Archive

Category Archives for "Networking"

Your Career – Enemies Within and Without

In the mood for some self analysis and reflection around your career and your employer? Good. I’ve strong feelings about employment in general and even stronger ones around balancing it with your personal life (I wouldn’t dare say private any more) and making work work for you. I’m definitely in the work to live camp. […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post Your Career – Enemies Within and Without appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Heatsink Upgrade

A little detour from the networking topics today to show off a little weekend tech project. I recently ran into some overheating problems with my home BYO PC. Core Temp was showing upwards of 70 degrees Celsius during normal operation, and under load, it would sometimes just shut down completely. Here’s the setup I had as of 2 days ago: The rear fan, which takes air in, was not working due to a short.

Heatsink Upgrade

A little detour from the networking topics today to show off a little weekend tech project. I recently ran into some overheating problems with my home BYO PC. Core Temp was showing upwards of 70 degrees Celsius during normal operation, and under load, it would sometimes just shut down completely. Here’s the setup I had as of 2 days ago: The rear fan, which takes air in, was not working due to a short.

Network Security and the N00b Meter

This morning I read an article in which the writer thought that wireless security was too inconvenient and difficult, so he simply disabled it, leaving his network wide open. He was tired of his complex password being too hard for guests to use and made the comparison that they didn’t have to use these kinds […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Network Security and the N00b Meter appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Optimizing and Protecting Spanning Tree – Lab Testing

Unfortunately the equipment I was using didn’t support PVST+ (Sup2Ts in 6503 Catalyst Switches), so I skipped testing UplinkFast and BackboneFast as these are incorporated in 802.1w (RSTP) and 802.1s (MSTP, which is basically an extension of RSTP).

BPDU Guard

image

For this test, SwitchD will be treated as a Rogue Switch being attached to the network.  Initially, SwitchC’s port 2/1 is configured as an access port with only PortFast enabled.

  1. 1. Disconnect link between SwitchC and SwitchD
  2. 2. Configure SwitchC port 2/1 as an access port in VLAN 10 with PortFast enabled.
  3. 3. Configure SwitchD port 2/1 as an access port in VLAN 10. Configure the priority on VLAN 10 to be 0.
  4. 4. Reconnect link between SwitchC and SwitchD and check topology for VLAN 10. SwitchD should be the root for VLAN 10.
  5. 5. Disconnect link between SwitchC and SwitchD
  6. 6. Enable BPDU Guard on Switch C port 2/1
  7. 7. Reconnect link between SwitchC and SwitchD. SwitchC port 2/1 should move to an err-disable state. Verify with sh interfaces status err-disabled. Verify SwitchD is no longer the root for VLAN 10.

*Jul  5 22:02:06.023: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet2/1 with BPDU Guard enabled. Disabling Continue reading

Masterclass – Tcpdump – Expressions

This Masterclass article series aims to provide in-depth technical information on the installation, usage and operation of the classic and supremely popular tcpdump network traffic analysis program including alternatives, running tcpdump as a process, building expressions, understanding output and more. I’ve covered the Basics and Parameters previously and here I move on to filter Expressions; […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post Masterclass – Tcpdump – Expressions appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Ambassadors Cookbook for Enterprise now available

At the beginning of 2013 I was asked to join the Juniper Ambassador team; essentially an outreach program to those active in social channels including the J-Net community.  Whilst I was appreciative of the vendor swag; it wasn’t until the community manager had the bright idea for us to collaborate on a book did it […]

Author information

Glen Kemp

Professional Services Consultant at Fortinet, Inc

Professional Services Consultant. Designing & deploying “keep the bad guys out” technologies. Delivering elephants and not hunting unicorns.

Please free to add me on , follow me on Twitter or check out my other blogs on Fortinet Blog, sslboy.net and SearchNetworking.

The post Ambassadors Cookbook for Enterprise now available appeared first on Packet Pushers Podcast and was written by Glen Kemp.

KIClet: IOS “network” Command Cheating

I have always used the “network 0.0.0.0 0.0.0.0” statement to describe “all interfaces” when configuring a routing protocol like EIGRP. I know that it’s not correct, but I never stopped to wonder why my bad habit still worked. Then, I found this good article by @jdsilva explains this is IOS just assuming you had a “brain fart” and meant to type the proper “network 0.0.0.0 255.255.255.255” I’m studying for the CCIE and it can be really good to identify these bad habits that, while in real life may not be too bad, especially this kind, where the result is the same, but on exams can mean the difference between failure and success.

