How long will it take to transfer a 100MB file over an IPSec tunnel running across a dedicated 100Mbps Ethernet link? 1 Second? Fail! 8s? You’re getting warmer. It’s almost 8.5s without the IPSec and over 9s with it. What’s the big deal with a 1s difference? Well, extrapolate that increase, let’s say it’s 13%, and […]
The post TCP Over IP Bandwidth Overhead appeared first on Packet Pushers Podcast and was written by Steven Iveson.
Greetings fair ladies and kind sirs, I present yet another episode of Healthy Paranoia. In this episode we examine the notoriously mad, bad and dangerous to know; pentest dropbox. Joining Mrs. Y are some poètes maudits of the security realm, including; Taylor Banks, Dan Tentler, Kyle Stone, Nick Lennox and Jay James. A dropbox or […]
The post Healthy Paranoia Show 17: How Do I Pwn Thee? appeared first on Packet Pushers Podcast and was written by Mrs. Y.
Packet Design will be exhibiting at Africa Com 2013, Nov 12-14 in Cape Town, South Africa.
Register to attend the event here:
http://africa.comworldseries.com/register/
VRFs are an excellent tool for maintaining segregated routing topologies for separate customers or services. I've previously covered inter-VRF routing using route targets, but what if we only want to export a subset of the routes within a VRF? Here's a scenario in which this would be desirable.
Customers A and B each have a site network and a colocation network, and both customers need access to the 192.168.0.0/24 network in the Services VRF. The customers must utilize unique IP space in order to prevent overlapping networks, so each customer has been allocated dedicated IP space from their common provider out o 10.0.0.0/8. Unfortunately, customer A is still has some networks within the 172.16.0.0/16. These networks need to access services in the host colo, but the service provider can't allow this space to be advertised into the Services VRF as it's not approved IP space.
Our goal is to export only the networks within the 10.0.0.0/8 space from the customer VRFs to the Services VRF. How can we accomplish this?
Let's have a look at the initial network state. (This lab was performed using a single router for Continue reading
Introduction End hosts inside of the enterprise or home can be connected to the IPv6 internet using LISP’s powerful encapsulation mechanisms. This article is structured in three sections exploring the utilization of LISP as means of IPv6 internet connectivity. The first section dives into IOS LISP IPv6 configuration and verification of the control-plane/data-plane. The use […]
The post Leveraging LISP for IPv6 internet connectivity appeared first on Packet Pushers Podcast and was written by Pablo Lucena.
The following network is configured with OSPF with all interfaces in area 0. Since this is a multi-access network, a Designated Router (DR) is elected which improves OSPF performance by reducing the amount of LSA flooding. R3 is the current DR, with R2 as the BDR. R4’s interface to SW1 has been configured as a passive interface to prevent an adjacency from forming and simulate R4 being a “new” router on the network. Wireshark is monitoring the link between R4 and SW1.
I won’t go into all the details regarding Wireshark output and the OSPF process. If you want a more detailed analysis, take a look at my previous blog article here. In this article, we’ll only be taking a closer look at what happens specifically in a multi-access environment.
Upon re-enabling R4’s interface for OSPF, we see R4 sends a Hello packet to the All OSPF Routers multicast address (224.0.0.5) and that no DR or BDR is listed. R4 is “new” to the network as far as OSPF is concerned, so it has no idea about the current topology.
R1, R2, and R3 all send Hello packets with the Continue reading
If every router in an enterprise environment was in a single OSPF area, at some point you’re going to encounter scalability issues due to any changes in the environment causing an SPF recalculation in all routers in that single area.
LSAs and their use within areas provide a mechanism for maximizing performance in OSPF by logically segmenting groups of contiguous links so that every router in the entire autonomous system does not have to have exact copies of the Link State Database (LSDB) and to reduce the amount of LSA flooding. SPF calculations are also isolated to each individual area rather than the entire environment. Different LSAs are used in different situations, and are treated differently depending on the type of OSPF area involved.
