In our last article, we configured and tested a basic VPNv4 configuration. In this article, we will do a hop by hop analysis of each device and look at a packet capture for a couple of the steps in the label switched path. We are using the exact same topology and router names. For the example, I have shut down the connection between P4 and PE2 so no load balancing will occur and we have a deterministic path to analyze.
For the analysis, we will examine the path from CE_Site_1 to 20.2.2.2 at CE_Site_2. For each device, we want to determine the egress interface, the next hop and any MPLS labels that should be present.
CE_Site_1#show ip cef 20.2.2.2 0.0.0.0/0 nexthop 10.1.1.1 GigabitEthernet2
CE_Site_1 is using the default route with a next-hop of 10.1.1.1
//based on physical topology, we know this will arrive on Gi4 of PE1 PE1#show vrf brief Name Default RD Protocols Interfaces BLUE 110:210 ipv4 Gi5 Mgmt-intf Continue reading
In the previous article, we took a look at building a simple label switched path (LSP) through an MPLS network. This article takes the configuration a step further and leverages multiple labels to connect and isolate VRFs over an MPLS core. This is known as MPLS VPNv4. My goal is to introduce a method to bring together VRF segmentation concepts and provide a framework for a scalable deployment.
Before we get started, I am going to rename the routers once again based on their target function. An LER in a VPNv4 configuration is known as a PE node. An LSR router is known as a P node. I am also introducing CE (customer edge) nodes into the topology.
In this example, we will allow CE_Site_1 to communicate with CE_Site_2. Likewise, we want CE_Site_3 to communicate with CE_Site_4.
The APAC & Middle East Chapters joined hands to organize their combined Regional Chapters Meeting from 11 to 12 May in Kathmandu, Nepal. 23 Fellows representing 18 regional Chapters and Women SIG were nominated by their respective Chapters/SIGs to participate in this meeting. Half of the meeting focused on collaboratively developing action plans that are aligned with the Internet Society’s 2018 campaigns, while the other half was to discuss and address regional and governance-related issues.
At the end of the workshop, 18 concrete plans were ready for implementation:
During the regional breakout sessions, Fellows from the APAC region voted for and discussed three major regional issues: 1) Cybersecurity, 2) Transition [of the Internet] to the younger generation, 3) Digital Literacy. They engaged in an open discussion and highlighted some of the specific issues under these topics, what is needed in the context of their region, and shared their plans to address them.
The regional Continue reading
“We believe we are the first to come to the market with 400 Gig,” says Juniper’s CTO.
In the previous article, we created an interesting situation with an iBGP configuration. In that example, we made Edge2 aware of a route via BGP that the intermediary hops would not see. In this article, we will fix this problem using MPLS and label switching. Before getting started, I feel compelled to rename these routers based on their target role in an MPLS our network.
As we left it in our previous configuration, the router on the right sees a route to 1.0.1.1 via BGP but it cannot reach that destination. It is worth mentioning that I disabled BGP sync (following the last example I shared in the previous article).
LER2#show ip route | inc 1.0.1.1 B 1.0.1.1 Continue reading
In this video, Tony Fortunato shows you how to test bandwidth using Wget. He explains how to get started with the free software and demonstrates how it works.
Yes, we are going to talk about destination routing. I know it sounds boring and archaic, and it is. But it is also necessary to contrast against another topic that I intend to introduce. As I scour PacketU, I see a substantial number of page views on articles about segmentation and VRFs. One thing I often tell my customers is that once a VRF-lite implementation reaches a certain scale, the configuration can become unwieldy.
This article is a first in a series where we will discuss MPLS. This technology enables VPNv4 and is a common method of networking. MPLS can connect VRFs without compromising their segmentation characteristics. In this first article, we are going to examine traditional destination-based routing. This is meant to nail down some of the typical behavior of an IPv4 routed network. These characteristics will not go away entirely, but it is important to understand how routing changes as we introduce label switching concepts.
Throughout this series, we will use a common topology. In later articles, we will expand as necessary to introduce the relevant topics.
To illustrate a point, I have pre-configured OSPF on all links and loopback 0 of all routers. In a minute, I will bring Continue reading
Both vendors were recently labeled as "challengers" by IHS Markit in the optical networking space behind heavyweights Cisco, Ciena, Huawei, and Nokia.
Every day there’s another company touting its “edge” product. Let’s start to separate the hype from reality.
The end user monitoring company added new cloud nodes on AWS, Azure, GCP, IBM, Tencent, and Alibaba regions, and extended its monitoring capabilities outside of its existing support.
The design differs from traditional Docker-based containers that allow for a host kernel to be shared by running containers, which leads to more interaction between the host and container pods.
The company’s platform uses blockchain to connect industrial IoT devices and synchronize and store credentials, certificates, policies, and data between edge and data center locations.
Stronger passwords are always better—at least this is the working theory of most folks in information technology, security or otherwise. Such blanket rules should raise your suspicions, however; the rule11 maxim if you haven’t found the tradeoff, you haven’t looked hard enough should apply to passwords, too.
Begin with this simple assertion: complex passwords are primarily a guard against password guessing attacks. Further, while the loss of a single account can be tragic for the individual user (and in some systems, the loss of a single password can have massive consequences!), for the system operator, it is the overall health of the system that matters. There is, in any system, a point at which enough accounts have been compromised that the system itself can no longer secure any information. This not only means the system can no longer hide information, it also means transactions within the system can no longer be trusted.
The number of compromised accounts varies based on the kind of system in view; effectively breaching Continue reading
Did you know INE Inc. Is partnering with Aviator Brewing in this years Hops for Hope Competition to raise money for Children’s Flight of Hope?
To aid us in our efforts we’re offering a chance to win a FREE All Access Pass if you donate to this great cause. From now until July 31st donate $25 or more to Children’s Flight of Hope and you’ll be entered into a drawing to win a one year All Access Pass on us! Click Here to donate!
What is Hops for Hope?
Triangle Hops for Hope is a fundraising event that pairs corporate teams with local breweries to create an original beer and raise money for charity. Teams showcase their creations to hundreds of attendees at an epic beer competition on September 22, 2018 at the Raleigh Beer Garden. It’s the perfect opportunity to mix corporate social responsibility, employee engagement, and support local craft breweries.
All proceeds benefit Children’s Flight of Hope, a 501(c)(3) organization that provides air transportation for children to access specialized medical care. Last year’s event raised more than $70,000 for CFOH!
If you’re in the Raleigh-Durham area and want to buy tickets to this event you can do so Continue reading