Keeping It Classless Labs – Static Routing
This is the first in what I hope to be a useful series on configuration/walk through videos aimed at educating up-and-coming networking professionals on some of the more fundamental concepts. Today we’ll be looking at static routing and how to configure it in a small Cisco network. Below are the lab files (GNS3) and the videos themselves. Download the Lab Outline Download the GNS3 Lab used in this video Since it’s a new Youtube channel, I’m limited to 15 minutes per clip, and therefore had to break it into two parts.New Feature – Keeping It Classless LABS
I’m pleased to announce a new feature on the site. I’m going to start publishing some articles on more fundamental concepts in networking in the form of video walk throughs / labs. I wanted to free up the main blog feed for some more advanced topics, and a lot more of an overall network design discussion, as well as the occasional fun stuff. Several people have approached me in the past about making something like this that would help beginners learn the fundamentals, and at the time I wasn’t able to, but I feel like I’m able to do them now.Keeping It Classless Labs – Static Routing
This is the first in what I hope to be a useful series on configuration/walk through videos aimed at educating up-and-coming networking professionals on some of the more fundamental concepts. Today we’ll be looking at static routing and how to configure it in a small Cisco network. Below are the lab files (GNS3) and the videos themselves. Download the Lab Outline Download the GNS3 Lab used in this video Since it’s a new Youtube channel, I’m limited to 15 minutes per clip, and therefore had to break it into two parts.New Feature – Keeping It Classless LABS
I’m pleased to announce a new feature on the site. I’m going to start publishing some articles on more fundamental concepts in networking in the form of video walk throughs / labs. I wanted to free up the main blog feed for some more advanced topics, and a lot more of an overall network design discussion, as well as the occasional fun stuff. Several people have approached me in the past about making something like this that would help beginners learn the fundamentals, and at the time I wasn’t able to, but I feel like I’m able to do them now.Keeping It Classless Labs – Static Routing
This is the first in what I hope to be a useful series on configuration/walk through videos aimed at educating up-and-coming networking professionals on some of the more fundamental concepts. Today we’ll be looking at static routing and how to configure it in a small Cisco network. Below are the lab files (GNS3) and the videos themselves. Download the Lab Outline Download the GNS3 Lab used in this video Since it’s a new Youtube channel, I’m limited to 15 minutes per clip, and therefore had to break it into two parts.New Feature – Keeping It Classless LABS
I’m pleased to announce a new feature on the site. I’m going to start publishing some articles on more fundamental concepts in networking in the form of video walk throughs / labs. I wanted to free up the main blog feed for some more advanced topics, and a lot more of an overall network design discussion, as well as the occasional fun stuff. Several people have approached me in the past about making something like this that would help beginners learn the fundamentals, and at the time I wasn’t able to, but I feel like I’m able to do them now.My Three Favorite “Pop Culture Meets Computers” EPIC FAILS
The television and video game industry are just absolutely RIDDLED with terrible attempts at referencing technology. Typically, these scenes will try to delve into some sort of computer-like concept, often related to computer networking, to try to improve the modernity of the content. Before you say anything, I did pull a bit of inspiration from this Cracked article, but there are a few I’ve encountered on my own. I hope you enjoy!My Three Favorite “Pop Culture Meets Computers” EPIC FAILS
The television and video game industry are just absolutely RIDDLED with terrible attempts at referencing technology. Typically, these scenes will try to delve into some sort of computer-like concept, often related to computer networking, to try to improve the modernity of the content. Before you say anything, I did pull a bit of inspiration from this Cracked article, but there are a few I’ve encountered on my own. I hope you enjoy!Cisco Nexus User Roles using TacPlus
I previously wrote a post about the Nexus Roles and how they integrate with a TACACS server. Cisco Documentation shows the following format to issue multiple roles from a TACACS/RADIUS server.: We are using Shrubbery TACPLUS, instead of the Cisco ACS software. Last week I noticed that only one role was assigned when multiples should […]
Three Traits of an Effective Network Engineer
Over the past few years, I’ve made some observations about the people I’ve worked and communicated with. Some of these people were colleagues, others acquaintances, and still others were simply bloggers that I look up to. I’m talking specifically of those people that are in my field of Network Engineering, and they all share a few traits in common. I’ve deemed a few of these traits to be important things to remember when trying to make yourself a better network engineer, and a better IT professional in general.Three Traits of an Effective Network Engineer
Over the past few years, I’ve made some observations about the people I’ve worked and communicated with. Some of these people were colleagues, others acquaintances, and still others were simply bloggers that I look up to. I’m talking specifically of those people that are in my field of Network Engineering, and they all share a few traits in common. I’ve deemed a few of these traits to be important things to remember when trying to make yourself a better network engineer, and a better IT professional in general.Low Memory Handling
Memory problems on routers is nothing new. It is generally less of a problem in current day, but is still seen from time to time. BGP is capable of handling large amount of routes and in comparison to other routing protocols, BGP can be a big memory hog. BGP peering devices, especially full internet peering […]
When should you advertise default route?