KIClet: IOS “network” Command Cheating

I have always used the “network 0.0.0.0 0.0.0.0” statement to describe “all interfaces” when configuring a routing protocol like EIGRP. I know that it’s not correct, but I never stopped to wonder why my bad habit still worked. Then, I found this good article by @jdsilva explains this is IOS just assuming you had a “brain fart” and meant to type the proper “network 0.0.0.0 255.255.255.255” I’m studying for the CCIE and it can be really good to identify these bad habits that, while in real life may not be too bad, especially this kind, where the result is the same, but on exams can mean the difference between failure and success.

You have a new manager – now what do you do?

We’ve all been there – a recent re-org or maybe your boss gets promoted or your boss leaves and you end up with a new manager. As I have mentored people over the years, I’d say that the most common reaction is “Crud! I have to start over.” But once you get past that moment […]

Author information

The post You have a new manager – now what do you do? appeared first on Packet Pushers Podcast and was written by Michael Bushong.

Traditional AQM is not enough!

Note: Updated October 24, 2013, to fix some editorial nits, and to clarify the intended point that it is the combination of a working mark/drop algorithm with flow scheduling that is the “killer” innovation, rather than the specifics of today’s fq_codel algorithm.

Latency (called “lag” by gamers), once incurred, cannot be undone, as best first explained by Stuart Cheshire in his rant: “It’s the latency, Stupid.” and more formally in “Latency and the Quest for Interactivity,” and noted recently by Stuart’s 12 year old daughter, who sent Stuart a link to one of the myriad “Lag Kills” tee shirts, coffee bugs, and other items popular among gamers.lag_kills_skeleton_dark_tshirt

Out of the mouth of babes…

Any unnecessary latency is too much latency.

Many networking engineers and researchers express the opinion that 100 milliseconds latency is “good enough”. If the Internet’s worst latency (under load) was 100ms, indeed, we’d be much better off than we are today (and would have space warp technology as well!). But the speed of light and human factors research easily demonstrate this opinion is badly flawed.

Many have understood bufferbloat to be a problem that primarily occurs when a saturating “ Continue reading

Vendor mandated certs only degrade integrity

I dont doubt that vendors have a tight line to walk when it comes maintaining their brand integrity. To build up a skill set in the market the certification teams put in many weeks developing a program that is relevant, useful and achieves the goals required. Followed by countless hours reviewing each of the certifications regularly to ensure integrity. There is the added benefit that these certifications build of community of loyal followers – The Cisco and VMWare certification programs are evidence to this.

I personally have been involved in the development, technical review, and exam rewrite process and I can attest to the effort that the certifications teams go to to ensure the validity and integrity of their offerings. Weeding out sources of brain dumps and NDA violations and other activities that threaten this integrity work becomes an on going commitment that requires many hours of dedication.

On the other side of the line is the requirement to have the partners representing the vendor to maintain a level of skills and customer satisfaction. This ensures that when the brand is represented in the market that it will be delivered by the most skilled people capable of delivering the Continue reading

The Illusion of Perfection

I spend a lot of time commuting. During that commute, I listen to technical podcasts and lots of different leadership and career oriented audio books. One of the topics that experts seem to have differing opinions on is defining what is good enough. I’ve heard many refer to Nike’s ad campaign, Just Do It, and […]

Author information

Paul Stewart

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With nearly 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems. Paul also writes technical content at PacketU.

The post The Illusion of Perfection appeared first on Packet Pushers Podcast and was written by Paul Stewart.

Snowden Media Douchebaggery

Recently the New York Times posted an article stating that while Edward Snowden was at the NSA, he learned to be a hacker by taking a CEH course and getting the certification. But the certification, listed on a résumé that Mr. Snowden later prepared, would also have given him some of the skills he needed […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Snowden Media Douchebaggery appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Cisco ASA Virtualization with Mixed-Mode Security Contexts

The Cisco ASA firewall has supported multiple security contexts since version 7 was released in 2005. This feature allows you to configure multiple independent logical firewalls in the same ASA hardware.  When version 8.5(1) released in July 2011, support was added for mixed mode firewalls in which both routed and transparent contexts can reside on […]

Author information

Eyvonne Sharp

Eyvonne Sharp

Eyvonne Sharp is a senior network engineer for a large healthcare enterprise where her focus is security and data center architecture. Before working in the enterprise, she spent 10 years working for small VARs and integrators in the SMB space. Eyvonne blogs at esharp.net and you can connect with her on twitter @SharpNetwork

The post Cisco ASA Virtualization with Mixed-Mode Security Contexts appeared first on Packet Pushers Podcast and was written by Eyvonne Sharp.

