Archive

Category Archives for "Networking"

Configuring BGP Route Maps

Today I am going to talk about the next step in the BGP. As we discussed on BGP Synchronisation and BGP multihop concept in my earlier articles. If you would like to have a look on that topics please check with the below links for your references.

BGP Synchronization Rule
BGP Load balancing ebgp-multihop

Some of the other articles on the BGP where we have BGP basics , BGP configurations on HP Routers and other articles are

BGP Basics Overview
Cisco Routers Sample BGP Configurations : Quick and Easy
Juniper Routers Sample BGP Configurations : Quick and Easy

In this article, I will take through the concept of the route maps and the configuration of the route maps in the BGP environment. All these configurations showing below will be on Cisco router.

Why we are using the BGP route maps, well route maps are used to control BGP routing information. Route maps are to define the condition by which routes are redistributed between routing domains.

Note : Route maps cannot be used to filter incoming BGP updates based on IP address. You can, however, use route maps to filter outgoing BGP updates based on IP address.

With the use of Continue reading

EVPN-VXLAN lab – IRB functionality

Firstly, QFX5100 series doesn’t support EVPN-VXLAN inter-VXLAN routing, so I practice all IRB related topics on vMX devices. vQFXs acts as a simple L2 EVPN gateways.
This post continues the EVPN-VXLAN lab from the previous ones.

Full vMX IRB interfaces configuration:

alex@vMX1# show interfaces irb
unit 100 {
    proxy-macip-advertisement;
    family inet {
        address 172.16.0.251/24 {
            virtual-gateway-address 172.16.0.254;
        }
    }
    family inet6 {
        address 2001:dead:beef:100::1/64 {
            virtual-gateway-address 2001:dead:beef:100::a;
        }
    }
}
unit 200 {
    proxy-macip-advertisement;
    family inet {
        address 172.16.1.251/24 {
            virtual-gateway-address 172.16.1.254;
        }
    }
    family inet6 {
        address 2001:dead:beef:200::1/64 {
            virtual-gateway-address 2001:dead:beef: Continue reading

Docker Networking Tip – Macvlan driver

Last few months, I have been looking at Docker forums(https://forums.docker.com/, https://stackoverflow.com/questions/tagged/docker) and trying to understand some of the common questions/issues faced in the Docker Networking area. This prompted me to do 2 presentations: Docker Networking overview Docker Networking – Common issues and troubleshooting techniques I received positive feedback to these 2 presentations. As a next step, … Continue reading Docker Networking Tip – Macvlan driver

BGP Synchronization Rule

Today I am going to talk about one of the basic feature of the BGP named as BGP Synchronization. Your first question : what is BGP Synchronization ? 

BGP Synchronization means that the BGP should not advertise a route until all of the routers within the AS have learned about the route via an IGP. Hope it clears the concept. Let me explain you in another way. It means if you got a ebgp route from the external neighbor via router A (as a assumption) and you want to send it to router B which is connected to another ebgp neighbour, the routes can only be learned to router B once learned by internal routers via IGP protocol.

Let me take an topology and explanation to it and further we can go with the configuration where we will disable the Synchronization as we don't want the traffic to be known to the IGP protocol.


Fig 1.1- BGP Synchronization
As shown in the above topology, if Router C sends updates about network 170.10.0.0 and received by  Router A. Now Routers A and B are running IBGP as shown in the diagram so Router B receives updates about network 170.10. Continue reading

BGP Load balancing ebgp-multihop

Today I am going to talk about the BGP configuration where i will tell you about the load balancing between the two links connecting two service providers via BGP protocol. We have two different methods to achieve this one is use of ebgp multihop command or the other way is to use the ttl security command and both these methods are applicable on the BGP neighbor command.

In this article, We are going to take through the ebgp multihop command on to the neighbours between two service providers. I knew many of you already knew the load balancing concept in the BGP.

In my example, I am taking two serial links between two routers which shares the e-BGP information between them which means each router belongs to the specific AS number. Below is the topology for your reference.

Fig 1.1- use of ebgp multihop
In the above topology, Router A is in AS100 have two serial links connected to Router B which is in AS 200 and for both the links, e-bgp is sharing information.

Below is the configuration on Router A and Router B for your reference. All the IPs and the topology uses here has no relevance Continue reading

Hyper-converged infrastructure – Part 2 : Planning an Cisco HyperFlex deployment

I recently got the chance to deploy a Cisco HyperFlex solution that is composed of 3 Cisco HX nodes in my home lab. As a result, I wanted to share my experience with that new technology (for me). If you do not really know what all this “Hyperconverged Infrastructure hype” is all about, you can […]

The post Hyper-converged infrastructure – Part 2 : Planning an Cisco HyperFlex deployment appeared first on VPackets.net.

Worth Watching: The big four

Worth more than $2.3 trillion combined, the Big Four (Apple, Amazon, Facebook, and Google) continue to grab share from media companies, brands, and retailers. Scott Galloway, Professor of Marketing at the NYU Stern School of Business and Founder of L2, will showcase how the traditional rules of business don’t apply to the Big Four and identify ways that brands and companies can fight back. —Scott Galloway @ YouTube

The post Worth Watching: The big four appeared first on rule 11 reader.

SHA 2017 – bringing 100 gigabit to the tent

Every 4 years since its start back in 1989, a hacker/security conference takes place in the Netherlands. This summer, the eighth version of this conference, called Still Hacking Anyway 2017 (sha2017.org), will run between the 4th and 8th of August. The conference is not-for-profit and run by volunteers, and this year we’re expecting about 4000 visitors.

For an event like SHA, all the visitors need to connect to a network to access the Internet. A large part of the network is built on Cumulus Linux. In this article, we’ll dive into what the event is and how the network, with equipment sponsored by Cumulus, is being built.

What makes SHA 2017 especially exciting is that it is an outdoor event. All the talks are held in large tents, and they can be watched online through live streams. At the event site, visitors will organize “villages” (a group of tents) where they will work on several projects ranging from security research to developing electronics and building 3D printers.

Attendees will camp on a 40 acre field, but they won’t be off the grid, as wired and wireless networks will keep them connected. The network is designed Continue reading

Women Share Knowledge and Experience in Network Operator Groups in Africa

The Internet Society African Regional Bureau has worked with Network Operator Groups (NOGs) in Africa, providing financial and technical support to organize trainings and events at the local level. We recently shared many of their stories. There are also a number of NOGs that seek to attract women engineers to share knowledge and experience as well as to encourage young women to take up technology-related fields – which are largely perceived in the African region as “men only.” Here are their stories.

AfCHIX

Betel Hailu
Kevin Chege

Streamline the PCI Assessment Process with a Playbook

Why Create a PCI Assessment Playbook

Having gone through the Payment Card Industry Data Security Standard (PCI DSS) yearly assessment process several times, I can confirm it is a fairly intensive assessment that will require a large effort from a lot people!

Each assessment the Assessors will request evidence, review documentation, ask for sample system configurations, be onsite to interview and observe personnel, and present observations or findings that must be remediated. These various assessment activities and last-minute remediation efforts can be very disruptive to all involved, and usually result in “fire drill” activities that require personnel to be pulled away from their daily tasks to react to the assessment requests.

Since the PCI assessment is very similar from year to year, and with some well thought out planning it is possible to streamline the assessment process. Just like in football, having a well thought out strategy in the form of a playbook can assist everyone that needs to know their part, or what needs to be done when. With this cylinder process in place and in the form of a PCI Assessment Playbook that everyone can follow, it can greatly reduce the stress historically associated with the assessment and attaining Continue reading

1 1,574 1,575 1,576 1,577 1,578 3,345