Archive

Category Archives for "Networking"

Show 181 – Intro to I2RS with Joel Halpern & Russ White

Traditionally, routing protocols running on a router will perform calculations to determine the best forwarding path. The RIB with be then populated with next-hop information. Ultimately, that information will be populated into the FIB (forwarding information base), the FIB taking the guesswork of how to get to the next hop and easing CPU utilization on […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 181 – Intro to I2RS with Joel Halpern & Russ White appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Orhan Ergun CCDE Story

Once I decided for the CCDE exam I was thinking it is a hard challenge but surprisingly I will say it is not as much as you think.This is good news and you started to smile ? Hope once you finished the article you continue to it     Yes it is not since I […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Orhan Ergun CCDE Story appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Embedded Packet Capture, let’s go fishing for some packets!

EPC (Embedded Packet Capture) is another useful troubleshooting tool to occasionally capture traffic to be analyzed locally or exported to remote device. Occasionally, in contrast with RITE (Router IP Traffic Export) or SPAN on switches which are meant to have permanent flow of copied traffic directed to a traffic analyzer or IDS (Intrusion Detection System). […]

Avoiding Bogus Alerts Using AWS-Based Proxies & Outsourced BGP for Distributed Monitoring

Jeff Behl, Chief Network Architect with LogicMonitor, is our guest author for this post. Jeff has been in the IT industry for over 20 years.  He has an extensive background on architecting enterprise networks and data centers and brings real world knowledge around network operations from start-ups to enterprise companies. These companies range from UC […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Avoiding Bogus Alerts Using AWS-Based Proxies & Outsourced BGP for Distributed Monitoring appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

DEW: SP Design in Jakarta – March 2014!


The final installment of DEW trilogy will happen in Jakarta, 15-16 March 2014!

After the first Design Expert Weekend in Riyadh focusing on IPv4/IPv6 Routing Design, the second DEW in Dubai for MPLS/Tunneling Design, the third and last DEW will be held in Jakarta, Indonesia, for Service Provider Design.


Please note: this is NOT a free event. I'm going to visit several universities in Indonesia to share my knowledge and experience during the same week. The profits we make from this DEW will be used to fund my trip. If you have to fly from outside Indonesia to attend this, we will provide all the food and accommodation during the weekend.

What:
Design Expert Weekend in Jakarta on 15-16 March will focus on Service Provider Design. Agenda will cover:

- Physical Network Design
- Layer 2 Design
- IGP/MPLS/BGP/Multicast as Transport
- MPLS Based Services L3VPN, L2VPN
- Internet Services
- IPTV Services
- High Availability Design
- SP QoS Design
- Security and Management
- CCDE exam tips and tricks
- CCDE sample questions and scenario to practice ability to analyze design requirements, develop network designs, implement network design, validate and optimize network design

The other two DEW are Continue reading

Are certifications tests still worth your resources in the day of Hybrid IT?

Let me start by laying out this disclaimer:  This is in no way intended to devalue or criticize any vendor or vendor neutral certified folks or programs. Since the mid-1990s I’ve done many certification programs. In fact, I’ve actually lost track and  I can’t even remember them all, so this is not a commentary by someone […]

Author information

Nick Buraglio

Nick has been involved in the networking industry for the last 16 years. In the past, Nick has been employed by the University of Illinois as a Lead Network Engineer working on research and HPC networks, campus networks and wide area connectivity. In this role, Nick also functioned as the Lead Network Engineer for the National Association of Telecommunications Officers and Advisors (NATOA) broadband project of the year, UC2B, and helped to deploy production IPv6 and testbed OpenFlow networks at large scale. Additionally, Nick has held Network Engineering [and by necessity network security] positions at early regional broadband internet providers as well as at the National Center for Supercomputing Applications. Nick has participated in the SCinet working group on several occasions and has been involved in Research, Education and high performance networking and security for the last 11 Continue reading

My Dotfiles. Now on Github

Dotfiles are all those . files that sit in your ~ and customize your system. Here are mine.

Until a few weeks ago I had no idea that people hosted their dotfiles on GitHub, and now I am one of them... There are two reasons for this:

  1. For sharing awesome customizations with the community
  2. As a backup plan. I can now clone this repo and customize a new system.

To point 2, I've gone one step further than just including my dotfiles. I've also included all of my system customizations and installers for the packages I use most. Why a new repository and not a fork you might ask? The honest answer is that there wasn't one repo that fit my tastes well enough so I ended up taking what I considered to be the "best" elements from a number of other repos. This is still a work-in-progress and I am comitting changes every time I find somehting new and exciting, or tire of a specific setting.

What I like about my dotfiles:

  • Uses the Base16 Ocean theme
  • Nicely Organised
    • Top-level folder for each function
    • Files with extension .symlink are symlinked to the home folder
  • Multi-Platform MakeFile-based installer

The next fashion

By now just about everyone has realized that OpenFlow is just vaporware. Technically, there was never any content behind the hype. The arguments used to promote OpenFlows revolutionary properties where simply the ignorance of all previous technologies that used the exact same design ideas from SS7 to PBB-TE.

