MPLS Intro Series – VPNv4 Packet Walk

In our last article, we configured and tested a basic VPNv4 configuration. In this article, we will do a hop by hop analysis of each device and look at a packet capture for a couple of the steps in the label switched path. We are using the exact same topology and router names. For the example, I have shut down the connection between P4 and PE2 so no load balancing will occur and we have a deterministic path to analyze.

For the analysis, we will examine the path from CE_Site_1 to 20.2.2.2 at CE_Site_2. For each device, we want to determine the egress interface, the next hop and any MPLS labels that should be present.

CE_Site_1 – forwarding a packet to destination 20.2.2.2

CE_Site_1#show ip cef 20.2.2.2
0.0.0.0/0
  nexthop 10.1.1.1 GigabitEthernet2

CE_Site_1 is using the default route with a next-hop of 10.1.1.1

PE1 – receive a packet on Gi4 (vrf RED), forwarding for destination 20.2.2.2

//based on physical topology, we know this will arrive on Gi4 of PE1
PE1#show vrf brief
  Name                             Default RD            Protocols   Interfaces
  BLUE                             110:210               ipv4        Gi5
  Mgmt-intf                                      Continue reading

MPLS Intro Series – Introduction to VPNv4

In the previous article, we took a look at building a simple label switched path (LSP) through an MPLS network. This article takes the configuration a step further and leverages multiple labels to connect and isolate VRFs over an MPLS core. This is known as MPLS VPNv4. My goal is to introduce a method to bring together VRF segmentation concepts and provide a framework for a scalable deployment.

Before we get started, I am going to rename the routers once again based on their target function. An LER in a VPNv4 configuration is known as a PE node. An LSR router is known as a P node. I am also introducing CE (customer edge) nodes into the topology.

Desired End State

In this example, we will allow CE_Site_1 to communicate with CE_Site_2. Likewise, we want CE_Site_3 to communicate with CE_Site_4.

Terms

• P Router – provider router, is considered transit in a label switched path, the term is often used interchangeably with LSR
• PE Router – provider edge router and sits on the provider side of the provider/customer interconnection. Has most of the intelligence and configuration for an LSP and allows a scale-out architecture. The term PE is more common Continue reading

2018 Internet Society Asia-Pacific & Middle East Chapters Meeting

The APAC & Middle East Chapters joined hands to organize their combined Regional Chapters Meeting from 11 to 12 May in Kathmandu, Nepal. 23 Fellows representing 18 regional Chapters and Women SIG were nominated by their respective Chapters/SIGs to participate in this meeting. Half of the meeting focused on collaboratively developing action plans that are aligned with the Internet Society’s 2018 campaigns, while the other half was to discuss and address regional and governance-related issues.

At the end of the workshop, 18 concrete plans were ready for implementation:

• 3 Community Networks plans (Afghanistan, Pakistan, Philippines)
• 5 Internet of Things plans (Bangladesh, India Mumbai, Sri Lanka, UAE, Yemen)
• 9 Collaborative Governance plans (India Trivandrum, India Delhi, Indonesia, Lebanon, Malaysia, Nepal, Palestine, PICISOC, Women SIG)
• 1 Mutually Agreed Norms for Routing Security plan (India Kolkata)

During the regional breakout sessions, Fellows from the APAC region voted for and discussed three major regional issues: 1) Cybersecurity, 2) Transition [of the Internet] to the younger generation, 3) Digital Literacy. They engaged in an open discussion and highlighted some of the specific issues under these topics, what is needed in the context of their region, and shared their plans to address them.

The regional Continue reading

Juniper Networks Infuses 400GbE Across Its Portfolio

“We believe we are the first to come to the market with 400 Gig,” says Juniper’s CTO.

MPLS Intro Series – Understanding a Simple LSP

In the previous article, we created an interesting situation with an iBGP configuration.  In that example, we made Edge2 aware of a route via BGP that the intermediary hops would not see. In this article, we will fix this problem using MPLS and label switching. Before getting started, I feel compelled to rename these routers based on their target role in an MPLS our network.

