Archive

Category Archives for "Networking"

Go, don’t collect my garbage

Not long ago I needed to benchmark the performance of Golang on a many-core machine. I took several of the benchmarks that are bundled with the Go source code, copied them, and modified them to run on all available threads. In that case the machine has 24 cores and 48 threads.

CC BY-SA 2.0 image by sponki25

I started with ECDSA P256 Sign, probably because I have warm feeling for that function, since I optimized it for amd64.

First, I ran the benchmark on a single goroutine: ECDSA-P256 Sign,30618.50, op/s

That looks good; next I ran it on 48 goroutines: ECDSA-P256 Sign,78940.67, op/s.

OK, that is not what I expected. Just over 2X speedup, from 24 physical cores? I must be doing something wrong. Maybe Go only uses two cores? I ran top, it showed 2,266% utilization. That is not the 4,800% I expected, but it is also way above 400%.

How about taking a step back, and running the benchmark on two goroutines? ECDSA-P256 Sign,55966.40, op/s. Almost double, so pretty good. How about four goroutines? ECDSA-P256 Sign,108731.00, op/s. That is actually faster than 48 goroutines, what is going on?

I ran the benchmark Continue reading

New Dates for the Building Network Automation Solutions Online Course

We’re slowly wrapping up the autumn 2017 Building Network Automation Solutions online course, so it’s time to schedule the next one. It will start on February 13th and you can already register (and save $700 over regular price as long as there are Enthusiast tickets left).

Do note that you get access to all course content (including the recordings of autumn 2017 sessions) the moment you register for the course. You can also start building your lab and working on hands-on exercises way before the course starts.

Read more ...

Introduction to Virtual Device Context- VDC in Nexus Environment

Today I am going to talk about the virtual feature in the Cisco Nexus devices called as VDC. VDC stands for Virtual Device Context. With the help of VDC we can convert a single physical Nexus device or chassis into various virtual devices or chassis and that depends upon the SUP engine we are using in the device.

Keep in mind that VDC feature is not available in any of the Nexus device below 7K. So now we have the question like how many VDCs we can create in a single Nexus Chassis.

Look at the below picture, you are going to replace Core and Distribution physical switches with the a single Nexus Switch where we create two different VDC for Core and Aggregation layer. The picture defines the right way for your 3 layer architecture in the Datacenter environment.

Hope picture and the below mentioned description will help you guys to understand the concept of the VDC in the datacenter environment.

Fig 1.1- VDC Topology

How many VDC, we can create ?
Well VDC depends upon the SUP engine we are using. Like if we are using SUP 1, we can create maximum of 3 VDCs, if we are using Continue reading

Deploy360 at IETF 100, Day 1: IPv6 and IoT

This week is the one hundredth meeting of the IETF in Singapore, and to celebrate the occasion we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. And once again, Monday is our busiest day with no fewer than 7 working groups covering the areas of IPv6 and the Internet-of-Things.

The day kicks off at 09.30 SGT/UTC+8 with DNSOP (which continues on Thursday) and has a full agenda with 11 drafts up for discussion. An important draft discussing the RFC5011 rollover strategy has failed to reach consensus, with another draft defining and clarifying DNS terminology requiring further review.

The Working Group has picked up a draft on extending error messages to better report the cause of DNS and DNSSEC failures, whilst the draft updating RFC6761 to ensure “localhost” can be safely relied upon as a name for the local host’s loopback interface should now be close to WGLC. There’s also Deploy360 involvement in a new draft on the requirements for a validator to be able to perform accurate validation, with Dan York being one of the co-authors.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

Continue reading

Passed JNCIP-DC

I took JNCIP-DC Exam and could pass it. My review on the exam and Prep strategy.

Materials

-> Juniper Documentation

-> Cisco Implementing EVPN Video series – Safari press

-> Juniper Qfx1000 Github and vagrant images

-> DCX , ADCX , TDCX Materials

-> Hand’s on Implementation and 4 months Study (Not including any weekends)

 

Exam in itself was not that tough to be frank, but depth of questions covered all the concepts. There is no topic that you could leave from official blue-print, everything is touched and everything is touched at a fairly equal way.

 

Recommendations

-> Use the Github page for Juniper QFX1000 and download the vagrant images for practise

-> Revise Evpn and QFX-Series Books and you should be good

-> If you can, go through the official course-ware as they are good for review and exam prep

-> Evpn from Cisco’s standpoint is pretty much covered by Many learning instructors like INE,CBT use them to learn the technology if you are Video based learning individual.

 

-RAKESH

 

 

 

 

Basic Router Configurations on Cisco Router

Today I am going to talk about the basic configurations on Cisco routers where i can define the basic commands like setting console password, assign VTY password, configuring IP addresses on the interfaces, Configuring the router for SSH access, Configuring basic IPv6 configurations on the router, configuring trunk based inter-VLAN routing, configuring IPv6 configurations manually and at last configuring OSPFv6 with the use of IPv6.

This is a basic article for the starters who are going to configure the router from the scratch. Most of the basic configurations are for demo purposes and you can use your IP addresses as per requirements in your network. Lets start with the basic configurations on the router now.

