0

JunOS ‘L3 incompletes’, what and why?

There is quite often chatter about L3 incompletes, and it seems there are lot of opinions what they are. Maybe some of these opinions are based on some particular counter bug in some release. Juniper has introduced also toggle to allow stopping the counter from working. It seems very silly to use this toggle, as it is really one of the few ways you can gather information about broken packets via SNMP.

What they (at least) are not

• Unknown unicast
• CDP
• BPDU
• Packet from connected host which does not ARP
• Packet from unconfigured VLAN

What they (at least) are

• IP header checksum error
• IP header error (impossibly small IHL, IP version 3, etc)
• IP header size does not match packet size

Troubleshooting

So if you are seeing them, what can you do? As it is aggregate counter for many different issues, how do you actually know which one is it and is there way to figure out who is sending them? Luckily for Trio based platforms answers and highly encouraging, we have very good tools to troubleshoot the issue.

To figure out what they exactly are, first you need to figure out your internal IFD index (not snmp ifindex)

im@ruuter> Continue reading

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

Author information

The post Coffee Break – Show 3 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

The post Coffee Break – Show 3 appeared first on Packet Pushers.

0

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

0

IPv6 radius accounting is still a mess

0

Configuration Backups for F5

As an administrator of network devices, keeping full backups is important for being able to recover from hardware failure. With F5 devices, backups come in the form of UCS files which is an archive that contains all configurations and SSL certificates. With a UCS file, you can take a replacement device, upload a UCS file […]

Author information

The post Configuration Backups for F5 appeared first on Packet Pushers Podcast and was written by Eric Flores.

0

Dell, Cumulus, Open Source, Open Standards, and Unified Management

On Thursday, at Network Field Day 7, Arpit Joshipura described Dell's networking strategy. He started by polling the delegates to see which topics were most on their mind.
The first topic raised by many of the delegates was the recently announced Dell/Cumulus partnership (listed as Open NW on the white board), see Dell Unlocks New Era for Open Networking, Decouples Hardware and Software. Next on the list was an interest in Dell's Open Source networking strategy, understanding Dell's Differentiation strategy, and plans for L3.
Dell's open networking strategy is described at time marker 14:55 in the video. Dell was one of the first vendors to move to merchant silicon, now they are opening up the switch platform, allowing customers to choose from standard merchant silicon based switch platforms (Broadcom, Intel) and switch software (currently FTOS / Cumulus).

Arpit suggests that customers will choose Cumulus Linux as the operating system for the layer 3 features and because they can use the same expertise and tools (Puppet, Chef etc.) to manage Linux servers and the switches connecting them. He also suggested that customers would choose FTOS for legacy networks and layer 2 features. Support for the Open Networking Install Environment Continue reading

0

Comware: Clearing an Interface Configuration

HP released the “default” command on interface-view in the latest version of Comware in order to restore to default configuration of an interface.

This command is useful when you want to clear an interface configuration and reuse the interface for some other task. Normally you would need to issue the “undo” command for each line.

Following below the configuration (the command was tested on HP 7500 Switches Release 6626P02)

 

[HP-GigabitEthernet1/0/1] display this
! checking interface configuration before clean up
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
return

[HP-GigabitEthernet1/0/1]default
This command will restore the default settings. Continue? [Y/N]:y
! Setup default command on interface
!
[HP-GigabitEthernet1/0/1]display this
#
interface GigabitEthernet1/0/1
port link-mode bridge
#

See you soon

0

Changing Data Center Workloads

Networking-wise, I’ve spent my career in the data center. I’m pursuing the CCIE Data Center. I study virtualization, storage, and DC networking. Right now, the landscape in the network is constantly changing, as it has been for the past 15 years. However, with SDN, merchant silicon, overlay networks, and more, the rate of change in a data center network seems to be accelerating.

Things are changing fast in data center networking. You get the picture

Whenever you have a high rate of change, you’ll end up with a lot of questions such as:

• Where does this leave the current equipment I’ve got now?
• Would SDN solve any of the issues I’m having?
• What the hell is SDN, anyway?
• I’m buying vendor X, should I look into vendor Y?
• What features should I be looking for in a data center networking device?

I’m not actually going to answer any of these questions in this article. I am, however, going to profile some of the common workloads that you find in data centers currently. Your data center may have one, a few, or all of these workloads. It may not have any of them. Your data center may have one of the Continue reading

0

Out with the old, in with the new

A few weeks ago I was asked to help a client turn up and move everything over to a new network. I have done this many times and this is not an uncommon type of project. In doing network assessments for clients I have found some old equipment still in service, still part of the […]

Author information

The post Out with the old, in with the new appeared first on Packet Pushers Podcast and was written by Charles Galler.

0

Big Switch, Cumulus, and OpenFlow

“The only way you can truly be successful in meeting the customer needs around OpenFlow is to be truly focused on a great OpenFlow agent that lives on the switch platform.   Trying to come up with a hybrid approach or half approach inevitably end up in unhappy customers… In general, when customers want to use OpenFlow, Cumulus will say, Continue reading

0

Can Wi-Fi be made easier to use than cellular?

"Making Wi-Fi as easy as cellular” is a popular maxim when engineers, marketeers, and journalists talk about Hotspot 2.0. And it’s not hard to understand why. The cellular connectivity experience is well understood in virtually every culture, while, except to...

0

Comware: STP disable

As default, STP and other features are disable on some HP device based on Comware. In this case it is important to always check the Spanning-Tree Protocol status before include a device in a network in production. And if necessary enable it.