The following table represents the different LSA types, and was taken from the CCIE R&S OCG.
TYPE | NAME | DESCRIPTION |
1 | Router | One per router containing its RID and all interface IP addresses; also represents stub networks. |
2 | Network | One per transit network. Created by the DR and represents the subnet and router interfaces connected in the subnet. |
3 | Network Summary | Created by Area Border Routers (ABRs) to represent one area’s type 1 and Continue reading |
Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.
First you’ll have to configure the Cisco’s IP SLA. Using the DNS feature is much better than just ICMP. It will actually verify that the DNS server is responding to a specified query. In my example below I’m using a query for test001dns.me which is configured on the server as an A record. The DNS query is sent to a distinct IP address of the server 10.90.1.5. All local DNS server have two IP addresses: distinct and anycast. The anycast address is configured as a secondary IP (10.10.10.10) a numerous DNS servers throughout the enterprise.
Below is the IP SLA configuration using the DNS feature. It is configured on a LAN router.
ip sla 10 dns test001dns. Continue reading
How does the internet work - We know what is networking
All methods to mitigate IPv6 security issues Real life security intro I the process of configuring our corporate network test segment for IPv6 support there was direct demand to pay particular attention to security. In few weeks it was my mayor role to go trough all materials I could get in order to learn more […]
As people manage their careers, it is common sense that they need to stand above their peers if they want to outperform them from a career perspective. This is why you see people working 14- or 16-hour days. It’s become such common behavior that it is a central meme in just about every movie or […]
The post Make yourself a standout appeared first on Packet Pushers Podcast and was written by Michael Bushong.
How does the internet work - We know what is networking
Intro Multipath TCP is an extension of TCP that will soon be standardized by IETF. It is a succesful attempt to resolve major TCP shortcomings emerged from the change in the way we use our devices to communicate. There’s particularly the change in the way our new devices like iPhones and laptops are talking across network. All the devices […]
Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:
Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:
Switch#sh ip route 10.253.0.0 255.255.240.0
Routing entry for 10.253.0.0/20
Known via "ospf 1", distance 110, metric 0, type intra area
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1
This route will not be created on a non-ABR router, so watch Continue reading
In the midst of this series of posts around fast convergence, someone asked if I could explain p and q space a little better. The illustration here might help readers who have more of a visual mind to understand the concepts involved. (feel free to click through to a larger version) Essentially, we can think […]
First Wind Energy is searching for a Network Administrator who will be a key member of the IT team and report to the Director of IT. This position is based in Boston, MA. The Network Administrator is a hands-on technical position focusing on the support and maintenance of the network infrastructure and end user support […]
The post Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA appeared first on Packet Pushers Podcast and was written by Job Posting Service.
MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used application of MPLS is MPLS VPN. There are two flavors of MPLS VPN which is Layer 2 and Layer3 VPNs. Basically layer2 VPNs, service provider gives layer2 connectivity to the customer and PW established for each […]
The post INTER-AS VPNs PART -1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Apple releases an iOS update and the networks all across the world witness a spike of almost 100% in the average traffic that they receive. Apple delivers its content using Akamai, which allegedly handles 20% of world’s total web traffic. Akamai is thus in a unique position to provide a view of whats happening on the web, at any given instant in time. Akamai logs clearly show an over all increase in Internet traffic and the hotspots in Europe soon after Apple released its iOS7.
Most service providers saw Akami and Limelight traffic up by an average of 300-700% immediately after iOS7 was released.
Being an Android user myself, i found iOS7′s release with the massive increase in the Internet traffic reported all over the world quite insidious. Honestly, i was a trifle concerned with what iOS7 was internally doing to result this.
It turned out to be quite an anti-climax when i realized that the spurt in network traffic was just because of Apple devices upgrading to the newer iOS. The iOS7 upgrade for the phones is around 900MB, and that for the ipads is around 1.2GB. Given that there are quite Continue reading