Rumor has it that even the most religious OpenFlow supporters from Mountain View to Tokyo have realized that OpenFlow is pretty much dead. If you look back at it, it was a pretty silly set of assumptions to start with: that hardware design and not software the the limiting factor in network devices; and that you can define a low-level forwarding language based on the concept of a TCAM match that is going to be efficient across general purpose CPUs; ASICs and NPUs. Both assumptions can easily be proven to be false.

But OpenFlow’s promise was “too good to be true”. So a lot of people preferred to ignore any hard questions in search of the illusory promises of a revolution in networking. By now though, everyone gets it.

As an industry, what is the expected reaction to the OpenFlow hangover ? One would expect a more down-to-earth approach. Instead we get “Segment Continue reading

A NetOps to DevOps Training Plan

In one of my rants, I asked people to kindly stop with the "All Network Guys will Need to be Programmers" FUD. My recommendation was basically for Networkers to be open to change, and to start broadening their horizons. DevOps is coming to networking and that is a FACT. You might be wondering what skills a Network DevOps Engineer needs and here I attempt to answer that.

It's still about NETWORKING

I'm going to state this upfront here. You need to be good at Networking for any of the other skills here to be useful. Continue along vendor certification tracks, follow the IETF, join NANOG, experiment with new technologies. This is all invaluable.

Software Engineering Fundamentals

A lot of the DevOps skills have roots in Software Engineering. Being a Network Guy ™ this may seem like a little bit of a paradigm shift but here's something cool. Would you believe that some of these software engineering concepts have more to do with engineering best practice than with software, and are in fact relevant to the work you are doing today? Also, your SysAdmin buddies already know this and started their DevOps pilgrimage a while ago.

Unit/Functional/Integration Testing, Version Control, Agile, Continue reading

Selecting Shapes by Layer

Selecting shapes and connectors one-by-one in Visio can be tedious, especially when working with large or repetitive drawings. If you've been drawing for a while, you've probably gotten the hang of selecting just the right subset of shapes using the rectangular select tool, and employing the control key to add or remove any outliers as desired. This can be time-consuming though, especially when you want to pick out just a few connectors from a jumble of criss-crossing lines.

Here's a trick to try next time you find yourself excessively control-clicking: Identify each logical group of shapes or connectors that you'll likely want to tweak, and bundle them up into to their own layer. You can then use Visio's "select by layer" option to grab them all at once later. Take the drawing below, for instance.

drawing1.png

Continue reading · 6 comments

Migrating from WordPress to Pelican on PaaS – Part 3

The final installment in this three part series. This covers installing Dokku and publishing your pelican blog to you new Docker-powere mini-Heroku.

Part 3: Publishing to PaaS with Dokku

The Plan

If you haven't read Part 1 or Part 2 yet, this should give you some background as to what I'm doing, why I'm doing it and how I built it. In this installment I'll focuse on the publishing side of things.

Hosting

My former blog was hosted on a Linode 1024 VPS, which had a healthy 1GB RAM. I've been very happy with Linode and would recommend them to anybody who needs hosting, but for the convenience of having prebuild Ubuntu images with Dokku installed, I opted to host my blog with DigitalOcean. They have a full tutorial on their website that makes this very easy to set up.

One of the big benefits of using a static site generator is that the memory requirement is a lot less than Apache+PHP or Nginx+PHP. I'm hosting my site now on a $5/month VM from DigitalOcean which is a $15/month saving on my Wordpress site.

Before publishing...

Once you have your Dokku installation set up, you can push your application to Continue reading

JunOS and ARP Glean

I'm using Cisco vocabulary 'glean' here as I don't know better word for it. Glean is any IPv4 packet which is going to connected host which is not resolved. It is NOT an ARP packet, so ARP policers won't help you. They are punted, since you need to generate ARP packet and try to resolve them.

In 7600 we can use 'mls rate-limit unicast cef glean 200 50' to limit how many packets per second are punted to control-plane for glean purposes. How can we limit this in JunOS? As far as I can see, there is no way. But I remember testing this attack and was unable to break MX80, so why didn't it break?

First let's check what does connected network look like

[email protected]> show route forwarding-table destination 62.236.255.179/32 table default Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 62.236.255.0/24 intf 0 rslv 828 1 xe-0/0/0.42

Ok, fair enough. Type 'rslv', which we can guess means packet is punted to control-plane for resolving ARP. Let's try to ping some address rapidly which does not resolve and check what it looks like

[email protected]> show Continue reading

Comware: Port Link-mode Bridge vs Port Link-mode Route

Some HP L3 Switches Comware based, brings the concept of “switchports” as Bridge and Route mode.

The Bridge mode (port link-mode bridge) works the same way that any other access Switches.

When using Route mode (port link-mode route) the port is converted into a layer 3 interface, which need an IP address.  All STP messages will be ignored.

Example

#
interface GigabitEthernet4/0/1
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-type access
port access vlan 2
#

Regards

Secret CEF Attributes, Part 4

In Parts 1, Part 2 and Part 3 we saw we can use the CEF table to express all sorts of different QoS policies. In Part 4 we describe how to attach a policy to the packet that will follow it around the network. Like many policies (security, shaping, etc.) it’s best to classify the […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Secret CEF Attributes, Part 4 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

1 3,265 3,266 3,267 3,268 3,269 3,351