Archive

Category Archives for "Networking"

Cisco UCS Port-Channeling

Cisco UCS offers a few policies that are applied globally to all equipment in a given UCS domain. These policies are found by selecting the “Equipment” node under the “equipment” tab. (You can also change on an individual chassis basis but the default behavior is for all chassis to inherit this global policy) This is specifically referring to the connectivity between the Fabric Interconnects and the Chassis FEX modules or I/O modules (IOM).

Powerless Words and Technology

I was introduced by a colleague and mentor a few years ago to the concept of powerless words. Words like “try”, “but”, and “maybe/might”, among others, seem to be our mind’s way of protecting itself against the unknown. After all, we’re only human, right? We can’t control what the world throws at us, right? I encourage you to read the article I linked to as well as this one, which the first article refers to.

RFC 3330 Filtering Using Network Objects

RFC3330 Special-User IPv4 Addresses

Below is a list of special use IPv4 address assigned by IANA and should be blocked inbound on external connections. Most security administrators block RFC1918 but do not realize that RFC3330 includes special use addresses that should not be traversing the internet. RFC3330 includes addresses referenced in multiple RFC's including RFC1918.

   Address Block             Present Use      
   --------------------------------------------------
   0.0.0.0/8            "This" Network              
   10.0.0.0/8           Private-Use Networks                  
   14.0.0.0/8           Public-Data Networks        
   24.0.0.0/8           Cable Television Networks                
   39.0.0.0/8           Reserved but subject to allocation                              
   127.0.0.0/8          Loopback                      
  Continue reading

Why We Want to Kill Spanning Tree

To say that Ethernet as a L2 protocol is well-known is an understatement - it’s in every PC network card, and every network closet. Back during the inception of Ethernet, the world needed an open, efficient, standardized method of communicating between nodes on a LAN. Widely regarded as the “mother of the Internet” for many reasons - not the least of which is the invention of the Spanning Tree Protocol - Radia Perlman equated the wide proliferation of Ethernet to the same events that have made English such as popular language on Earth.

[Code] UltimateUCSBuild

Name: UltimateUCSBuild.ps1 Author: Matthew Oswalt Created: 6/10/2013 Current Version: v0.2 (ALPHA) Revision Date: 6/18/2013 Description: –THIS SCRIPT IS VERY NEW, EXPECT FREQUENT CHANGES AND IMPROVEMENTS– A script that starts with a completely blank UCS system and configures it to completion. This version of the script is very non-modular and static, but that will change in future versions. My long-term vision for this script is to be simple, yet powerful. I want it to have the ability to provision lots of stuff very quickly, with minimal code changes.

Why We Want to Kill Spanning Tree

To say that Ethernet as a L2 protocol is well-known is an understatement - it’s in every PC network card, and every network closet. Back during the inception of Ethernet, the world needed an open, efficient, standardized method of communicating between nodes on a LAN. Widely regarded as the “mother of the Internet” for many reasons - not the least of which is the invention of the Spanning Tree Protocol - Radia Perlman equated the wide proliferation of Ethernet to the same events that have made English such as popular language on Earth.

[Code] UltimateUCSBuild

Name: UltimateUCSBuild.ps1 Author: Matthew Oswalt Created: 6/10/2013 Current Version: v0.2 (ALPHA) Revision Date: 6/18/2013 Description: –THIS SCRIPT IS VERY NEW, EXPECT FREQUENT CHANGES AND IMPROVEMENTS– A script that starts with a completely blank UCS system and configures it to completion. This version of the script is very non-modular and static, but that will change in future versions. My long-term vision for this script is to be simple, yet powerful. I want it to have the ability to provision lots of stuff very quickly, with minimal code changes.

DCI: Using FabricPath for Interconnecting Data Centers

Here's a topic that comes up more and more now that FabricPath is getting more exposure and people are getting more familiar with the technology: Can FabricPath be used to interconnecting data centers?

For a primer on FabricPath, see my pervious article Five Functional Facts about FabricPath
.

FabricPath has some characteristics that make it appealing for DCI. Namely, it extends Layer 2 domains while maintaining Layer 3 — ie, routing — semantics. End host MAC addresses are learned via a control plane, FP frames contain a Time To Live (TTL) field which purge looping packets from the network, and there are no such thing as blocked links — all links are forwarding and Equal Cost Multi-Pathing (ECMP) is used within the fabric. In addition, since FabricPath does not mandate a particular physical network topology, it can be used in spine/leaf architectures within the data center or point-to-point connections between data centers.

