VRF Export Maps
VRFs are an excellent tool for maintaining segregated routing topologies for separate customers or services. I've previously covered inter-VRF routing using route targets, but what if we only want to export a subset of the routes within a VRF? Here's a scenario in which this would be desirable.
Customers A and B each have a site network and a colocation network, and both customers need access to the 192.168.0.0/24 network in the Services VRF. The customers must utilize unique IP space in order to prevent overlapping networks, so each customer has been allocated dedicated IP space from their common provider out o 10.0.0.0/8. Unfortunately, customer A is still has some networks within the 172.16.0.0/16. These networks need to access services in the host colo, but the service provider can't allow this space to be advertised into the Services VRF as it's not approved IP space.
Our goal is to export only the networks within the 10.0.0.0/8 space from the customer VRFs to the Services VRF. How can we accomplish this?
Let's have a look at the initial network state. (This lab was performed using a single router for Continue reading
Leveraging LISP for IPv6 internet connectivity
Introduction End hosts inside of the enterprise or home can be connected to the IPv6 internet using LISP’s powerful encapsulation mechanisms. This article is structured in three sections exploring the utilization of LISP as means of IPv6 internet connectivity. The first section dives into IOS LISP IPv6 configuration and verification of the control-plane/data-plane. The use […]
Author information
The post Leveraging LISP for IPv6 internet connectivity appeared first on Packet Pushers Podcast and was written by Pablo Lucena.
Exploring OSPF Messages in a Multi-access Network
The following network is configured with OSPF with all interfaces in area 0. Since this is a multi-access network, a Designated Router (DR) is elected which improves OSPF performance by reducing the amount of LSA flooding. R3 is the current DR, with R2 as the BDR. R4’s interface to SW1 has been configured as a passive interface to prevent an adjacency from forming and simulate R4 being a “new” router on the network. Wireshark is monitoring the link between R4 and SW1.
I won’t go into all the details regarding Wireshark output and the OSPF process. If you want a more detailed analysis, take a look at my previous blog article here. In this article, we’ll only be taking a closer look at what happens specifically in a multi-access environment.
Upon re-enabling R4’s interface for OSPF, we see R4 sends a Hello packet to the All OSPF Routers multicast address (224.0.0.5) and that no DR or BDR is listed. R4 is “new” to the network as far as OSPF is concerned, so it has no idea about the current topology.
R1, R2, and R3 all send Hello packets with the Continue reading
OSPF Link State Advertisements (LSAs) and Areas – Part I
If every router in an enterprise environment was in a single OSPF area, at some point you’re going to encounter scalability issues due to any changes in the environment causing an SPF recalculation in all routers in that single area.
LSAs and their use within areas provide a mechanism for maximizing performance in OSPF by logically segmenting groups of contiguous links so that every router in the entire autonomous system does not have to have exact copies of the Link State Database (LSDB) and to reduce the amount of LSA flooding. SPF calculations are also isolated to each individual area rather than the entire environment. Different LSAs are used in different situations, and are treated differently depending on the type of OSPF area involved.
The following table represents the different LSA types, and was taken from the CCIE R&S OCG.
| TYPE | NAME | DESCRIPTION |
| 1 | Router | One per router containing its RID and all interface IP addresses; also represents stub networks. |
| 2 | Network | One per transit network. Created by the DR and represents the subnet and router interfaces connected in the subnet. |
| 3 | Network Summary | Created by Area Border Routers (ABRs) to represent one area’s type 1 and Continue reading |
Anycast DNS with IP SLA DNS
Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.
First you’ll have to configure the Cisco’s IP SLA. Using the DNS feature is much better than just ICMP. It will actually verify that the DNS server is responding to a specified query. In my example below I’m using a query for test001dns.me which is configured on the server as an A record. The DNS query is sent to a distinct IP address of the server 10.90.1.5. All local DNS server have two IP addresses: distinct and anycast. The anycast address is configured as a secondary IP (10.10.10.10) a numerous DNS servers throughout the enterprise.
Below is the IP SLA configuration using the DNS feature. It is configured on a LAN router.
ip sla 10 dns test001dns. Continue reading
IPv6 First-Hop Security
How does the internet work - We know what is networking
All methods to mitigate IPv6 security issues Real life security intro I the process of configuring our corporate network test segment for IPv6 support there was direct demand to pay particular attention to security. In few weeks it was my mayor role to go trough all materials I could get in order to learn more […]
Make yourself a standout
As people manage their careers, it is common sense that they need to stand above their peers if they want to outperform them from a career perspective. This is why you see people working 14- or 16-hour days. It’s become such common behavior that it is a central meme in just about every movie or […]
Author information
The post Make yourself a standout appeared first on Packet Pushers Podcast and was written by Michael Bushong.
