wire, which is crucial if you are a network detective trying to solve a whodunit.

If you are familiar with Wireshark then you might know that I can configure how the MAC addresses are displayed in the columns via the Wireshark preferences. As you can see below, I have set the preferences to not resolve the MAC addresses for me, Continue reading

Understanding IPv6: A Sniffer Full Of 3s (Part 3 of 7)

“What the heck?” Yup, that pretty much summed up my confusion the first time I saw it. A sniffer trace full of threes.

The first thing it reminded me of was my days with Token Ring and locally administered addresses (LAAs). This was for two reasons:

  1. I could only see these MAC addresses being used as destination MACs, not as source MACs. This was the same with my experience with LAAs in token ring
  2. The MAC addresses seemed so pretty and clean, like the Token Ring LAA typically used for a 3745 IBM front-end process — 4000.3745.0001. Just look at them. Four threes, followed by a bunch of zeros, and then just one little number.

Help from Wireshark

I hope you are familiar with Wireshark; I use it all the time. It shows “reality” on the wire, which is crucial if you are a network detective trying to solve a whodunit.

If you are familiar with Wireshark then you might know that I can configure how the MAC addresses are displayed in the columns via the Wireshark preferences. As you can see below, I have set the preferences to not resolve the MAC addresses for me, Continue reading

Understanding IPv6: Link-Local ‘Magic’ (Part 2 of 7)

For those of you new to IPv6, what I am about to show you is going to look a lot like a magic trick. I’m going to bring up an IPv6 IGP neighbor relationship (OSPFv3) between two routers. This doesn’t sound like a magic trick, I know. But what if I told you I am going to do this without putting any IPv6 addresses into the configurations of either routers?

Like any true magician, I must start my magic act with letting you know I have nothing up my sleeves. So let’s review the facts:

  • IPv6 unicast routing is globally enabled on both routers
  • IPv6 OSPFv3 is enabled via the one global command, “ipv6 router ospf 6”
  • Each router has an interface in an out-of-band management network (OOB mgt.) in the subnet 14.14.14.0/24.
  • RouterA is 14.14.14.101 and RouterB is 14.14.14.102 in this OOB management network
  • The IPv4 addresses for the OOB management interfaces are the only IP addresses in the configurations
  • Gig1/0/1 on both routers only has only two IPv6 commands on it, as shown below
  • Router A is monitoring the gig1/0/1 interface and sending the traffic to a Spirent Continue reading

Understanding IPv6: Link-Local ‘Magic’ (Part 2 of 7)

For those of you new to IPv6, what I am about to show you is going to look a lot like a magic trick. I’m going to bring up an IPv6 IGP neighbor relationship (OSPFv3) between two routers. This doesn’t sound like a magic trick, I know. But what if I told you I am going to do this without putting any IPv6 addresses into the configurations of either routers?

Like any true magician, I must start my magic act with letting you know I have nothing up my sleeves. So let’s review the facts:

  • IPv6 unicast routing is globally enabled on both routers
  • IPv6 OSPFv3 is enabled via the one global command, “ipv6 router ospf 6”
  • Each router has an interface in an out-of-band management network (OOB mgt.) in the subnet 14.14.14.0/24.
  • RouterA is 14.14.14.101 and RouterB is 14.14.14.102 in this OOB management network
  • The IPv4 addresses for the OOB management interfaces are the only IP addresses in the configurations
  • Gig1/0/1 on both routers only has only two IPv6 commands on it, as shown below
  • Router A is monitoring the gig1/0/1 interface and sending the traffic to a Spirent Continue reading

Understanding IPv6: The Journey Begins (Part 1 of 7)

IPv6 and I met back in the early 2000s. I really didn’t see the big deal or know what all the RFCs were about. This stuff was easy. Of course, at the time, my thoughts were barely even scratching at the surface, and I still believed IPv6 was just IPv4 with 128 bits. I was in what I now refer to as the “Checklist IPv6” phase.

“Checklist IPv6” was actually a great place for me to start. I had to remember only a few things while I was configuring the routers. Then I could kick back and let the magic of routing protocols work. Voila, IPv6 addresses would show up in the routing table of some other router in the lab. Ping to confirm, and I was done.

IPv6 “I know nothing” phase

The quote “The more you know, the more you realize how much you don’t know. The less you know, the more you think you know,” is attributed to David T. Freeman. I discovered the truth of this as I began digging deeper. The trigger to this phase was when I realized that IPv6 was clearly not IPv4 with 128 bits. When did that happen? When Continue reading

Understanding IPv6: The Journey Begins (Part 1 of 7)

IPv6 and I met back in the early 2000s. I really didn’t see the big deal or know what all the RFCs were about. This stuff was easy. Of course, at the time, my thoughts were barely even scratching at the surface, and I still believed IPv6 was just IPv4 with 128 bits. I was in what I now refer to as the “Checklist IPv6” phase.

“Checklist IPv6” was actually a great place for me to start. I had to remember only a few things while I was configuring the routers. Then I could kick back and let the magic of routing protocols work. Voila, IPv6 addresses would show up in the routing table of some other router in the lab. Ping to confirm, and I was done.

IPv6 “I know nothing” phase

The quote “The more you know, the more you realize how much you don’t know. The less you know, the more you think you know,” is attributed to David T. Freeman. I discovered the truth of this as I began digging deeper. The trigger to this phase was when I realized that IPv6 was clearly not IPv4 with 128 bits. When did that happen? When Continue reading

The Case of the Flapping BGP Routes: A Network Detective Ride-Along

 

Let’s go on a Network Detective Ride-Along together!  ?   YouTube Style!   Case open to case closed in less than 15 minutes.  You ride along!  Use the 3 part BGP Table Version blog series below the YouTube to see how to use BGP table version in your Network Detecting.

Ready to hop on the case with me?  Just click below.

 

Understanding the BGP Table Version – Part 1: Introduction to BGP Table Version

Understanding the BGP Table Version – Part 2: BGP Table Version in Action

Understanding the BGP Table Version – Part 3: BGP Table Version & Troubleshooting

 

1 2 3 5