Archive

Category Archives for "Networking"

More Snowden Media Douchebaggery

I previously wrote a post in response to an article that equated Snowden’s CEH certification to James Bond’s “license to kill.” Well, it looks like some technically-challenged media types are at it again. They’ve called Snowden “brilliant” for his ability to “impersonate” users on various systems in order to obtain certain documents and I felt […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post More Snowden Media Douchebaggery appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Securing a DMVPN spoke – Part 1

For organizations that have many remote offices a DMVPN solution is a great option. You can purchase a cheap DSL or cable modem based solution then establish a dynamically built encrypted tunnel back to the corporate office or Data Center(s). The hubs should be located in a DMZ behind a firewall at the Data Center […]

Author information

Charles Galler

Charles Galler

Charles is a network and UC engineer for a mainly Cisco reseller. He has worked in the networking industry for about 13 years. He started as a network administrator for a small CLEC (carrier) where he did it all in IT and worked on the carrier network. After the CLEC, Charles went to work for a large healthcare organization in the Houston area and stayed with them for about three and a half years. Now he works for a reseller in the professional services part of the organization. He is currently studying for his CCIE in Routing and Switching and plans on passing it before the end of 2014. You can find him on the Twitter @twidfeki.

The post Securing a DMVPN spoke – Part 1 appeared first on Packet Pushers Podcast and was written by Charles Galler.

You Don’t Have To Hit The Ball Out Of The Park To Hit A Home Run

When planning your career you need to make several path choices. A career direction, the right attitude, respect for co-workers are all easy. Some people forget that everyday work is part of taking a single step down that path, tomorrow you will take another couple of steps and again the day after. But some people […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post You Don’t Have To Hit The Ball Out Of The Park To Hit A Home Run appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Turning BIND DNS Management Into A Walk In The Park

DNS needs no introduction in today’s inter-networked, connected world. Though it could be a service the end-users are least aware of, it is one that the network administrator needs to keep an eye on and requires constant monitoring and management to ensure uptime and connectivity. It is DNS servers that help with resolving those easy-to-remember […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post Turning BIND DNS Management Into A Walk In The Park appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

The Battle for the Top of the Rack

The Battlefield between Sysadmin and Netadmin

The fight for control between sysadmin and network admin has been going on for decades but the boundary line had been pretty static. Anything that ran a full OS and was a end node was is a server is under server ops while anything that connected the servers together was a network device and was under the control of network operations.

If you look at the progression of the two side through the last two decades, you will realize that the server and server OS have gone through change after change with new software packaging system, virtualization, density of servers per rack, and so on while the networking technology has remained pretty static other than speed and feeds and some tagging protocols. While the server admin kept reinventing himself through open source, virtualization, six nine uptime, the network got split into three distinct category (forgive me Gartner for gross simplification):

  • The Datacenter Networking: The heavy lifting being done by the server ops and running applications and virtual machine the most critical need, the network admin tended to come in the way and exerted control via IP address and VLAN management. The network services which Continue reading

Video interview: Network Virtualization and VMware NSX

Video interview at VMworld 2013 on network virtualization, VMware NSX, and why it’s awesome: Summary New virtual network abstraction  Complete with switching, routing, security, load balancing, and more  Non disruptive, works on existing hardware  Deploy virtual networks like you deploy virtual machines  Realize the full potential of virtualization Cheers, Brad

Administrative Distance for Static Route is 1 or 0?

How does the internet work - We know what is networking

There are different documents and books which are claiming that Administrative distance for static routes configured using exit interface is 1 and for the static route configured using next-hop IP address Administrative distance is 0. R1(config)#ip route 20.0.0.0 255.255.255.0 10.10.2.1 R1(config)#ip route 20.0.0.0 255.255.255.0 fastEthernet 0/0 This is not true. Both of them are having AD […]

Administrative Distance for Static Route is 1 or 0?

Difference between defining static routes with next-hop address or exit interface

How does the internet work - We know what is networking

There were a bit of confusion in my head about this case. It was not clear to me what is the difference between setting the static route using next hop interface IP address or using exit interface syntax. It seems that both methods are the same and that you have basically two different ways to […]

Difference between defining static routes with next-hop address or exit interface

Why ‘your’ project was outsourced

It’s easy to get upset when that cool new project you wanted is outsourced to an external VAR. The conversation usually goes something like, “You know the existing network and services really well so we’re  going keep focused there. We’re going to engage ACME systems integrators for ‘project awesome’ and get them to give that […]

Author information

John Harrington

John is an experienced data center engineer with a background in mobile telecoms. He works as a network test engineer for a large cloud service provider, and is gradually accepting that he's a nerd. He blogs about network technology and careers at theNetworkSherpa.com. You can reach him on twitter at: @networksherpa

The post Why ‘your’ project was outsourced appeared first on Packet Pushers Podcast and was written by John Harrington.