Sounds great. Now what are the caveats?

PQ Show 24 – Cisco OTV Deep Dive Part 1

New voices gather in the Packet Pushers virtual boardroom for a discussion of Cisco’s layer 2 extension technology, Overlay Transport Virtualization (OTV). Ethan Banks hosts a recording of about two hours worth of content about OTV; this show is the first hour. Joining Ethan are first-time guests Jamie Caesar, Colby Glass and Ken Matlock. Jamie, […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post PQ Show 24 – Cisco OTV Deep Dive Part 1 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Have Respect For The Work You Do

The other day I was called in to assist with issue that had been open for a few days. The primary reason for my involvement was to confirm network connectivity was permitted as required by a recently installed application. After an initial look, it was apparent that the application wasn’t even trying to access network […]

Author information

Paul Stewart

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With nearly 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems. Paul also writes technical content at PacketU.

The post Have Respect For The Work You Do appeared first on Packet Pushers Podcast and was written by Paul Stewart.

Are Forensics Tools the New IDS?

For the past few years, many people have been suggesting that the days of IDS (intrusion detection system) are numbered. When IDS was first launched, it was seen as an answer to a lot of network security problems: deep packet inspection with constant monitoring and alerts. However, one of the biggest problems with IDS is […]

Author information

Darragh Delaney

Technical Director at NetFort

Darragh Delaney is head of technical services at NetFort. As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service.

Darragh has extensive experience in the IT industry, having previously worked for O2 and Tyco. His User and Network Forensics blog. for Computer World focuses his experiences of network management and IT security in the real world. In his current role Darragh is regularly on site with network administrators and managers and this blog is a window into the real world of keeping networks running and data assets secure.

He shares network security and management best practices on the NetFort blog. Follow Darragh on Twitter @darraghdelaney and NetFort Technologies @netfort. You can also contact him Continue reading

Monitoring VRFs on IOS-XR

Lately I have been investigating how to monitor BGP peering session via SNMP instead of traps/syslog messages and I found out that this feature is not documented properly for IOS XR. Finally I managed to get it working, so I thought that it would be worth sharing with the community. In our example, we have […]

Author information

David Barroso

David Barroso

Networking Engineer focused mainly in the DataCenter. As an engineer at a large ISP he has to deal with large multitenant networks, DataCenter Interconnections, large MSTP regions, BGP and all that stuff that's scary to normal people.

Linkedin: http://www.linkedin.com/in/dbarrosop
Twitter: @dbarrosop

The post Monitoring VRFs on IOS-XR appeared first on Packet Pushers Podcast and was written by David Barroso.

Centec V330: My Kind of OpenFlow Switch

This is my third and probably last installment of an ongoing story about our quest for OpenFlow 1.0 capable switches with a specific requirement - the capability to modify L3 destination addresses. The background of why Sakura Internet needs such switches for the purpose of DDoS attack mitigation is explained in my first article, along with […]

Author information

Tamihiro Yuzawa

Tamihiro Yuzawa

Tamihiro Yuzawa is a network engineer at Sakura Internet, one of Japan's major data center service providers. Before he joined Sakura in 2007, he spent five years at a busy CRM service provider. Both companies have allowed him to stay mostly within the intersection of these circles, and he is pretty much determined to remain in a serious relationship with both Dev and Ops.

The post Centec V330: My Kind of OpenFlow Switch appeared first on Packet Pushers Podcast and was written by Tamihiro Yuzawa.

Adding Markdown support to your WordPress Blog

Continuning on this week's theme of Markdown, I'll be explaining how to add Markdown to your blog in 3 easy steps.

Step 1 - Install the WP-Markdown plugin

From your Wordpress dashboard, head over to the Plugins tab and click Add New. Search for "WP-Markdown" and install

Step 2 - Enable Markdown for specific pages

Once your plugin has been installed, head on down to Settings > Writing and scroll to the Markdown section pictured below.

Enable Markdown

Enable Markdown wherever you like, but I'd recommend pages and posts

WARNING: Enabling Markdown will affect your existing posts/pages. I noticed that while my posts didn't look any different on the outside, behind the scenes they were a mess and required a little trying up.

