Archive

Category Archives for "Networking"

TCP Over IP Bandwidth Overhead

How long will it take to transfer a 100MB file over an IPSec tunnel running across a dedicated 100Mbps Ethernet link? 1 Second? Fail! 8s? You’re getting warmer. It’s almost 8.5s without the IPSec and over 9s with it. What’s the big deal with a 1s difference? Well, extrapolate that increase, let’s say it’s 13%, and […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post TCP Over IP Bandwidth Overhead appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Healthy Paranoia Show 17: How Do I Pwn Thee?

Greetings fair ladies and kind sirs, I present yet another episode of Healthy Paranoia. In this episode we examine the notoriously mad, bad and dangerous to know; pentest dropbox. Joining Mrs. Y are some poètes maudits of the security realm, including; Taylor Banks, Dan Tentler, Kyle Stone, Nick Lennox and Jay James. A  dropbox or […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Healthy Paranoia Show 17: How Do I Pwn Thee? appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Seven reasons VMware NSX, Cisco UCS and Nexus are orders of magnitude more awesome together

Note: This article was originally written for and published at the VMware Network Virtualization Blog. The following is a verbatim re-post of the original content. “VMware NSX, Cisco UCS and Cisco Nexus, TOGETHER solve many of the most pressing issues at the intersection of networking and virtualization.” Executive Summary VMware NSX brings industry-leading network virtualization capabilities to […]

VRF Export Maps

VRFs are an excellent tool for maintaining segregated routing topologies for separate customers or services. I've previously covered inter-VRF routing using route targets, but what if we only want to export a subset of the routes within a VRF? Here's a scenario in which this would be desirable.

topology1.png

Customers A and B each have a site network and a colocation network, and both customers need access to the 192.168.0.0/24 network in the Services VRF. The customers must utilize unique IP space in order to prevent overlapping networks, so each customer has been allocated dedicated IP space from their common provider out o 10.0.0.0/8. Unfortunately, customer A is still has some networks within the 172.16.0.0/16. These networks need to access services in the host colo, but the service provider can't allow this space to be advertised into the Services VRF as it's not approved IP space.

Our goal is to export only the networks within the 10.0.0.0/8 space from the customer VRFs to the Services VRF. How can we accomplish this?

Let's have a look at the initial network state. (This lab was performed using a single router for Continue reading

Leveraging LISP for IPv6 internet connectivity

Introduction End hosts inside of the enterprise or home can be connected to the IPv6 internet using LISP’s powerful encapsulation mechanisms. This article is structured in three sections exploring the utilization of LISP as means of IPv6 internet connectivity. The first section dives into IOS LISP IPv6 configuration and verification of the control-plane/data-plane. The use […]

Author information

Pablo Lucena

Pablo Lucena

The post Leveraging LISP for IPv6 internet connectivity appeared first on Packet Pushers Podcast and was written by Pablo Lucena.

Exploring OSPF Messages in a Multi-access Network

 

The following network is configured with OSPF with all interfaces in area 0.  Since this is a multi-access network, a Designated Router (DR) is elected which improves OSPF performance by reducing the amount of LSA flooding. R3 is the current DR, with R2 as the BDR.  R4’s interface to SW1 has been configured as a passive interface to prevent an adjacency from forming and simulate R4 being a “new” router on the network.  Wireshark is monitoring the link between R4 and SW1.

image

I won’t go into all the details regarding Wireshark output and the OSPF process.  If you want a more detailed analysis, take a look at my previous blog article here.  In this article, we’ll only be taking a closer look at what happens specifically in a multi-access environment.

Upon re-enabling R4’s interface for OSPF, we see R4 sends a Hello packet to the All OSPF Routers multicast address (224.0.0.5) and that no DR or BDR is listed.  R4 is “new” to the network as far as OSPF is concerned, so it has no idea about the current topology.

image

R1, R2, and R3 all send Hello packets with the Continue reading

OSPF Link State Advertisements (LSAs) and Areas – Part I

If every router in an enterprise environment was in a single OSPF area, at some point you’re going to encounter scalability issues due to any changes in the environment causing an SPF recalculation in all routers in that single area.

LSAs and their use within areas provide a mechanism for maximizing performance in OSPF by logically segmenting groups of contiguous links so that every router in the entire autonomous system does not have to have exact copies of the Link State Database (LSDB) and to reduce the amount of LSA flooding.  SPF calculations are also isolated to each individual area rather than the entire environment.  Different LSAs are used in different situations, and are treated differently depending on the type of OSPF area involved.

The following table represents the different LSA types, and was taken from the CCIE R&S OCG.

TYPE NAME DESCRIPTION
1 Router One per router containing its RID and all interface IP addresses; also represents stub networks.
2 Network One per transit network.  Created by the DR and represents the subnet and router interfaces connected in the subnet.
3 Network Summary Created by Area Border Routers (ABRs) to represent one area’s type 1 and Continue reading

Anycast DNS with IP SLA DNS

Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.

First you’ll have to configure the Cisco’s IP SLA. Using the DNS feature is much better than just ICMP. It will actually verify that the DNS server is responding to a specified query. In my example below I’m using a query for test001dns.me which is configured on the server as an A record. The DNS query is sent to a distinct IP address of the server 10.90.1.5. All local DNS server have two IP addresses: distinct and anycast. The anycast address is configured as a secondary IP (10.10.10.10) a numerous DNS servers throughout the enterprise.

