Archive

Category Archives for "Networking"

Selecting Shapes by Layer

Selecting shapes and connectors one-by-one in Visio can be tedious, especially when working with large or repetitive drawings. If you've been drawing for a while, you've probably gotten the hang of selecting just the right subset of shapes using the rectangular select tool, and employing the control key to add or remove any outliers as desired. This can be time-consuming though, especially when you want to pick out just a few connectors from a jumble of criss-crossing lines.

Here's a trick to try next time you find yourself excessively control-clicking: Identify each logical group of shapes or connectors that you'll likely want to tweak, and bundle them up into to their own layer. You can then use Visio's "select by layer" option to grab them all at once later. Take the drawing below, for instance.

drawing1.png

Continue reading · 6 comments

Migrating from WordPress to Pelican on PaaS – Part 3

The final installment in this three part series. This covers installing Dokku and publishing your pelican blog to you new Docker-powere mini-Heroku.

Part 3: Publishing to PaaS with Dokku

The Plan

If you haven't read Part 1 or Part 2 yet, this should give you some background as to what I'm doing, why I'm doing it and how I built it. In this installment I'll focuse on the publishing side of things.

Hosting

My former blog was hosted on a Linode 1024 VPS, which had a healthy 1GB RAM. I've been very happy with Linode and would recommend them to anybody who needs hosting, but for the convenience of having prebuild Ubuntu images with Dokku installed, I opted to host my blog with DigitalOcean. They have a full tutorial on their website that makes this very easy to set up.

One of the big benefits of using a static site generator is that the memory requirement is a lot less than Apache+PHP or Nginx+PHP. I'm hosting my site now on a $5/month VM from DigitalOcean which is a $15/month saving on my Wordpress site.

Before publishing...

Once you have your Dokku installation set up, you can push your application to Continue reading

JunOS and ARP Glean

I'm using Cisco vocabulary 'glean' here as I don't know better word for it. Glean is any IPv4 packet which is going to connected host which is not resolved. It is NOT an ARP packet, so ARP policers won't help you. They are punted, since you need to generate ARP packet and try to resolve them.

In 7600 we can use 'mls rate-limit unicast cef glean 200 50' to limit how many packets per second are punted to control-plane for glean purposes. How can we limit this in JunOS? As far as I can see, there is no way. But I remember testing this attack and was unable to break MX80, so why didn't it break?

First let's check what does connected network look like

[email protected]> show route forwarding-table destination 62.236.255.179/32 table default Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 62.236.255.0/24 intf 0 rslv 828 1 xe-0/0/0.42

Ok, fair enough. Type 'rslv', which we can guess means packet is punted to control-plane for resolving ARP. Let's try to ping some address rapidly which does not resolve and check what it looks like

[email protected]> show Continue reading

Comware: Port Link-mode Bridge vs Port Link-mode Route

Some HP L3 Switches Comware based, brings the concept of “switchports” as Bridge and Route mode.

The Bridge mode (port link-mode bridge) works the same way that any other access Switches.

When using Route mode (port link-mode route) the port is converted into a layer 3 interface, which need an IP address.  All STP messages will be ignored.

Example

#
interface GigabitEthernet4/0/1
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-type access
port access vlan 2
#

Regards

Secret CEF Attributes, Part 4

In Parts 1, Part 2 and Part 3 we saw we can use the CEF table to express all sorts of different QoS policies. In Part 4 we describe how to attach a policy to the packet that will follow it around the network. Like many policies (security, shaping, etc.) it’s best to classify the […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Secret CEF Attributes, Part 4 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality

Ladies and gentleman, unicorns of all ages, get ready for the greatest podcast on earth, Healthy Paranoia. Where the email is always encrypted and the firewalls are ever stateful. On this episode, we’ll be discussing Net Neutrality. Joining us is Sherry Lichtenberg, Principal for Telecommunications at the National Regulatory Research Institute; Andrew Gallo, network architect […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
TwitterLinkedIn

The post Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality appeared first on Packet Pushers Podcast and was written by Mrs. Y.

ONS2014 Announces Finalists for SDN Idol 2014

Today the Open Networking Summit announced the five finalists for the SDN Idol 2014 competition:
Real-time SDN Analytics for DDoS mitigation is an example of a performance aware SDN controller that combines sFlow and OpenFlow for the visibility and control needed to build self optimizing networks that automatically adapt to changing traffic conditions. A number of other use cases were outlined by Brocade at the recent OpenDaylight Summit - see Flow-aware Real-time SDN Analytics (FRSA)

There are interesting links with other finalists:
  • OpenDaylight Hydrogen The Brocade is a Platinum member of the OpenDaylight project, and the Brocade/InMon DDoS mitigation solution employs OpenDaylight Hydrogen as an OpenFlow controller. Like Brocade, many of the OpenDaylight project members also support sFlow in their networking equipment, including: Brocade, Cisco, IBM, Juniper, NEC, A10 Networks, Arista, Dell, HP, Huawei, Intel, and ZTE. One might expect to see other vendors start to build traffic aware solutions on OpenDaylight in the coming months.
  • HP SDN App Store and Open SDN Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear.  The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms.  The response to this piece was phenomenal […]

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

JunOS ‘L3 incompletes’, what and why?

There is quite often chatter about L3 incompletes, and it seems there are lot of opinions what they are. Maybe some of these opinions are based on some particular counter bug in some release. Juniper has introduced also toggle to allow stopping the counter from working. It seems very silly to use this toggle, as it is really one of the few ways you can gather information about broken packets via SNMP.

What they (at least) are not

  • Unknown unicast
  • CDP
  • BPDU
  • Packet from connected host which does not ARP
  • Packet from unconfigured VLAN

What they (at least) are

  • IP header checksum error
  • IP header error (impossibly small IHL, IP version 3, etc)
  • IP header size does not match packet size

Troubleshooting

So if you are seeing them, what can you do? As it is aggregate counter for many different issues, how do you actually know which one is it and is there way to figure out who is sending them? Luckily for Trio based platforms answers and highly encouraging, we have very good tools to troubleshoot the issue.

To figure out what they exactly are, first you need to figure out your internal IFD index (not snmp ifindex)

im@ruuter> Continue reading

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Coffee Break – Show 3 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Configuration Backups for F5

As an administrator of network devices, keeping full backups is important for being able to recover from hardware failure. With F5 devices, backups come in the form of UCS files which is an archive that contains all configurations and SSL certificates. With a UCS file, you can take a replacement device, upload a UCS file […]

Author information

Eric Flores

Eric Flores

Eric is a senior network engineer for a major real estate company. He has seven years in the field and has a passion for anything related to technology. Find him on Twitter @nerdoftech.
TwitterLinkedIn

The post Configuration Backups for F5 appeared first on Packet Pushers Podcast and was written by Eric Flores.

1 3,347 3,348 3,349 3,350 3,351 3,432