Terms

• MPLS – multiprotocol label switching – using labels or tags to forward packets over a network (as opposed to traditional destination based routing)
• LSR – Label switch router (transit router), aka P router, switches labels
• LER – Label edge router or Edge LSR, often called a PE router, may push (impose) labels
• LSP – Label Switched Path
• Push – insert/impose a lable
• Swap – change a label
• Pop – remove a label

As we left it in our previous configuration, the router on the right sees a route to 1.0.1.1 via BGP but it cannot reach that destination. It is worth mentioning that I disabled BGP sync (following the last example I shared in the previous article).

LER2#show ip route | inc  1.0.1.1
B        1.0.1.1  Continue reading

Free Network Performance Test Tool: Wget

How edge networking and IoT will reshape data centers

The Internet as we have all known it mirrors the design of old mainframes with dumb terminals: The data path is almost entirely geared toward data coming down the network from a central location. It doesn’t matter if it’s your iPhone or a green text terminal, the fast pipe has always been down, with relatively little data sent up.To read this article in full, please click here(Insider Story)

How edge networking and IoT will reshape data centers

The Internet as we have all known it mirrors the design of old mainframes with dumb terminals: The data path is almost entirely geared toward data coming down the network from a central location. It doesn’t matter if it’s your iPhone or a green text terminal, the fast pipe has always been down, with relatively little data sent up.To read this article in full, please click here(Insider Story)

Multi-cloud monitoring keeps Q2 integrated operations center humming

Five years ago, Q2 had 240 servers. Today it has 8,500 servers. The company spent $150 million over the last five years building out its infrastructure, where it now hosts more than 4 petabytes of user data.“We’ve grown from 1.2 million users to 11.5 million users and reduced downtime to one-fifth of what it was during that same period,” says Lou Senko, CIO of Q2, which provides a digital banking platform for banks and credit unions. [ Related: How to plan a software-defined data-center network.] Headquartered in Austin, Texas, Q2’s cloud-based platform is aimed at helping smaller, community-based financial institutions compete with giants such as Bank of America, Wells Fargo and Citigroup. “Local financial institutions have to compete against some big, big players,” Senko says. “It’s our technology that levels the playing field in the digital world.”To read this article in full, please click here

How edge networking and IoT will reshape data centers

The Internet as we have all known it mirrors the design of old mainframes with dumb terminals: The data path is almost entirely geared toward data coming down the network from a central location. It doesn’t matter if it’s your iPhone or a green text terminal, the fast pipe has always been down, with relatively little data sent up.To read this article in full, please click here(Insider Story)

Multi-cloud monitoring keeps Q2 integrated operations center humming

Five years ago, Q2 had 240 servers. Today it has 8,500 servers. The company spent $150 million over the last five years building out its infrastructure, where it now hosts more than 4 petabytes of user data.“We’ve grown from 1.2 million users to 11.5 million users and reduced downtime to one-fifth of what it was during that same period,” says Lou Senko, CIO of Q2, which provides a digital banking platform for banks and credit unions. [ Related: How to plan a software-defined data-center network.] Headquartered in Austin, Texas, Q2’s cloud-based platform is aimed at helping smaller, community-based financial institutions compete with giants such as Bank of America, Wells Fargo and Citigroup. “Local financial institutions have to compete against some big, big players,” Senko says. “It’s our technology that levels the playing field in the digital world.”To read this article in full, please click here

MPLS Intro Series – Destination Routing

Yes, we are going to talk about destination routing. I know it sounds boring and archaic, and it is. But it is also necessary to contrast against another topic that I intend to introduce. As I scour PacketU, I see a substantial number of page views on articles about segmentation and VRFs. One thing I often tell my customers is that once a VRF-lite implementation reaches a certain scale, the configuration can become unwieldy.