Nuage Networks at Network Field Day 6
Nuage is tackling the “rapid provisioning” problem when it comes to networking. How can we convince customers or LoB owners to not push everything up to AWS, when the provisioning mechanisms behind a private solution are not nearly as good? The ultimate goal is to have the network immediately ready upon instantiating a workload, physical or virtual. The key focus we heard about is that an SDN solution must provide this policy automation framework across virtual AND non-virtual workloads.Nuage Networks at Network Field Day 6
Nuage is tackling the “rapid provisioning” problem when it comes to networking. How can we convince customers or LoB owners to not push everything up to AWS, when the provisioning mechanisms behind a private solution are not nearly as good? The ultimate goal is to have the network immediately ready upon instantiating a workload, physical or virtual. The key focus we heard about is that an SDN solution must provide this policy automation framework across virtual AND non-virtual workloads.MPTCP – Multipath TCP
How does the internet work - We know what is networking
Intro Multipath TCP is an extension of TCP that will soon be standardized by IETF. It is a succesful attempt to resolve major TCP shortcomings emerged from the change in the way we use our devices to communicate. There’s particularly the change in the way our new devices like iPhones and laptops are talking across network. All the devices […]
OSPF Summary Routes and BGP
Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:
- Does the routing table know the exact route you’re trying to advertise into BGP?
- Is any route filtering being performed? Don’t forget to check at the source of the BGP route and the destination it’s being advertised to!
- Is soft-reconfiguration supported on the software you’re running?
- Will you need to do a “clear ip bgp neighbor”? Seems IOS 12.4 doesn’t require it but 12.2 does. I tested 12.4 on GNS3, and 12.2 on a live 6500.
Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:
Switch#sh ip route 10.253.0.0 255.255.240.0
Routing entry for 10.253.0.0/20
Known via "ospf 1", distance 110, metric 0, type intra area
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1
This route will not be created on a non-ABR router, so watch Continue reading
Mind Your Q’s and P’s
In the midst of this series of posts around fast convergence, someone asked if I could explain p and q space a little better. The illustration here might help readers who have more of a visual mind to understand the concepts involved. (feel free to click through to a larger version) Essentially, we can think […]
Author information
Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA
First Wind Energy is searching for a Network Administrator who will be a key member of the IT team and report to the Director of IT. This position is based in Boston, MA. The Network Administrator is a hands-on technical position focusing on the support and maintenance of the network infrastructure and end user support […]
Author information
The post Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA appeared first on Packet Pushers Podcast and was written by Job Posting Service.
INTER-AS VPNs PART -1
MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used application of MPLS is MPLS VPN. There are two flavors of MPLS VPN which is Layer 2 and Layer3 VPNs. Basically layer2 VPNs, service provider gives layer2 connectivity to the customer and PW established for each […]
Author information
The post INTER-AS VPNs PART -1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Valuing IP Addresses
In the emerging IP address broker world it seems that one of the most widely cited address transactions was that of a US bankruptcy proceedings in 2011, where Microsoft successfully tendered $7.5M to purchase a block of 666,624 addresses from the liquidators of Nortel, which is equivalent to a price of $11.25 per address. Was that a "fair" price for IP addresses then, and is it a "fair" price now?iOS7′s impact on networks worldwide
Apple releases an iOS update and the networks all across the world witness a spike of almost 100% in the average traffic that they receive. Apple delivers its content using Akamai, which allegedly handles 20% of world’s total web traffic. Akamai is thus in a unique position to provide a view of whats happening on the web, at any given instant in time. Akamai logs clearly show an over all increase in Internet traffic and the hotspots in Europe soon after Apple released its iOS7.
Akamai showing traffic hotspot in Europe
Most service providers saw Akami and Limelight traffic up by an average of 300-700% immediately after iOS7 was released.
Being an Android user myself, i found iOS7′s release with the massive increase in the Internet traffic reported all over the world quite insidious. Honestly, i was a trifle concerned with what iOS7 was internally doing to result this.
It turned out to be quite an anti-climax when i realized that the spurt in network traffic was just because of Apple devices upgrading to the newer iOS. The iOS7 upgrade for the phones is around 900MB, and that for the ipads is around 1.2GB. Given that there are quite Continue reading
Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows
In this week’s show, we dive into the networking community ocean, and come up with Brian Tierney and Nick Buraglio for a discussion about perfSONAR. perfSONAR is an open-source package of network testing tools that can run in a mesh across diverse network infrastructure, and help determine why you’re not getting the network throughput on […]
Author information
The post Show 163 – Open Source perfSONAR Finds The Flaws Impacting The Flows appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Stop The Rodent – Tackling Rogue Devices in the BYOD Era
There was a time when the network was flat – everything was interconnected, anyone could access everything and security was not a serious problem. And when security problems began to crop up, options like three-layered hierarchical model, firewalls and Intrusion Detection Systems helped you secure the network. Finally, when you were battling viruses, zero day […]
Author information
The post Stop The Rodent – Tackling Rogue Devices in the BYOD Era appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.