sFlow Creator Peter Phaal On Taming The Wilds Of SDN & Virtual Networking
InMon president Peter Phaal shares his thoughts on the power of Open Switching Platforms and the Software Defined Data Center.
Lab: iBGP and OSPF Traffic Engineering
Click to enlarge
Here’s the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.
Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.
Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?
Default State
The obvious first issue is the default AD for iBGP (200) is higher than the default AD of OSPF (110) which means the OSPF path over the DMVPN is going to be preferred. This is confirmed if we do a traceroute from R5 to R6:
R5#traceroute 6.6.6.6 source lo5
1 10.0.45.4 2 msec 0 msec 1 msec
2 10.10.10.7 17 msec 17 msec 17 msec
3 10.0.67.6 18 Continue readingThe Problem with Peanuts
I was hungry. Perhaps that’s a good excuse, or perhaps not. Either way, I sat down after ordering, took a peanut, broke the nuts out of the shell, and ate them.
After eating the peanut, I felt less hungry. So I picked up another one and ate it, as well. Soon enough, long before I order came out in fact, I wasn’t really hungry any longer. I still ate, of course, because I’d bought the burger, and it was a good burger. The fries were pretty good, too. The sweet tea wasn’t shabby, either.
But I thought about the peanut it all started with as I ate the burger. You see, a peanut solved my hunger problem. So it one peanut solves my hunger, why couldn’t a pile of peanuts solve world hunger? So I took a pile of peanuts and put them on the table, considering something I’d never thought about before — I could solve world hunger. Right here, right now, in this place, I could actually solve a major problem the world has been struggling with for thousands of years.
Okay, but then where would I get these peanuts? The place I was in had boxes stacked Continue reading
SElinux policy for icmp checks
Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.
Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.
1) Create the file http_ping.tt and add the following to it:
module http_ping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
2) Run the following commands (as root user):
checkmodule -M -m -o http_ping.mod http_ping.tt semodule_package -o http_ping.pp -m http_ping.mod semodule -i http_ping.pp
brm
You must understand the fundamentals to be successful
I was speaking with a participant of the recent SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.
Read more ...Netvisor Analytics: Secure the Network/Infrastructure
We recently heard President Obama declare cyber security as one of his top priorities and we saw in recent time major corporations suffer tremendously from breaches and attacks. The most notable one is the breach at Anthem. For those who are still unaware, Anthem is the umbrella company that runs Blue Shield and Blue Cross Insurance as well. The attackers had access to people details, social security, home addresses, and email address for a period of month. What was taken and extent of the damage is still guesswork because network is a black hole that needs extensive tools to figure out what is happening or what happened. This also means the my family is impacted and since we use Blue Shield at Pluribus Networks, every employee and their family is also impacted prompting me to write this blog and a open invitation to the Anthem people and the government to pay attention to the new architecture that makes network play a role similar to NSA in helping protect the infrastructure. It all starts with converting the network from a black hole to something we can measure and monitor. To make this meaningful, lets look at state of the art today Continue reading
Lab: iBGP and OSPF Traffic Engineering
Click to enlarge
Here's the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.
Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.
Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?
VMWare Player and VM Networking
VMWare Player is the Virtualization software/hypervisor provided free of charge by VMWare. Player is for personal use. Paid versions are available as VMWare Player Pro or VMWare Workstation. Following link covers the differences between different editions. I have used Virtualbox for most of my VM needs. There were few recent scenarios where I had to use … Continue reading VMWare Player and VM Networking