Rapid Spanning Tree and PortFast
PortFast is a feature enabled on switchports, specifically 'edge' ports that reduces convergence time by transitioning to forwarding state quickly bypassing 30 seconds of listening and learning. When you connect an end device like a PC, server, phone etc, the switchport almost instantly starts forwarding frames.
PortFast also suppresses TCN BPDUs (Topology Change Notification Bridge Protocol Data Units). However, it sends BPDUs and actively participates in the STP topology mechanism.
Why would one want an edge port to send BPDUs? Well, if you 'accidentally' connect a switch (managed or unmanaged) to an edge port configured with PortFast, that switch needs to know it is connected to a switch.
If this port were to receive a BPDU, it would lose its PortFast status and transition to a normal STP port. This could be dangerous. You would want to block this port and prevent a loop from occurring.
In order to accomplish the above, PortFast must be configured in conjunction with BPDUGuard. If a port configured with PortFast BPDUGuard receives a BPDU, it disables the port. The switchport moves into error-disabled state. And you need to manually shut and no shut the port to bring it back up, although Continue reading
The VAR-y good upsides to being a consultant!
Earlier today Ethan Banks wrote a really good blog posts about “Thoughts on Working as a Consultant for a VAR“. I found his point of view quite interesting and I will say I can understand his points. I can also say that I would rather be a consultant than a full time engineer at a customer site. As a little bit of background I have spent most of my career working as a consultant. I did do a two year stint as network operations manager for a wireless ISP which itself was quite fast paced, but other than that Ive work as a consultant in one form or another.
Maybe I have ADD, maybe I just need to focus, but I have found that constantly having different projects going allows me to satisfy these tendencies. I feel I work better with more than one thing to occupy my time. I see friends who work for enterprise customers who spend their days submitting change requests that third party support companies fulfil, or spend months writing detailed design guides for projects that inevitably get canceled and all that time is spent without getting to touch the things they got into this Continue reading
My First Junos Switch: Detailed Review After Three Days Under The Covers
Background This post is the story of my first practical look at Junos on Juniper EX-series switches. One day last December, Skeeve Stevens from eintellego opened a can of worms by offering a deal on Juniper equipment to all network engineers on the AusNOG mailing list. I had been looking for an excuse to try […]
Author information
The post My First Junos Switch: Detailed Review After Three Days Under The Covers appeared first on Packet Pushers Podcast and was written by Paul Gear.
Thoughts On Working As A Consultant For A VAR
One of the questions I’m frequently asked via e-mail is how to get started in networking and/or whether or not a particular job change is a good idea. Those are always hard questions to answer intelligently because everyone’s individual situation is different. In addition, everyone’s personality is different. Different jobs work for different people. It […]
Author information
The post Thoughts On Working As A Consultant For A VAR appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Healthy Paranoia Show 10: Beware the Shmoo
Darkness falls across the land, The hacker hour is close at hand. Creatures crawl in search of 0-days To terrorize your enterprise. And whosoever shall be found, Without the soul for clamping down, Must stand and face the nerds of hell, And rot inside a clear text shell. The foulest stench is in the air, […]
Author information
The post Healthy Paranoia Show 10: Beware the Shmoo appeared first on Packet Pushers Podcast and was written by Mrs. Y.
A /64 On Every Link? Are You Crazy?
I’ve had some great conversations lately with a lot of folks on the topic of IPv6 prefix length in a variety of applications, specifically one very good discussion on just about anything IPv6 between me, the kind folks over at The Class-C Block and Tom Hollingworth (aka The Networking Nerd). For many folks that are considering the impact of going dual-stack in their environments, the idea of using a /64 on all links is still a point of contention.Assigning IPv6 Prefixes for Customers
Now we arrive at the question of how much address space to allocate for…anyone. You may be a service provider, you may be a business, you may be a home user. Today, this question is quite easy to solve. If you’re a business-class customer, you ask your ISP for a block of addresses, and based off of your need (or ability to justify the need), you’ll be allocated some addresses. For many small-to-medium businesses, this can be as small as 8, or even 4 addresses.Assigning IPv6 Prefixes for Customers
Now we arrive at the question of how much address space to allocate for…anyone. You may be a service provider, you may be a business, you may be a home user. Today, this question is quite easy to solve. If you’re a business-class customer, you ask your ISP for a block of addresses, and based off of your need (or ability to justify the need), you’ll be allocated some addresses. For many small-to-medium businesses, this can be as small as 8, or even 4 addresses.A /64 On Every Link? Are You Crazy?
