OAM LFM: Part 2 – Junos implementation
This post covers: - OAM implementation on Junos - Default value of OAM LFM parameter (in relation with the Part 1) - Configuration / understanding: Neighbor discovery phase - Configuration / understanding: Remote loopback operation - Configuration / understanding:...OAM LFM: Part 2 – Junos implementation
This post covers: - OAM implementation on Junos - Default value of OAM LFM parameter (in relation with the Part 1) - Configuration / understanding: Neighbor discovery phase - Configuration / understanding: Remote loopback operation - Configuration / understanding:...Nexus load intervals
This is a interesting but a trivial post. Everybody know about the interface command “load-interval” that changes the time period over which the interface packet-rate and throughput statistics are averaged. I discovered an addition to this command on the Nexus the other day while poking around. NX-OS allows multiple counter intervals to be configured on […]
OAM LFM: Part 1 – The theory
1/ Some terms, before: OAM for Operations Administration and Maintenance LFM for Link Fault Management EFM for Ethernet in the First Mile 2/ Introduction: OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so...OAM LFM: Part 1 – The theory
1/ Some terms, before: OAM for Operations Administration and Maintenance LFM for Link Fault Management EFM for Ethernet in the First Mile 2/ Introduction: OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so...
Logging – Levels
There are 8 different logging levels. Enabling higher level messages enables all lower level messages. EX: enabling Debugging level 7 enables all messages.
Level Level Name Description Syslog Definition
0 Emergencies The system is unusable LOG_EMERG
1 Alerts Immediate action is needed LOG_ALERT
2 Critical Critical condition LOG_CRIT
3 Errors Error condition LOG_ERR
4 Warnings Warning Condition LOG_WARNING
5 Continue reading
Stream Ciphers Examples
Here is a list of some of the more common Stream Ciphers
SEAL (Software Encryption Algorithm)
RC4
DES and 3DES leveraging OFB (Output Feedback) or CFB (Cipher Feedback)
Block Ciphers Examples
Here is a list of some of the more common Block Ciphers
Blowfish
RSA
DES and 3DES leveraging ECB (Electronic Code Block) or CBC (Cipher Block Chaining)
AES
IDEA
Skipjack
SAFER (Secure and Fast Encryption Routine)
Cisco Nexus 7000 upgrade to 8Gb
When upgrading a Nexus 7000 to NX-OS version 5.2 (using more than 1 VDC) or to NX-OS v6+, Cisco claims the need to upgrade the system memory to 8Gb. Note I have run on v5.2 using only 4Gb per SUP using 2 VDCs and it has worked just fine, but I should mention that the […]
Symmetric and Asymmetric Algorithms – Basic Differences
Symmetric uses only one key for both encryption and decryption. Sender and receiver share the same shared secret to transfer data securely. Algorithms include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Also referred to as "secret key" encryption.
DES - 56bit keys
3DES - 112bit and 168bit keys
AES - 128bit, 192bit, and 256bit keys
IDEA (International Data Encryption Alogrithm) - 128bit keys
RC2 - 40bit and 64bit keys
RC4 - 1bit to 256bit keys
RC5 - 0bit to 2040bit keys
RC6 - 128bit, 192bit, and 256bit keys
Blowfish - 32bit to 448bit keys
Asymmetric uses one key for encryption and another key for decryption referred to as public key infrastructure encryption. Key lengths generally ranging from 512 to 4096bits.
Example of asymmetric encryption RSA,EIGamal, Eliptical Curves, and Diffie Hellman
Symmetric and Asymmetric Algorithms – Basic Differences
Symmetric uses only one key for both encryption and decryption. Sender and receiver share the same shared secret to transfer data securely. Algorithms include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Also referred to as "secret key" encryption.