The Smartest Guy in the Room

There is one thing that anybody who has been in a room with me longer than 5 minutes can tell you – I am not a smart guy! I have lots of smart friends. I am not one of them. Sometimes I feel like I’ve done more stupid things, more often than I would like to admit, and its only that I have been stupid enough often enough that I have eventually learned “dont do that!“.

Albert-Einstein

A couple of things have happened over the past few weeks that made me think about “The Smartest Guy in the Room”, and I thought I would share a few incomplete thoughts on the matter.

As a Consultant

Back on June 18, Matthew Norwood (who I would nominate for the award of “Nicest man in Network Blogging and Puppeteering”) wrote this blog post about consulting. In this post he talks about how as a consultant sometimes you have to accept that you are not the smartest guy in the room. At first this may seem odd, especially because usually our customers are paying us lots of money because we are experts. Funnily enough, on consulting engagements my job is more “I Continue reading

Show 152 – Nexus Announcements from Cisco Live 2013 with Ron Fuller – Sponsored

Ethan Banks and Greg Ferro are joined by Brent Salisbury for a discussion with Cisco’s Nexus-geek-at-large Ron Fuller about a whole lot of things happening in the Cisco data center product line in this sponsored edition of the Packet Pushers Podcast. First up, we review the announcement from the previous Cisco Live (London 2013) about […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 152 – Nexus Announcements from Cisco Live 2013 with Ron Fuller – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

How to Prepare for CCDE Practical Exam

I was a bit harsh when I wrote: you have to be CCIE to pass CCDE. Couple of friends of mine, who are not CCIEs, came to me after reading that post and said I had demolished their hope to pass the exam.

I won't lie. It's easier to become CCDE if you have already had a CCIE. But fear not, there is still chance for non-CCIE to pass CCDE exam as well. And several guys who are not CCIE but able to put their name in this Hall of Fame is the proof.

The next CCDE practical exam date is on August 27. So there is still time for both groups of CCIE and non-CCIE to pass it, and here is another version of "how to prepare for CCDE exam" that may help to do so:

1. You still need a good reason to do it
You need a good reason as your main motivation to keep continue pursuing this certification, after you fail the exam. Or after you fail the exam several times.
So find your reason.

2. You still need the experience
You can't skip experience. I'm not kidding.
From CCDE Techtorial it says "CCDE Practical is Continue reading

Healthy Paranoia Show 14: Digital Forensics and Incident Response with Andrew Case

Get ready for another nerdilicious episode of Healthy Paranoia featuring Andrew Case, digital forensics researcher and a core developer for the Volatility Framework. Liam Randall joins Mrs. Y. as they discuss topics such as: The difference between forensics and incident response. Malware analysis vs. reverse engineering. Why you should treat a compromised system like a […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Healthy Paranoia Show 14: Digital Forensics and Incident Response with Andrew Case appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Control Plan and Data Plan – Answer provided by Keith Barker

I came across this great answer to a question from Keith Barker and felt it needed to be shared. Great analogy Keith.


Hello Vijay-

Great question.

Let's say you and I are in charge of public transportation for a small city.

transportation routes.gif


Before we send bus drivers out, we need to have a plan.

Control Plane = Learning what we will do


Our planning stage, which includes learning  which paths the buses will take, is similar to the control plane in the network.   We haven't picked up people yet, nor have we dropped them off, but we do know the paths and stops due to our plan.  The control plane is primarily about the learning of routes.

In a routed network, this planning and learning can be done through static routes, where we train the router about remote networks, and how to get there.   We also can use dynamic routing protocols, like RIP, OSPF and EIGRP to allow the routers to train each other regarding how to reach remote networks.   This is all the control plane.

Data Plane = Actually moving the packets based on what we Continue reading