Anycast DNS

Below is the IP SLA configuration using the DNS feature. It is configured on a LAN router.

ip sla 10
 dns test001dns. Continue reading

Make yourself a standout

As people manage their careers, it is common sense that they need to stand above their peers if they want to outperform them from a career perspective. This is why you see people working 14- or 16-hour days. It’s become such common behavior that it is a central meme in just about every movie or […]

Author information

The post Make yourself a standout appeared first on Packet Pushers Podcast and was written by Michael Bushong.

Nuage Networks at Network Field Day 6

Nuage is tackling the “rapid provisioning” problem when it comes to networking. How can we convince customers or LoB owners to not push everything up to AWS, when the provisioning mechanisms behind a private solution are not nearly as good? The ultimate goal is to have the network immediately ready upon instantiating a workload, physical or virtual. The key focus we heard about is that an SDN solution must provide this policy automation framework across virtual AND non-virtual workloads.

Nuage Networks at Network Field Day 6

Nuage is tackling the “rapid provisioning” problem when it comes to networking. How can we convince customers or LoB owners to not push everything up to AWS, when the provisioning mechanisms behind a private solution are not nearly as good? The ultimate goal is to have the network immediately ready upon instantiating a workload, physical or virtual. The key focus we heard about is that an SDN solution must provide this policy automation framework across virtual AND non-virtual workloads.

MPTCP – Multipath TCP

How does the internet work - We know what is networking

Intro Multipath TCP is an extension of TCP that will soon be standardized by IETF. It is a succesful attempt to resolve major TCP shortcomings emerged from the change in the way we use our devices to communicate. There’s particularly the change in the way our new devices like iPhones and laptops are talking across network. All the devices […]

MPTCP – Multipath TCP

OSPF Summary Routes and BGP

Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:

  • Does the routing table know the exact route you’re trying to advertise into BGP?
  • Is any route filtering being performed? Don’t forget to check at the source of the BGP route and the destination it’s being advertised to!
  • Is soft-reconfiguration supported on the software you’re running?
  • Will you need to do a “clear ip bgp neighbor”? Seems IOS 12.4 doesn’t require it but 12.2 does. I tested 12.4 on GNS3, and 12.2 on a live 6500.

Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:

Switch#sh ip route 10.253.0.0 255.255.240.0 
Routing entry for 10.253.0.0/20
Known via "ospf 1", distance 110, metric 0, type intra area
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1

This route will not be created on a non-ABR router, so watch Continue reading

Mind Your Q’s and P’s

In the midst of this series of posts around fast convergence, someone asked if I could explain p and q space a little better. The illustration here might help readers who have more of a visual mind to understand the concepts involved. (feel free to click through to a larger version) Essentially, we can think […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA

First Wind Energy is searching for a Network Administrator who will be a key member of the IT team and report to the Director of IT. This position is based in Boston, MA. The Network Administrator is a hands-on technical position focusing on the support and maintenance of the network infrastructure and end user support […]

Author information

Job Posting Service

This post is a paid service of Packet Pushers Interactive, LLC. Contact [email protected] if you'd like to post your job opportunity here and reach thousands of network engineers.

The post Job Opening – Network Administrator at First Wind Energy, Boston, MA, USA appeared first on Packet Pushers Podcast and was written by Job Posting Service.

INTER-AS VPNs PART -1

MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used application of MPLS is MPLS VPN.  There are two flavors of MPLS VPN which is Layer 2 and Layer3 VPNs. Basically layer2 VPNs, service provider gives layer2 connectivity to the customer  and PW established for each […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post INTER-AS VPNs PART -1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Valuing IP Addresses

In the emerging IP address broker world it seems that one of the most widely cited address transactions was that of a US bankruptcy proceedings in 2011, where Microsoft successfully tendered $7.5M to purchase a block of 666,624 addresses from the liquidators of Nortel, which is equivalent to a price of $11.25 per address. Was that a "fair" price for IP addresses then, and is it a "fair" price now?

iOS7′s impact on networks worldwide

Apple releases an iOS update and the networks all across the world witness a spike of almost 100% in the average traffic that they receive. Apple delivers its content using Akamai, which allegedly handles 20% of world’s total web traffic. Akamai is thus in a unique position to provide a view of whats happening on the web, at any given instant in time. Akamai logs clearly show an over all increase in Internet traffic and the hotspots in Europe soon after Apple released its iOS7.

Akamai

Akamai showing traffic hotspot in Europe

Most service providers saw Akami and Limelight traffic up by an average of 300-700% immediately after iOS7 was released.

Being an Android user myself, i found iOS7′s release with the massive increase in the Internet traffic reported all over the world quite insidious. Honestly, i was a trifle concerned with what iOS7 was internally doing to result this.

It turned out to be quite an anti-climax when i realized that the spurt in network traffic was just because of Apple devices upgrading to the newer iOS. The iOS7 upgrade for the phones is around 900MB, and that for the ipads is around 1.2GB. Given that there are quite Continue reading