Hello, I’m 47321
And now the big reveal. The reason I haven’t been blogging or doing much of anything for some time now is because I’ve had a teeny tiny side project going on:
And this week I passed the lab exam! I am CCIE 47321 (Routing and Switching).
Copyright Joel Knight. All Rights Reserved.
www.packetmischief.ca
How we upgraded the entire Network Infrastructure in 2 weeks
I work as a Network Engineer at a Research Center in Silicon Valley. Being the only ‘network guy’ here, I’m responsible for the management of all networking devices like Routers, Switches, Firewalls, Radius Servers, VPNs, Wireless controllers, Linux servers, etc, etc… For a couple years, we have been trying to replace our ageing and end-of-life […]
Author information
The post How we upgraded the entire Network Infrastructure in 2 weeks appeared first on Packet Pushers Podcast and was written by Kunal Vaidya.
EVPN. The Essential Parts.
In a blog post back in October 2013 I said I would write about the essential parts of EVPN that make it a powerful foundation for data center network virtualization. Well just when you thought I'd fallen off the map, I'm back. :)After several years as an Internet draft, EVPN has finally emerged as RFC7432. To celebrate this I created a presentation, EVPN - The Essential Parts, that I hope will be helpful to people who are interested.
Use cases are intentionally left out of this presentation as I prefer the reader to creatively consider whether their own use cases can be supported with the basic features that I describe.
Let me know your thoughts and I will try to expand/improve this presentation or create other presentations to address them.
EVPN - The Essential Parts
Interactions between QoS and IPSec on IOS and the ASA
Quality of Service configuration for the traffic entering/leaving a VPN tunnel may require some special considerations. In this article, I am going to focus on interactions between QoS and IPSec on IOS and the ASA.
There are two methods of deploying QoS for VPNs – you can match the original (Clear-text/ unencrypted) traffic flows or the actual VPN (Aggregate traffic). This second option can be useful when you want to apply a single QoS policy to all packets leaving a tunnel, no matter what are the original sources and destinations protected by the VPN.
We have got a VPN tunnel built between R1 and ASA. R6 and 10.1.1.0/24 are protected networks
Let’s start on IOS (R1). The VPN tunnel is already up – we will configure a basic QoS Policy to enable LLQ for delay-sensitive traffic, such as Voice (I assume these are all packets with DSCP of EF). Note that this configuration would normally match all EF-colored packets (including non-VPN EF traffic), but since we won’t have any clear-text EF flows in this network we don’t really care:
class-map match-all VOICE
match dscp ef
policy-map QOS
class VOICE
priority
int f0/0
service-policy output QOS
Voice traffic Continue reading
Time To Get More Advanced :: FCIP Pt. 2!
Part 1 of this blog series created a topology, much like you see below, where we configured a single vE (virtual expansion) port from MDS1 to MDS2 across an IP network. We merged VSAN 10 across this FCIP tunnel and verified it by looking into the FCNS database and ensuring that we saw entries from both sides. Today we are going to build upon this topology, and get into some more advanced features like changing the default TCP port, setting DSCP values for the two TCP streams, and controlling who initiates the tunnel!
So first things first…the default port for FCIP is TCP port 3225. We will terminate both of our TCP streams on this port (we have 1 stream for control and another for data traffic). Essentially 1 of the MDS’s will initiate the connection to the other, and their destination port will be TCP/3225. Their source port will be some high-number ephemeral port by default (usually over 65000). We can look at the output of a ‘show int fcip #’ to find out who initiated, and on which ports!
MDS1-6(config-if)# show int fcip1
fcip1 is trunking
Hardware is GigabitEthernet
Port WWN is 20:10:00:0d:ec:1f:a4:00
Peer port WWN is Continue reading
ASA File Operation Tips
I’ve been working on Cisco’s ASA firewall platform for years, and I continue to work on a variety of environments with multiple generations of the ASA for clients at H.A. Storage. One of my favorite features of the ASA platform has been the quality of the high-availability failover mechanism, which is generally very reliable, fast, and seamless.
The ASA operates in an Active/Standby high-availability model (don’t believe that the ASA is *truly* Active/Active — that’s a marketing feature). However, one sore spot that has frustrated me as long as I’ve been working on the fact that the filesystem has no synchronization between failover mates and requires manual efforts to keep files in sync. Other configuration aspects of the ASAs including some XML customization files that are not stored in the running config all get automatically sync’d to the standby unit, but for actual files that show up on the flash filesystem, this does not happen.
This has certainly caused me some frustration and occasional embarrassment over the years, but one thing I’ve learned along the way is that when doing file operations either from the CLI or the ASDM, it’s important to follow one simple rule:
Delete from the active, upload to the Continue reading