Never
There are two typical scenarios when people carry default route in dynamic routing protocol, I'll address these separately and explain why you shouldn't do it, and what you should do instead.
CE (eBGP) PE
This is probably the most common scenario, maybe you're giving your customer default route, maybe it's your own firewall or really any situation where neighbor won't carry full routing table and neighbor isn't strictly same administrative domain.
Problem with default route here is, that if your PE gets disconnected from core, you're still originating the default route and CE is unaware of this and you're blackholing customer traffic until BGP is manually shutdown. You could conditionally advertise default, but that is just useless overhead, instead of default you should advertise to CE any aggregate route which is originated from multiple core boxes, such as your PA aggregate, or really any stable route originated from multiple places, but not local PE.
Customer would just add this to their router:
# ios
ip route 0.0.0.0 0.0.0.0 192.0.2.0 name floating_default
# junos
route 0.0.0.0/0 {
qualified-next-hop 192.0.2.0 {
interface xe-0/0/0.0;
}
resolve;
Continue reading
DHCPv6 and SLAAC
Lately, I've been playing around with DHCPv6 and SLAAC on my home network.
When configuring IPv6 addresses on the network interfaces there are three ways of doing this. We can use Stateless address autoconfiguration (SLAAC), DHCPv6 (statefull) or we can configure the address manually. SLAAC is by far the easiest way to configure IPv6 addresses, simply because you don't have to configure any IPv6 address. The way it works is that the router on your network will advertise the IPv6 prefix (/64) using multicast (remember that with IPv6 there is no such thing as broadcast). The host will receive/request this prefix advertisement and will auto generate the last 64 bits to make a fully working IPv6 address. When auto generating the address the host will use it's mac address (which is 48 bits) and insert "ff:fe" in the middle of it. This is also known as EUI-64. One drawback of EUI-64 is that you're trackable on the Internet because the mac address will normally not change when using the same host (e.g. laptop, smartphone, tablet, etc..). To overcome this issue SLAAC has been extended with something called Privacy Extensions. When this is enabled the host part (last 64 Continue reading
IPv6 ACL bypass
IPv6 designers recognized that IPv4 header has several faults, these were addressed to a different degree. Particularly annoying was IPv4 options which caused TCP/UDP/ICMP data to shift, as it made IPv4 header length variable. IPv6 header is fixed length, there is 'next-header' option, which will instruct how to parse data after IP header. Typically 'next-header' would be TCP, UDP or ICMP, and rest of packet would be exactly like in IPv4 (apart from mandatory checksum in UDP).
Where the complexity (some might say design fault) is that 'next-header' could be any large number of more exotic extension header, each of which have 'next-header' field themselves. Standard does not specify any limitation how many headers you could have, so you need to be able to parse packet up-to MTU length. The final extension header typically would contain TCP/UDP/ICMP and normal IPv4 style packet would follow.
Unfortunately no practical router has MTU wide view to the packet, you have 64B, 128B or 256B view, after which you are completely unaware of the packet content, it's just bits in memory which you cannot process in any meaningful way. Your PC won't have same problem, it does not have specialized hardware to quickly forward Continue reading
Black Hat OSPF Vulnerabilities: Much Ado About Nothing
Imagine a group of researchers planning to speak at a conference regarding a previously undiscovered vulnerability present in most homes that would allow a thief to rob your home of its valuables with complete ease. You would probably be interested in hearing what they had to say so you could take the necessary precautions to protect your home.
Now imagine when they presented their findings, they went on to state that it was incredibly easy to do, so long as you left your front door open and also provided them with the security code for any alarm systems. You would probably find this implausible and simply the proliferation of fear, uncertainty, and doubt.
That's precisely what happened last week at the well-respected Black Hat security conference in Las Vegas when researchers from the Israel Institute of Technology and Advanced Defense Systems, Ltd. presented their findings of a serious vulnerability present in OSPF. So serious in fact, the researchers stated the only way to properly mitigate the threat, short of fixing the protocol, is to switch to another routing protocol such as RIP or IS-IS.
The researchers went on to present their research of two previously undiscovered methods Continue reading