I’ve had some great conversations lately with a lot of folks on the topic of IPv6 prefix length in a variety of applications, specifically one very good discussion on just about anything IPv6 between me, the kind folks over at The Class-C Block and Tom Hollingworth (aka The Networking Nerd). For many folks that are considering the impact of going dual-stack in their environments, the idea of using a /64 on all links is still a point of contention.How to Study Better
How to study better Exams are a stressful thing to study for—even to the most organised students. Most students are afraid of pulling in a goose egg instead of an A and so they talk themselves out of doing well before they even see the exam. But they don’t really have to; studying in a […]
The post How to Study Better appeared first on Roger Perkin - Networking Articles.
Show 137 – Gartner Is Not For Sale with @Aneel Lakhani
Summary Packet Pushers co-hosts Ethan Banks & Greg Ferro chat with Aneel Lakhani, a research director at Gartner about his job. Aneel provides an insider perspective on how the research & analysis business works. More Info Analyst firm research offerings seem to cynical network engineers like bought-and-paid-for shill pieces whose conclusions follow the money back to its […]
Author information
The post Show 137 – Gartner Is Not For Sale with @Aneel Lakhani appeared first on Packet Pushers Podcast and was written by Ethan Banks.
NetCitadel and Software Defined Security
It’s been an exciting couple of weeks in the security realm, with a number of innovative startups appearing. That’s refreshing because recently most “innovation” in the security space has been something involving a new way of marketing a signature or reputation based system – and that’s just a bit rubbish, and not a little tiresome. Most […]
Author information
The post NetCitadel and Software Defined Security appeared first on Packet Pushers Podcast and was written by Neil Anderson.
Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking
The buzzword in the industry of late is DevOps. It is one that I hope isn’t tarnished by the marketing machine where buzzwords go to die. DevOps is the shift in the paradigm of network and infrastructure management. Centralized infrastructure that is transparent to the administrator and end-user, IaaS, cloud – whatever you want to […]
Author information
The post Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking appeared first on Packet Pushers Podcast and was written by Anthony Burke.
Uplink Fast
Uplink Fast
___________
Cisco enhanced the original 802.1D specification with features such as Uplink Fast to speed up the convergence time of a bridged network.
The drawback is that these mechanisms are proprietary and need additional configuration. The UplinkFast feature is a Cisco proprietary technique that reduces the recovery time further down to the order f 1 sec
Normal Scenerio without Uplink fast
————————————
Assume SW1 = Root Bridge
SW3 = access switch with one of its uplinks in blocking mode
Uplink from SW3 to SW2 via port A is primary and SW3 to SW2 via port B is redundant uplink
SW1——————- SW2
– -
– -
– -
– -
-SW3-
suppose uplink SW3 to SW1 fails,port A goes down immediatly.SW3 consider now link to SW2 as its still receiving BPDUs from root,but to get the link to forwrding state ,it will take 30 sec(learning and listening stage) Port B reaches forwarding state after 30 sec qnd network connectivity is established.
Scenerio with Uplink fast
—————————
Note: 1) The switch has only two uplinks.
2) The switch has more than two uplinks, but the STP parameters are set in such way, that Continue reading
What I’ve Been Doing Lately
Beside Cisco and my MBA, I work as managing director for a non-profit organization GEM Foundation that I founded last year along with other Indonesian professionals.