Quiz #18 &#8211 Cisco vs. Juniper – Filtering ICMP between BGP Peers

Your company uses multi-vendor routing platforms (Cisco and Juniper) and has multiple sites connected via MPLS from a service provider. Each remote site has a GRE tunnel with the Headquarter (HQ) and a BGP session over this tunnel. After some security change in the network, sites that are Juniper-based behave differently than the Cisco-based ones, creating outage for the customer. What's wrong?

Cisco Nexus 7000 Proxy Routing


In my previous blog - Data Center Design Constraints, I mentioned some of the design caveats involving M and F series line cards in the same VDC or 7K chassis. In this blog, I'll talk about design considerations with classical ethernet on a 7K. For a deep dive, refer Design Considerations for Classical Ethernet Integration if the Cisco Nexus 7000 M1 and F1 Modules.

What prompted me to write this blog was a design whiteboard session with a customer to order the right line cards for the 7K switch. We know the F1 series line cards are strictly for Layer 2 functionality only. They do not perform Layer 3 routing functions, they cannot. The M series line cards perform Layer 3 routing. Consider a Nexus 7009 switch populated with F1 and M1 series line cards. Say servers A and B connect to the 7K. Server A and B belong to VLANs A and B respectively. If Server A needs to talk to Server B, the switch requires inter VLAN routing to route between VLANs A and B. Without the M series, or a separate router on a stick device, this is not possible, right?

If this were a Catalyst Continue reading

Balancing Complexity and Simplicity

I’ve been in tech for several years. Over time, I’ve configured things that I’m proud of and I’ve built things that I’m not so proud of. Most of the things that I’m less proud of involve unnecessary or unwarranted complexity that has created operational challenges. In some cases this was a result of a small […]

Author information

Paul Stewart

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With nearly 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems. Paul also writes technical content at PacketU.

The post Balancing Complexity and Simplicity appeared first on Packet Pushers Podcast and was written by Paul Stewart.

Show 159 – Finding a Way To Test It

A welcome return to the Packet Pushers of old where we get where we get a bunch of engineers around the table to generally poke sticks into a box of networking problems and laugh at the noises. Topics What VMware do with networking at VMworld Mentoring in the Day Job – how and what you do to […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Show 159 – Finding a Way To Test It appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Let Me Tell You…

In the last post in this series, I spent some time talking about the process of detecting a link failure (given down detection is always the more important issue in fast convergence); let’s continue by looking at notification. If a router discovers a down link, or a down neighbor, how does it tell all the […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

DCI with LISP for Cold Migrations

Let’s step back for a minute. So far in this series of blog posts on DCI, I’ve been focusing on extending the Layer 2 domain between data centers with the goal of supporting hot migrations — ie, moving a virtual machine between sites while it’s online and servicing users.

Is that the only objective with DCI?

Well if it was, there wouldn’t be a need for this blog post :-) Cold migrations have valid use cases too. Cold migrations occur when the virtual machine is shut down in one site and then booted in a new site. As part of that operation, typically an orchestration layer (such as VMware’s Site Recovery Manager) will poke and prod the VM to make it ready for operation in the new site. Most notably, it takes care of changing the VM’s IP address and default gateway.

Cold migrations do not have a requirement for the same IP subnet in both sites. This is because there’s no need to maintain active user sessions during the migration. Different IP subnets in the sites means no stretched Layer 2 which means no risk of combining failure domains!

What if that orchestration layer didn’t have to poke Continue reading

Healthy Paranoia Show 16: BSides DC Oktoberfest!

Willkommen, bienvenue, welcome!  Meine Damen und Herren, Mesdames et Messieurs, Ladies and Gentlemen. Introducing the latest installment in that grand epic known as Healthy Paranoia. Where the nerds are a little nerdier, and the evil bit is always set on your packets. In this episode, we help launch the very first Security Oktoberfest, aka BSides DC. […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Healthy Paranoia Show 16: BSides DC Oktoberfest! appeared first on Packet Pushers Podcast and was written by Mrs. Y.

Understanding OTV


I took notes while reading up on OTV documentation. If you don't want to read through the OTV IETF or related Cisco documentation, this can be a quick deep dive into what OTV is and how it functions. Hopefully I'll implement this in a real network sometime soon to share actual configs. 

Overlay Transport Virtualization (OTV)

OTV is a data center interconnect technology that routes mac based information by encapsulating mac addresses with IP addresses in an overlay transit network. As long as there is IP connectivity between two or more sites (DCs), OTV will function (ofcourse with the right hardware and configuration).

'MAC in IP' technique for supporting L2 VPNs over L2/L3 infrastructure. 
Routing and forwarding states are maintained at the network edge devices between sites, not within the site or core.
There is no need to extend STP across sites, and STP topologies can be local to each site.

Hardware Requirements:

As of March 2013, from here.

Cisco Nexus 7000
M1/M2 line cards
NX-OS 5.0(3) or later, 5.2(3) or 6.2(2) are Cisco recommendations
Transport Services License

Cisco ASR 1000
IOS XE 3.5 or later
Adv IP Srvcs / Adv Ent Srvcs license