ICMP Redirects Considered Harmful
One of my readers sent me an intriguing challenge based on the following design:
- He has a data center with two core switches (C1 and C2) and two Cisco Nexus edge switches (E1 and E2).
- He’s using static default routing from core to edge switches with HSRP on the edge switches.
- E1 is the active HSRP gateway connected to the primary WAN link.
The following picture shows the simplified network diagram:
I Quit: Where the Top Performers’ Cloning Machine Fails?
Sometime in July 2021: It was a quiet Friday afternoon when Tim finally got a chance to sit down and evaluate his first week as a team manager. Mostly grim. It was such an eye-opener and bitter more than sweet week. Not that he didn’t know the group of ten people he was asked to […]
The post I Quit: Where the Top Performers’ Cloning Machine Fails? appeared first on Packet Pushers.
Another year of the Transition to IPv6
There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.DNS OARC 37
There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.SD-WAN service-side MPLS VPN
This post goes through how to configure MPLS VPN on the service-side of a Cisco SD-WAN edge device, so the south-side towards non-SD-WAN devices. What I am trying to achieve is to advertise the differing SD-WAN VPN (VRF, why Cisco have to call these VPNs beats me) prefixes to a core switch (using a ASR in the lab) directly connected to the SD-WAN router. This could be accomplished using per-VRF interfaces (or sub-interfaces) and BGP peerings, but a neater solution is to pass all the routing information over one the BGP MPLS VPNv4 peering.
AX.25 over D-Star
Setting up AX.25 over 1200bps was easy enough. For 9600 I got kernel panics on the raspberry pi, so I wrote my own AX.25 stack.
But I also want to try to run AX.25 over D-Star. Why? Because then I can use radios not capable of 9600 AX.25, and because it’s fun.
It seems that radios (at least the two I’ve been working with) expose the D-Star data channel as a byte stream coming over a serial connection. Unlike working with a TNC you don’t have to talk KISS to turn the byte stream into packets, and vice versa.
IC9700 setup
The first hurdle to overcome, because we want to send binary data, is to escape the XON/XOFF flow control characters that the IC9700 mandates. Otherwise we won’t be able to send 0x13 or 0x11. Other bytes seem to go through just fine.
So I wrote a wrapper for that, taking /dev/ttyUSB1 on one
side, and turning it into (e.g.) /dev/pts/20 for use with
kissattach.
$ ./dsax /dev/ttyUSB1
/dev/pts/20
$ kissattach /dev/pts/20 radio
$ kissattach -p radio -c 2 # See below
Set Menu>Set>DV/DD Set>DV Data TX to Auto, for “automatic PTT”. As
Continue reading
How to Pass CCNP ENARSI – Exam Review
Cisco CCNP ENARSI Exam
It is the very version released for this exam, kind of replacing the Routing+TShoot exam of the old CCNP RS,
and it has the code of 300-410
CCNP ENARSI Exam Content & Topics
the exam generally has 4 modules to study and focus on, teaching you configuring and troubleshooting many protocols,
on the aspect of “routing, virtualization & security, IP services, and assurance”
Skills learned with ENARSI
Deep Dive Troubleshooting Mainly for:
- EIGRP
- OSPF
- BGP
- mGRE and IPSec (DMVPN)
Focus on for the CCNP ENARSI Exam
The carrier of this badge is expected to have a skills level for routing, security, and virtualization that is definitely higher than the level covered by the CCNP ENCOR exam, and near reaching the level of the CCIE Enterprise Infrastructure, so be careful by really LABBING every topic in the exam with all the possibilities and scenarios.
CCNP ENARSI Exam Nature & Type
The first and the current version of the exam has the code of 300-410.
even though that agenda barely have the word “describe” within its modules, and that most of the topics are to be configured
and troubleshooted, but just like ALL the new NON-LAB Continue reading
AWS Ride Along Blog & YouTube Series
So as many of you know, I decided in 2021 that in my “spare time” I was going to start learning more about AWS. Well that didn’t go so well… lol… so I decided to give myself a “goal” and... Read More ›
The post AWS Ride Along Blog & YouTube Series appeared first on Networking with FISH.
The 7 Requirements of Highly Effective Load Balancers
As Stephen R. Covey stated in his popular book, The 7 Habits of Highly Effective People, “True effectiveness requires balance.” VMware agrees. And when it comes to accelerating modern application delivery, true application effectiveness requires a modern load balancer. So, with a respectful nod to Stephen R. Covey, here are the seven requirements of highly effective load balancers.
- Be proactive with self-service. Move away from “create a ticket and wait” developer experiences to self-service, role-based access control for owners to provision, troubleshoot, and monitor their own apps.
- Begin with the end in mind with on-demand autoscaling. Automation drives great user experiences. Plan for peak usage times without causing overprovisioning and idle capacity.
- Put things first with a 100 percent software solution. The need to support on-premises data center and multi-cloud deployments means that enterprises need to choose applications that work consistently across different environments with a single point of orchestration.
- Think win-win with real-time insights and visibility into application traffic. A modern load balancer should collect real-time application telemetry and provide insights into each transaction and end-user patterns.