Fig 1.1- Basic Network Topology
Above is the basic network topology where we have 3 layer architecture with the Cisco ASA firewalls and the routers. We are going to configure WAN routers with the basic configurations

Configure the Basic router 
Router> enable
Router# config terminal 
Router(config)# hostname ttlbits_ttlbits_R1
ttlbits_R1(config)# no ip domain-lookup 
ttlbits_R1(config)# security passwords min-length 10 
ttlbits_R1(config)# enable secret cisco12345 

Now let's configure the console password on the Cisco routers, below is the basic example showing the configurations of console on router.

Why bitcoin is terrible

For every day that passes I like bitcoin less. It’s bad for the world.

I have ranted about this many times, and it’s time I consolidate these rants into a blog post.

We’ll see with time if this rant ages poorly or not.

Section 1: Practicalities

What bitcoin is trying to achieve in payments

These would be good things:

  • Anonymity
  • Peer to peer and remote payments

What bitcoin is actually good for

Bitcoin today is pretty much only good for two things:

  • Committing crimes
  • Speculating on currency

If you’re not doing one of those, then don’t use Bitcoin.

If you are an online store then sure, accept Bitcoin. There’s moral problems with supporting Bitcoin (see rest of post), but as long as you immediately convert to fiat currency when you receive payment it’s fine for you. There are even companies out there that’ll guarantee an exchange rate so that you never have to get into the business of currency.

You may say that Bitcoin can be used to get money out of China, or into Brazil, or to enable shopping of “things that should not be called ‘drugs’ anyway”, but you have to admit that no matter what you think Continue reading

Syslog relay with Scapy

I needed to point some syslog data at a new toy being evaluated by security folks.

Reconfiguring the logging sources to know about the new device would have been too much of a hassle for a quick test. Reconfiguring the Real Log Server (an rsyslog box) to relay the logs wasn't viable because the source IP in the syslog packets would have reflected the syslog box instead of the origin server.

A few lines of python running on the existing rsyslog box did the trick:

 #!/usr/bin/env python2.7  
   
 from scapy.all import *  
   
 def pkt_callback(pkt):  
   del pkt[Ether].src  
   del pkt[Ether].dst  
   del pkt[IP].chksum  
   del pkt[UDP].chksum  
   pkt[IP].dst = '192.168.100.100'  
   sendp(pkt)  
   
 sniff(iface='eth0', filter='udp port 514', prn=pkt_callback, store=0)

This script has scapy collecting frames matching udp port 514 (libpcap filter) from interface eth0. Each matching packet is handed off to the pkt_callback function. It clears fields which need to be recalculated, changes the destination IP (to the address of the new Security Thing) and puts the packets back onto the wire.

The source IP on these forged packets is unchanged, so the Security Thing thinks it's getting the original logs from real servers/routers/switches/PDUs/weather stations/printers/etc... around the Continue reading

Configuring vPC on Cisco Nexus Devices

Today I am going to talk about the configurations of vPC on Cisco Nexus devices as i already talked about vPC in my earlier articles. If you want to have a look on the vPC basics check the below mentioned link for your references.

A short Story on vPC- Virtual Port Channel in Cisco Datacenter Environment

There are lot of questions how and why we are using the vPC in the Datacenter environment while some asked me about the difference in the vPC and VSS. Please have a look on the below link for the comparison of vPC and VSS.

Features comparison : Cisco vPC and Cisco VSS

Apart from the above mentioned articles, I wrote on the different technologies used by other vendors same as Cisco uses vPC and VSS. Below is the link defining the same

Feature Comparison: Juniper VCF vs HP IRF vs Cisco VSS vs Cisco vPC

From all the above articles, I think now you got the basics on vPC and VSS, but in this article I will talk about the vPC configuration in details with the diagram. The topology used in the article will be sample topology and has no relevance with any of Continue reading

Things that cannot go wrong

Found this Douglas Adams quote in The Signal and the Noise (a must-read book):

The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair

I’ll leave to your imagination how this relates to stretched VLANs, ACI, NSX, VSAN, SD-WAN and a few other technologies.

Weekend Reads 2017-05-11

We’re quietly replacing an open web that connects and empowers with one that restricts and commoditizes people. We need to stop it. I quit Facebook seven months ago. Despite its undeniable value, I think Facebook is at odds with the open web that I love and defend. This essay is my attempt to explain not only why I quit Facebook but why I believe we’re slowly replacing a web that empowers with one that restricts and commoditizes people. And why we should, at the very least, stop and think about the consequences of that shift. –Parimal Satyal @ Neustadt.fr

Two clocks are ticking for US tech companies in the power centers of the modern world. In Washington, lawmakers are working to reform FISA Section 702 before it expires on December 31st, 2017. Section 702 is the main legal basis for US mass surveillance, including the programs and techniques that scoop up the data transferred by non-US individuals to US servers. Upstream surveillance collects communications as they travel over the Internet backbone, and downstream surveillance (better known as PRISM) collects communications from companies like Google, Facebook, and Yahoo. –Danny O’Brien @ EFF

Arguably, a good deal of Americans are in Continue reading

1 1,535 1,536 1,537 1,538 1,539 3,421