Step 3 - Try it out

Create a new post or page and practice your Markdown-Fu. Not sure where to start? Here's an example

# This is a first level heading

Here is some body text

## Second level of heading here
### And a Third
#### And so on and so forth

- Now some bullets
- Hopefully you are getting the hang of this now
- It's pretty easy

> Blockquotes are easy with Markdown  Continue reading

[Code] PowerTool: PowerOnUCSBlades

# InstallBFS.ps1 # # Very brief and informal PowerShell script to configure a Boot-From-SAN policy and attach it to the relevant service profile templates. Import-Module CiscoUcsPs Disconnect-Ucs Connect-Ucs 10.0.0.1 $organization = "SUBORG_01" #Add Boot Policies $bp = Add-UcsBootPolicy -Org $organization -Name "BFS-ESX-PROD" -EnforceVnicName yes $bp | Add-UcsLsBootVirtualMedia -Access "read-only" -Order "1" $bootstorage = $bp | Add-UcsLsbootStorage -ModifyPresent -Order "2" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "primary" -VnicName "ESX-PROD-A" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "secondary" -VnicName "ESX-PROD-B" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bp = Add-UcsBootPolicy -Org $organization -Name "BFS-ESX-NONP" -EnforceVnicName yes $bp | Add-UcsLsBootVirtualMedia -Access "read-only" -Order "1" $bootstorage = $bp | Add-UcsLsbootStorage -ModifyPresent -Order "2" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "primary" -VnicName "ESX-NONP-A" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "secondary" -VnicName "ESX-NONP-B" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bp = Add-UcsBootPolicy -Org $organization Continue reading

Cisco UCS ASCII Art

A while back I wrote about the problems with using some of the newer 3rd generation blade hardware from Cisco with older generations of the chassis FEX/IOM. Because of the way that the VIC and the chassis IOM interact, certain combinations yield different amounts of aggregate bandwidth, and certain combinations don’t work at all, as was evidenced in that post. As a reminder, here are the valid combinations (these are still accurate to my knowledge, but may change in a few weeks if any new tech is announced at Cisco Live) of FEX and blade VIC:

Cisco UCS ASCII Art

A while back I wrote about the problems with using some of the newer 3rd generation blade hardware from Cisco with older generations of the chassis FEX/IOM. Because of the way that the VIC and the chassis IOM interact, certain combinations yield different amounts of aggregate bandwidth, and certain combinations don’t work at all, as was evidenced in that post. As a reminder, here are the valid combinations (these are still accurate to my knowledge, but may change in a few weeks if any new tech is announced at Cisco Live) of FEX and blade VIC:

[Code] PowerTool: PowerOnUCSBlades

InstallBFS.ps1 # # Very brief and informal PowerShell script to configure a Boot-From-SAN policy and attach it to the relevant service profile templates. Import-Module CiscoUcsPs Disconnect-Ucs Connect-Ucs 10.0.0.1 $organization = "SUBORG_01" #Add Boot Policies $bp = Add-UcsBootPolicy -Org $organization -Name "BFS-ESX-PROD" -EnforceVnicName yes $bp | Add-UcsLsBootVirtualMedia -Access "read-only" -Order "1" $bootstorage = $bp | Add-UcsLsbootStorage -ModifyPresent -Order "2" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "primary" -VnicName "ESX-PROD-A" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "secondary" -VnicName "ESX-PROD-B" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bp = Add-UcsBootPolicy -Org $organization -Name "BFS-ESX-NONP" -EnforceVnicName yes $bp | Add-UcsLsBootVirtualMedia -Access "read-only" -Order "1" $bootstorage = $bp | Add-UcsLsbootStorage -ModifyPresent -Order "2" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "primary" -VnicName "ESX-NONP-A" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage = $bootstorage | Add-UcsLsbootSanImage -Type "secondary" -VnicName "ESX-NONP-B" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "primary" -Wwn "50:00:00:00:00:00:00:00" $bootsanimage | Add-UcsLsbootSanImagePath -Lun 0 -Type "secondary" -Wwn "50:00:00:00:00:00:00:00" $bp = Add-UcsBootPolicy -Org $organization -Name Continue reading