- Seek first to understand, then to be understood with security insights. App vulnerabilities stem from incorrect access control policies Continue reading
Real-time telemetry from a 5 stage Clos fabric
docker run --rm -it --privileged --network host --pid="host" \Run the above command to start Containerlab if you already have Docker installed; the ~/clab directory will be created to persist settings. Otherwise, Installation provides detailed instructions for a variety of platforms.
-v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
-v ~/clab:/home/clab -w /home/clab \
ghcr.io/srl-labs/clab bash
curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.ymlNext, download the topology file for the 5 stage Clos fabric shown at the top of this article.
containerlab deploy -t clos5.ymlFinally, deploy the topology.
Note: The 3 stage Clos topology, clos3.yml, described in the previous article is also available.The initial launch may take a couple of minutes as the container images are downloaded for the first time. Once the images are downloaded, the topology deploys in around 10 seconds.
What is CCNP ENARSI
What is CCNP ENARSI
What is ENARSI, one of the “Specialist” level exam and certificate belonging to the CCNP Enterprise domain, that was announced on June 9th – 2019.
it is the first version of the ENARSI exam that not only participates in the CCNP Enterprise certificate, but also once passed, it will grant the candidate a certificate called:
ENARSI and CCNP Enterprise
ENARSI was not the only exam announced from Cisco regarding CCNP Enterprise Specialty, an entire new domain of knowledge and hierarchy was there as well.
ENARSI might be your first and best choice if one of 2 cases:
- if you wish to go deep dive with routing protocols and services on enterprise level networks bases
- if you already know the old CCNP RS and you wish to refresh topics related to it
The other exams are “ENSDWI, ENSLD, ENWLSI, ENWLSD, and ENAUTO”
So as mentioned in previous blogs, the ENCOR + one of the exams mentioned above (could be the ENARSI)
will result in a CCNP Enterprise Certified
Is ENARSI Important?
It is actually very important not just to accomplish the nice, highly wanted, Continue reading
The Post-Quantum State: a taxonomy of challenges
At Cloudflare, we help to build a better Internet. In the face of quantum computers and their threat to cryptography, we want to provide protections for this future challenge. The only way that we can change the future is by analyzing and perusing the past. Only in the present, with the past in mind and the future in sight, can we categorize and unfold events. Predicting, understanding and anticipating quantum computers (with the opportunities and challenges they bring) is a daunting task. We can, though, create a taxonomy of these challenges, so the future can be better unrolled.
This is the first blog post in a post-quantum series, where we talk about our past, present and future “adventures in the Post-Quantum land”. We have written about previous post-quantum efforts at Cloudflare, but we think that here first we need to understand and categorize the problem by looking at what we have done and what lies ahead. So, welcome to our adventures!
A taxonomy of the challenges ahead that quantum computers and their threat to cryptography bring (for more information about it, read our other blog posts) could be a good way to approach this problem. This taxonomy should Continue reading
The quantum solace and spectre
Not only is the universe stranger than we think, but it is stranger than we can think of
— Werner Heisenberg
Even for a physicist as renowned as Heisenberg, the universe was strange. And it was strange because several phenomena could only be explained through the lens of quantum mechanics. This field changed the way we understood the world, challenged our imagination, and, since the Fifth Solvay Conference in 1927, has been integrated into every explanation of the physical world (it is, to this day, our best description of the inner workings of nature). Quantum mechanics created a rift: every physical phenomena (even the most micro and macro ones) stopped being explained only by classical physics and started to be explained by quantum mechanics. There is another world in which quantum mechanics has not yet created this rift: the realm of computers (note, though, that manufacturers have been affected by quantum effects for a long time). That is about to change.
In the 80s, several physicists (including, for example, Richard Feynman and Yuri Manin) asked themselves these questions: are there computers that can, with high accuracy and in a reasonable amount of time, simulate physics? And, specifically, can they Continue reading
Feedback: DMVPN Webinars
Some webinars on ipSpace.net are ancient (= more than a decade old). I’m refreshing some of them (the overhaul of Introduction to Virtualized Networking was completed earlier this month); others will stay as they are because the technology hasn’t changed in a long while, and it’s always nice to hear someone still finds them useful. This is a recent feedback I got on the DMVPN webinars:
As with any other webinar I have viewed on ipspace.net, this one provides the background as to why you may or may not want to do certain things and what impact that may have (positive or negative) on your network. Then it digs into the how of actually doing something. Brilliant content as always.
IPSpace.net is my go-to for deep dives on existing and emerging technologies in the networking industry. No unnecessary preamble. Gets straight to the point of why you are looking at a specific technology and explains the what and the why before getting into the how.
Data Center Network Automation has a Data Problem
When you’re planning your data center network automation strategies, think about how you’re going to establish a source of truth about your network.Localisation isn’t translation
If you only have your app in English then you’ll still be understood[1] by the new market whose official language isn’t English.
If you show farenheit (a word I can’t even spell), then 96% of the world cannot understand your app. At all.
For most of the west I would argue that translation doesn’t even matter at all, but you cannot have your app start your weeks on Sunday, you cannot show fahrenheit, or feet, or furlongs, or cubits or whatever US-only units exist. And you cannot use MM/DD/YY.
NONE of these things are tied to language. Most users of English don’t want any of this US-only failure to communicate.
[1] While most of the world doesn’t speak English fluently, they may know words. And they can look up words. You cannot “look up” understanding fahrenheit or US-only date formats.