 

[Switch] display stp
Protocol Status :disabled
Protocol Std. :IEEE 802.1s
Version :3
Bridge-Prio. :32768
MAC address :000f-e203-0200
Max age(s) :20
Forward delay(s) :15
Hello time(s) :2
Max hops :20
! Identify that STP is enabled on Switch

[Switch]stp enable
%Jun 18 16:21:10:253 2012 Switch MSTP/6/MSTP_ENABLE: STP is now
enabled on the device.
! enabling Spanning-Tree

See you soon.

0

Redundant Default Gateway solutions in IPv4 networks

How does the internet work - We know what is networking

This article is an introduction to different default gateway solutions. Those technologies are enabling devices on IPv4 local subnets to have more than one Default gateway configured or at least some configuration that make them work half the way of ideal redundant solution. Idea behind this article is to be an introduction to a set […]

Redundant Default Gateway solutions in IPv4 networks

0

ICMP – Internet Control Message Protocol

How does the internet work - We know what is networking

ICMP protocol is a bunch of error, queries and response messages that are helping us every day to troubleshoot and manage our networks. At least if you found yourself in a networking engineer role. Network protocol “ICMP” is known as a control protocol because it is used for the purpose of administration and management within an […]

ICMP – Internet Control Message Protocol

0

The 5 Year Plan

I was recently asked what my 5 year career plan was and whether I wanted to go down the architect route. It threw me a little bit because I’ve never really been a 5 year type person. I have real trouble seeing where I’ll be beyond a year to 18 months.

So, this is my attempt to try and put something together. It doesn’t hurt to have a plan right?

Ideally, you need a short, medium and long term plan. A couple of these could be tech related (e.g: get to CCIE), but the pace technology moves at means the longest term one (if it’s longer than 3 years could well have moved goalposts, or died out). So, without ado, I give you the 3 – 6- 12 – 24 – 36 plan. Or 3,6,1,2,3 plan. This is my way of putting down what I want to have achieved in the next 3-6 months, year, 2 and 3 years.

3-6 months: Get my CCNP Security finished with, and maybe another associate level non-Cisco vendor certification.

1 year: Complete my CCIE written and be on my way to lab revision.

2 years: Completed, or have attempted the CCIE lab once.

Continue reading

0

Why you should want metered INET?

When people think about metered, they may think about mobile roaming or old outrageous per minute PSTN billing. Those are not fair prices, they are not what I'm talking about.

Also INET should be always on, billing should take this into consideration, maybe once you exceed your paid capacity, your connection is policed to 256kbps unless you pay for more. You could get notice when this limit is nearing by SMS and Email.

Flat-rate billing is based on assumption that on average INET is not used much at all, in such scenario it works. Consumers get flat-rate stove-gas in Helsinki, because its use is almost non-existing. But services like Youtube and Netflix which are relatively new can alone be 2/3 of all your traffic, meaning what ever average use you planned for, it's not true, average use is increasing as more services users care for appear.

---

1. Quality

When you pay flat rate there is financial incentive for your operator not to provide you bits, every bit not provided improves your margins. Operators today regularly keep some ports congested, because it would be expensive to upgrade, instead they try get someone else to pay for it, if they have the Continue reading

0

#NFD7 Real Time SDN and NFV Analytics for DDoS Mitigation

Today, at Networking Field Day 7, Ramki Krishnan of Brocade Networks demonstrated how the sFlow and OpenFlow standards can be combined to deliver DDoS mitigation as a service. Ramki is a co-author of related Internet Drafts: Large Flow Use Cases for I2RS PBR and QoS and Mechanisms for Optimal LAG/ECMP Component Link Utilization in Networks.
The talk starts by outlining the growing problem of DDoS attacks and the market opportunity for mitigation solutions, referencing the articles, Prolexic Publishes Top 10 DDoS Attack Trends for 2013, World's largest DDoS strikes US, Europe.
The diagram shows the unique position occupied by Internet Service Provider (ISP) and Internet Exchange (IX) networks, allowing them to filter large flood attacks and prevent them from overwhelming Enterprise customer connections - provided they can use their network to efficiently detect attacks and automatically filter traffic for their customers.
This diagram shows how standard sFlow enabled in the switches and routers provides a continuous stream of measurement data to InMon sFlow-RT, which provided real-time detection and notification of DDoS attacks to the DDoS Mitigation SDN Application. The DDoS Mitigation SDN Application selects a mitigation action and instructs the SDN Controller to push the action to Continue reading

0

Faking an ASA as a DNS Forwarder

I came across a good tip the other day that was very helpful during a small site firewall migration. Here’s the back story:

I was migrating a small single-site customer that had, up to this point, been using a FIOS-provided consumer-type router/firewall/access point to some Cisco gear including an ASA firewall for better firewall/VPN capabilities. This is fairly common with small businesses that start out with essentially consumer-style connectivity and finally begin to grow to a point of needing business-grade capabilities. My preparation went fine, and when the time came I swapped the ASA firewall in place of the FIOS-provided one. Then everything broke.

I had meticulously prepared the ASA to take over immediately from the old FIOS router, even going so far as to spoof the FIOS router’s MAC address on the ASA’s inside interface for now so as not to disrupt the 60-or-so clients that were all on the single attached internal subnet while their ARP caches timed out since we were doing the install and cut-over during working hours. I had set up a DHCP scope on the ASA as well, which instructed clients to use some public DNS resolvers as this small business has, so far, Continue reading

0

Is CPU or ASIC responsible for forwarding?

I received the question below from reader Ned as a comment on my 24-port ASIC post and thought that the discussion was worth a post of it’s own. …Would you be able to speak a bit about the actual physical path … Continue reading →

The post Is CPU or ASIC responsible for forwarding? appeared first on The Network Sherpa.