DES - 56bit keys
3DES - 112bit and 168bit keys
AES - 128bit, 192bit, and 256bit keys
IDEA (International Data Encryption Alogrithm) - 128bit keys
RC2 - 40bit and 64bit keys
RC4 - 1bit to 256bit keys
RC5 - 0bit to 2040bit keys
RC6 - 128bit, 192bit, and 256bit keys
Blowfish - 32bit to 448bit keys
Asymmetric uses one key for encryption and another key for decryption referred to as public key infrastructure encryption. Key lengths generally ranging from 512 to 4096bits.
Example of asymmetric encryption RSA,EIGamal, Eliptical Curves, and Diffie Hellman
Net-SNMP and snmpd Coexistence on OpenBSD
Although it would be awesome to ditch Net-SNMP altogether now that the base OpenBSD SNMP daemon has support for all of the OpenBSD-related MIBS (CARP, PF, kernel sensors), reality is that Net-SNMP still offers some features that are needed. OpenBSD doesn't have any SNMP tools (snmpwalk, snmpset, etc) so these are still required from Net-SNMP. There's also some unique features in the Net-SNMP daemon that are still useful if you want to do things like monitor BIND9 or Postfix statistics.
Here's how to run both at the same time and leverage snmpd for the OpenBSD-related MIBs and the Net-SNMP daemon for its ability to retrieve data from scripts and extend itself using loadable modules and smux sub-agents.
Switching from Net-SNMP to snmpd for CARP, PF and Sensor Monitoring
Update: For help running both snmpds at the same time, see Net-SNMP and snmpd Coexistence on OpenBSD
Now that OPENBSD-CARP-MIB and OPENBSD-PF-MIB have been added to the base snmpd in OpenBSD (CARP-MIB will be in 5.1-release, PF-MIB in 5.2, and the SENSOR MIB has been there since 4.5), I wanted to document the differences between these MIBs and the corresponding implementation of the MIBs that I wrote for Net-SNMP.
Both implementations provide the same set of OIDs and allow the same data to be retrieved. Whatever you were querying via Net-SNMP is available via snmpd.
What has changed is the base OID where the CARP and PF MIBs are rooted at as well as the name of certain OIDs.
Netapp CNA Link Redundancy with a Single Nexus Switch
I ran into a configuration recently where I had a Netapp storage array with the UTA cards installed, so there two CNA ports on each filer for a total of 4 ports. However, instead of a dual-switch design, there was only a single Nexus 5000, and therefore, no vPC configuration. I needed to achieve some level of redundancy on an interface level, but ran into some problems which I’ll discuss.Netapp CNA Link Redundancy with a Single Nexus Switch
I ran into a configuration recently where I had a Netapp storage array with the UTA cards installed, so there two CNA ports on each filer for a total of 4 ports. However, instead of a dual-switch design, there was only a single Nexus 5000, and therefore, no vPC configuration. I needed to achieve some level of redundancy on an interface level, but ran into some problems which I’ll discuss.Using VASI to exchange IGP routes between VRF’s
I attended the packet pushers party on Friday 17th and managed to have some of my questions answered during what was a great show. My current project is to provide L3 services into one of our sites where the incumbent … Continue reading
My certification journey (J-Net)
This blog has also been published to the Juniper J-Net community portal
In 2005, when I was 18 years old, I finished high school I already knew what I wanted to do. I wanted to start a career in IT! The only thing I didn’t know was in what direction I wanted to go. So, I did a little bit of everything. The first important decision I took was to only finish high school and start working without going to university. I figured that, with enough dedication and focus, 4-5 years of work experience added with the right technical certifications would get me further in the IT world than a degree would get me. After 6 years I think I can say that it definitely worked for me!
Servers and Programming
I started with passing exams and getting my MCSE on Windows 2003. I had a few small companies where I was managing all IT systems. The largest one was my dad’s company where I was managing 4 servers, 10 workstation and 20 mobile devices (yes even in 2006 we had a custom developed Windows Mobile 5 application and all engineers were carrying smartphones). I was co-developing the custom Continue reading