ajnouri
Author Archives: ajnouri
- Home → Author's archive:
ajnouri
BGP best path selection
The complexity and the efficiency of BGP reside in the concept of route “attributes” and the way the protocol juggles them to determine the best path. This is a quick guide (refresh of an old article), still very actual for those dealing with BGP design. I hope the following Cisco BGP best path selection diagram will be of […]ELK series: Monitoring MySQL database with ELK stack
In an effort to diversify the blog content, I am introducing new series about other technologies than Cisco, that make the life of a network engineer easier. These technologies include but not limited to Juniper, logging analysis with ELK stack, Docker swarm, Kubernetes, Rancher, DevOps, Public Clouds (AWS, GCP…), Linux, Python programming, etc… In […]Testing Docker networking with GNS3, Part1: MaCVLAN
Introduction MacVLAN allows to connect containers in separate docker networks to your VLAN infrastructure, so they act like being directly connected to your network. From the main interface, MacVLAN driver creates subinterfaces to handle 802.1q tags for each VLAN, and assign to them separate IP and MAC addresses. Because the main interface (with its own […]
Deploying F5 BIG-IP LTM VE within GNS3 (part-1)
One of the advantages of deploying VMware (or VirtualBox) machines inside GNS3, is the available rich networking infrastructure environment. No need to hassle yourself about interface types, vmnet or private? Shared or ad-hoc? In GNS3 it is as simple and intuitive as choosing a node interface and connect it to whatever other node interface. In this lab, […]
Deploying Cisco traffic generator in GNS3
Goal: Deploy TRex, a realistic Cisco traffic generator, to test devices in GNS3. TRex traffic generator is a tool designed to benchmark platforms using realistic traffic. One of the tools through which TRex can be learned and tested is a virtual machine instance, fully simulating TRex without the need for any additional hardware. … The […]
GNS3 + Docker: Internet modem container
Goal: Deploy internet modem for GNS3 topology using Docker container. The container uses iptables to perform NAT (masquerading) and dnsmasq as DHCP server for LAN interfaces. Used Docker images: ajnouri/internet for the Internet container gns3/endhost for the end host container. gns3/webterm for firefox container. gns3/openvswitch for openvswitch container GNS3 host preparation : This is performed […]
DockerVPC: Using containers as Linux Virtual host instead of VPCS
Introduction I would like to share with you DockerVPC, a bash script that helps running containers for use within GNS3 as rich virtual end-host instead of VPCS. I’am using it to avoid dealing directly with docker commands and container id’s each time I would like to rapidly deploy some disposable end-host containers inside GNS3. For […]
Routing between Docker containers using GNS3.
The idea is to route (IPv4 and IPv6) between Dockers containers using GNS3 and use them as end-hosts instead of Virtual Machines. Containers use only the resources necessary for the application they run. They use an image of the host file system and can share the same environment (binaries and libraries). In the other hand, virtual machines require […]
Routing between Docker containers using GNS3.
The idea is to route between Dockers containers using GNS3 and use them as end-hosts instead of Virtual Machines. Containers use only the resources necessary for the application they run. They use an image of the host file system and can share the same environment (binaries and libraries). In the other hand, virtual machines require entire OS’s, with reserved RAM […]
EIGRP SIA (Stuck-In-Active) through animations.
EIGRP SIA (Stuck-In-Active) process through animations: “Active” = Actively looking for a route to a network (Successor) Without SIA Browse in separate page With SIA Browse in separate pageFiled under: Animation, Routing protocols Tagged: EIGRP, feasible successor, sia, sia-query, sia-reply, stuck-in-active, successor
EIGRP SIA (Stuck-In-Active) through animations.
EIGRP SIA (Stuck-In-Active) process through animations: “Active” = Actively looking for a route to a network (Successor) Without SIA Browse in separate page With SIA Browse in separate pageFiled under: Animation, Routing protocols Tagged: EIGRP, feasible successor, sia, sia-query, sia-reply, stuck-in-active, successor
IOS server load balancing with mininet server farm
The idea is to play with IOS load balancing mechanism using large number of “real” servers (50 servers), and observe the difference in behavior between different load balancing algorithms. Due to resource scarcity in the lab environment, I use mininet to emulate “real” servers. I will stick to the general definition for load balancing: A load balancer is a device […]
IOS server load balancing with mininet server farm
The idea is to play with IOS load balancing mechanism using large number of “real” servers (50 servers), and observe the difference in behavior between different load balancing algorithms. Due to resource scarcity in the lab environment, I use mininet to emulate “real” servers. I will stick to the general definition for load balancing: A load balancer is a device […]
OSPF inter-area and intra-area routing rules
The following lab focuses on intra-area and inter-area route selection process. For the sake of clarity, I put the final conclusions first, wrapped in a table form, with some explanations to ponder upon, followed by the different lab cases used to check OSPF route selection rules. For each case, I used interface costs and states […]
OSPF inter-area and intra-area routing rules
The following lab focuses on intra-area and inter-area route selection process. For the sake of clarity, I put the final conclusions first, wrapped in a table form, with some explanations to ponder upon, followed by the different lab cases used to check OSPF route selection rules. For each case, I used interface costs and states […]
GET VPN, it is all about group.
GET VPN uses a group security paradigm comparing to the traditional point-to-point security paradigm like DMVPN, GRE IPSec or SSL. Do not confuse with any-to-any mesh which is the result of n(n-1)/2 point-to-point security associations between n peers. We are talking about group security association (SA), group states and group keys. Because each group member […]
IPv4 and IPv6 dual-stack PPPoE
The lab covers a scenario of adding basic IPv6 access to an existing PPPoE (PPP for IPv4). PPPoE is established between CPE (Client Premise Equipment) the PPPoE client and the PPPoE server also known as BNG (Broadband Network Gateway). PPPoE server plays the role of the authenticator (local AAA) as well as the authentication and […]
Embedded Packet Capture, let’s go fishing for some packets!
EPC (Embedded Packet Capture) is another useful troubleshooting tool to occasionally capture traffic to be analyzed locally or exported to remote device. Occasionally, in contrast with RITE (Router IP Traffic Export) or SPAN on switches which are meant to have permanent flow of copied traffic directed to a traffic analyzer or IDS (Intrusion Detection System). […]
DMVPN animation
Here is an interactive animation of DMVPN (Dynamic Multipoint VPN), followed by a detailed offline lab (a snapshot of the topology under test with hopefully all commands needed for analysis and study). Finally, check your understanding of the fundamental concepts by taking a small quiz. Studied topology: Animation Offline Lab You might consider the following […]
IPv6 multicast over IPv6 IPSec VTI
IPv4 IPSec doesn’t support multicast, we need to use GRE (unicast) to encapsulate multicast traffic and encrypt it. As a consequence, more complication and an additional level of routing, so less performance. One of the advantages of IPv6 is the support of IPSec authentication and encryption (AH, ESP) right in the extension headers, which makes […]