This article is a first in a series where we will discuss MPLS. This technology enables VPNv4 and is a common method of networking. MPLS can connect VRFs without compromising their segmentation characteristics. In this first article, we are going to examine traditional destination-based routing. This is meant to nail down some of the typical behavior of an IPv4 routed network. These characteristics will not go away entirely, but it is important to understand how routing changes as we introduce label switching concepts.

Throughout this series, we will use a common topology. In later articles, we will expand as necessary to introduce the relevant topics.

To illustrate a point, I have pre-configured OSPF on all links and loopback 0 of all routers. In a minute, I will bring Continue reading

Infinera Acquires Optical Transport Rival Coriant for $430M

Both vendors were recently labeled as "challengers" by IHS Markit in the optical networking space behind heavyweights Cisco, Ciena, Huawei, and Nokia.

Worth Reading: Creating a Role for Standards

I think it’s obvious that traditional standards processes are simply not effective in the current age. They take way too long and they end up defining an architecture that has to be ignored if the end product is to be useful. —Tom Nolle @CIMI

Is Edge Becoming as Commonplace as the Cloud?

Every day there’s another company touting its “edge” product. Let’s start to separate the hype from reality.

Catchpoint Cuts Through the Layers of the Network Onion

The end user monitoring company added new cloud nodes on AWS, Azure, GCP, IBM, Tencent, and Alibaba regions, and extended its monitoring capabilities outside of its existing support.

IBM-Led Nabla Container Platform Touts Isolation for Its Security Posture

The design differs from traditional Docker-based containers that allow for a host kernel to be shared by running containers, which leads to more interaction between the host and container pods.

Xage Scores $12M Series A for Blockchain-Based IoT Security

The company’s platform uses blockchain to connect industrial IoT devices and synchronize and store credentials, certificates, policies, and data between edge and data center locations.

Research: Even Password Complexity is a Tradeoff

Stronger passwords are always better—at least this is the working theory of most folks in information technology, security or otherwise. Such blanket rules should raise your suspicions, however; the rule11 maxim if you haven’t found the tradeoff, you haven’t looked hard enough should apply to passwords, too.

Dinei Florêncio, Cormac Herley, and Paul C. Van Oorschot. 2016. Pushing on string: the ‘don’t care’ region of password strength. Commun. ACM 59, 11 (October 2016), 66-74. DOI: https://doi.org/10.1145/2934663

Begin with this simple assertion: complex passwords are primarily a guard against password guessing attacks. Further, while the loss of a single account can be tragic for the individual user (and in some systems, the loss of a single password can have massive consequences!), for the system operator, it is the overall health of the system that matters. There is, in any system, a point at which enough accounts have been compromised that the system itself can no longer secure any information. This not only means the system can no longer hide information, it also means transactions within the system can no longer be trusted.

The number of compromised accounts varies based on the kind of system in view; effectively breaching Continue reading

We’re Giving Away A One Year All Access Pass!

Did you know INE Inc. Is partnering with Aviator Brewing in this years Hops for Hope Competition to raise money for Children’s Flight of Hope?

To aid us in our efforts we’re offering a chance to win a FREE All Access Pass if you donate to this great cause. From now until July 31st donate $25 or more to Children’s Flight of Hope and you’ll be entered into a drawing to win a one year All Access Pass on us! Click Here to donate!

What is Hops for Hope?

Triangle Hops for Hope is a fundraising event that pairs corporate teams with local breweries to create an original beer and raise money for charity. Teams showcase their creations to hundreds of attendees at an epic beer competition on September 22, 2018 at the Raleigh Beer Garden. It’s the perfect opportunity to mix corporate social responsibility, employee engagement, and support local craft breweries.

All proceeds benefit Children’s Flight of Hope, a 501(c)(3) organization that provides air transportation for children to access specialized medical care. Last year’s event raised more than $70,000 for CFOH!

If you’re in the Raleigh-Durham area and want to buy tickets to this event you can do so Continue reading