Our focus is to help preparing Indonesian students and young professionals, as the next generation leaders for my country, to be prepared for the global competition.
Our activity includes regular biweekly Webex session by experienced professionals and entrepreneurs, mostly live outside the country, to share their knowledge, wisdom, experience, tips and tricks in finding a job, getting a job, or creating a job.
In average 70-80 students and young professionals attended our session.
We always try to meet the students in person in order to provide inspiration and opportunity to have face-to-face and open discussion. Last year I met more than 400 students and professionals during my visit to 4 universities in Indonesia.
My activity won me spot in national news. But I didn't bother.
Early this month I went to one technical high school and couple of universities in one Indonesian city called Malang, to do something similar like last year. I was given honor to give keynote speech in the annual event arranged by the alumni of the high school.
I Continue reading
CCDE Group Study by INE
Over the weekend I attended the CCDE group study sponsored by INE in Chicago. Discussion and material were let by Petr Lapukhov and Brian McGahan. I’m very excited to see high level networking event in my hometown. We had about 15-20 people in the class. This was my first exposure to CCDE so it was a lot of information absorbing. The test is composed of 4 scenarios. You have about 8 hours to pass the computerized test. Just like in other written Cisco certifications, you can’t go back once you answer the question. The test seems to be based on mastering the design’s information extraction from pages and pages of information. Most of the technology focus is on MPLS, routing, QoS and some security.
In the group study we went through Cisco’s CCDE practice demo (https://learningnetwork.cisco.com/docs/DOC-2438). I thought the discussion was very interested, especially from people that have been studying for the test. If you take it and want to look at the solution you can find it at http://www.shafagh.net/2012/08/ccde-demomystery-solved.html. Next we went through INE’s CCDE practice scenarios written by Petr and Brian.
Mainly, I wanted to post some very interesting documents that Continue reading
Quiz #9 – BGP peering over a Cisco ASA
Your company has 2 offices that are interconnected via a firewall (Cisco ASA) as shown below. You received the task to configure a BGP session between the border routers but something does not go according to plans.
PBR – Policy-based Routing configuration example
How does the internet work - We know what is networking
Policy-Based Routing Configuration Here we will show different examples for configure specific PBR types: Enabling PBR on the Router Fast-Switched PBR Local PBR CEF-Switched PBR Enabling PBR This command will define that the router will use PBR and that the PBR will use route-map named TEST. R1(config)# route-map TEST permit 10 Defines a route map […]
Show 136: Avaya – Considerations for Turning your Network into an Ethernet Fabric – Sponsored
We’ve done a few shows now on Ethernet Fabrics where we have been getting deep into the different technology options and different vendor implementations. Avaya has sponsored this show where we actually interview customers who were early adopters of fabric-based and talk about what drove these customers to implement a network fabric, how they went […]
Author information
The post Show 136: Avaya – Considerations for Turning your Network into an Ethernet Fabric – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Network behind an IPSec VPN peer
In this lab, I tried to simulate an environment where there are two customers, each connected to their respective ISP. Now, in real world, this might not be the best way things are done, but this lab is for the sake of understanding how VPNs deal with networks behind a VPN peer.
PE: Provider Edge equipment
CPE: Customer Premise equipment
Following is the network diagram. CPE1 and CPE2 are customer edge routers. PE1 and PE2 are respective ISP provider edge routers. Each router connects to another over a /30 point to point link. Each router has a loopback (Lo0) with an IP address in the 192.168.0.0/16 range as shown.
CPE1 has a site to site VPN tunnel to PE1.
PE1 has two site to site VPN tunnels, one to CPE1 and another to PE2.
PE2 has two site to site VPN tunnels, one to PE1 and another to CPE2.
CPE2 has a site to site VPN tunnel to PE2.
I had a problem with VPN Hairpinning and wanted to build a lab to find possible solutions. I started off building the lab and after bringing up VPNs, I realized I built the lab wrong. Notice how Continue reading