Full Stack Journey 063: Protecting Your Time And Other Career Advice With Tracy Holmes
Today's Full Stack Journey podcast explores an IT career journey with guest Tracy Holmes. Tracy shares lessons she's learned on an IT voyage that includes engineering, data centers, and developer advocacy. Lessons include how to protect your time, why it's useful to say no sometimes, and the importance of learning how to learn.
The post Full Stack Journey 063: Protecting Your Time And Other Career Advice With Tracy Holmes appeared first on Packet Pushers.
Bgp bestpath as-path multipath-relax
Bgp bestpath as-path multipath-relax, why this BGP feature is used?. Let’s understand the case with the topology and I will tell you the real-life use case of the Bgp bestpath as-path multipath-relax feature.
In EBGP Multipath, we have two rules to satisfy the Multipathing requirements.
The number of AS has to be the same across the two paths and the AS number needs to be the same as well.
In the above topology, for the destination prefix, 192.168.0.0/24, we have two paths.
Both of the paths are 2 AS Path Lenght, AS 100, and AS200.
And both of the paths consist of the same ASes, AS 100 and AS 200.
Thus, on the above topology, if we enable EBGP Multipath feature it just works.
We will change the AS number in one of the paths in the below topology and EBGP Multipath will not work.
Let’s remember the rules again. 1: Number of AS Paths 2. AS number in the AS Paths has to be the same.
In the above figure, the number of AS in both of the paths is 2.
But AS numbers are different.
One of the paths: Continue reading
BGP Multipath
BGP Multipath – By default installs only a single path in IBGP and EBGP deployment.If prefixes are learned via multiple paths, BGP supports multipath for IBGP, EBGP, or across both IBGP and EBGP via EIBGP Multipath feature. In this blog post, we will explore each of these options: IBGP Multipath, EBGP Multipath, and EIBGP Multipath.
First of all, we should know that BGP Multipath feature should be enabled manually on the network device, unlike IGP protocols.
In IGP Protocols, when there is Multipath, commonly referred to as ECMP (Equal Cost Multipath), Routers install all next-hops for the destination prefixes, to the routing and forwarding table automatically, without manual human operation.
We have on the website, the most detailed , Design and Practial Hands-on BGP Training in the world.
Let’s start with the first EBGP Multipath:
Figure – EBGP Multipath
We have two rules for EBGP Multipath.
1. For the destination prefix, if there is more than one path, total number of AS – Autonomous System should be same across different paths
2. For the destination prefix, if there is more than one path, same AS numbers should be in the AS Path.
On the above figure, since from Continue reading
Feedback: Cisco ACI Webinars
Antonio Boj enjoyed the Cisco ACI webinars by Mario Rosi and sent me this feedback:
I just wanted to pass you my feedback about the documentation and content of the above webinars. Excellent content, very well organized.
My expectation is always high about your content because I’ve become used to it with other webinars you published. I always look for non-marketing content to understand the technology.
I don’t want to criticize vendors based on assumptions or personal agendas from interested people but evaluate whether or not it is the right path forward for the problem I want to solve, knowing the pros and cons. So again, both webinars about Cisco ACI have given me excellent visibility of the solution. Thank you very much!
Who won Super Bowl LVI? A look at Internet traffic during the big game
“It's ridiculous for a country to get all worked up about a game—except the Super Bowl, of course. Now that's important.”
- Andy Rooney, American radio and television writer
When the Super Bowl is on, there are more winners than just one of the teams playing, especially when we look at Internet trends. By now, everyone knows that the Los Angeles Rams won, but we also want to look at which Super Bowl advertisers were the biggest winners, and how traffic to food delivery services, social media and messaging apps, and sports and betting websites changed throughout the game.
We covered some of these questions during our Super Bowl live-tweeting on our Cloudflare Radar account. (Hint: follow us if you’re interested in Internet trends).
Cloudflare Radar uses a variety of sources to provide aggregate information about Internet traffic and attack trends. In this blog post, as we did last year, we use DNS name resolution data to estimate traffic to websites. We can’t see who visited the websites mentioned, or what anyone did on the websites, but DNS can give us an estimate of the interest generated by the ads or across a set of sites in Continue reading
Learn About the Threats Lurking in Your Linux-Based Multi-Cloud
78% of the most popular websites are powered by Linux, which means malware targeting Linux-based operating systems are attacking multi-cloud environments at an alarming rate. Threats such as ransomware, cryptomining components, and remote access tools (RATs) take advantage of weak authentication, vulnerabilities, and misconfigurations in container-based infrastructures. To support IT leaders and cybersecurity professionals in their transformation to top-tier ransomware and malware defense, VMware is proud to sponsor a 1-hour long live webcast on Exposing Threats Lurking in Your Linux-Based Multi-Cloud, on February 28th, at 2 pm ET, presented by SC Media.
In this exclusive partnership with CyberRisk Alliance, our subject matter researchers Giovanni Vigna, Sr. Director of Threat Intelligence, VMware, and Brian Baskin, Technical Lead, Threat Analysis Unit, VMware, explore:
- Existing characterization techniques and how to safeguard against sophisticated malware
- Ransomware and cryptominer power players that target Linux systems following cross-pollination and evolution
- How to fight back against these threats with a combination of approaches, policies, and mechanisms
The webinar is an extension of the recently released Exposing Linux-based Threats Lurking in Your Multi-Cloud threat report, which included in-depth research conducted by the VMware Threat Analysis Unit (TAU) on Continue reading
Network Break 369: Cisco SD-WAN Ramps Up Webex, Microsoft 365 Access; Pluribus Adds Virtual Packet Broker
Take a Network Break! This week we cover Cisco’s SD-WAN getting users to cloud services such as Webex and Microsoft 365 faster; as well as new capabilities in Pluribus’s Netvisor network OS including container visibility, a virtual packet broker, and flow tracking. Contamination at chip fabs affects flash memory production, plans are afoot for a... Read more »Network Break 369: Cisco SD-WAN Ramps Up Webex, Microsoft 365 Access; Pluribus Adds Virtual Packet Broker
Take a Network Break! This week we cover Cisco’s SD-WAN getting users to cloud services such as Webex and Microsoft 365 faster; as well as new capabilities in Pluribus’s Netvisor network OS including container visibility, a virtual packet broker, and flow tracking. Contamination at chip fabs affects flash memory production, plans are afoot for a […]
The post Network Break 369: Cisco SD-WAN Ramps Up Webex, Microsoft 365 Access; Pluribus Adds Virtual Packet Broker appeared first on Packet Pushers.
UDP vs TCP for real-time streaming telemetry
Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region, "This congestion immediately impacted the availability of real-time monitoring data for our internal operations teams, which impaired their ability to find the source of congestion and resolve it." December 10th, 2021
The data in these charts was created using Mininet to simulate packet loss in a simple network. If you are interested in replicating these results, Multipass describes how to run Mininet on your laptop.
sudo mn --link tc,loss=5
For example, the above command simulates a simple network consisting of two hosts connected by a switch. A packet loss rate of 5% is configured for each link.
Simple Python scripts running on the simulated hosts were used to simulate transfer of network telemetry.
#! Continue reading
EIGRP Stub
EIGRP Stub – It is actually one of the EIGRP Scalability features but also it helps many other things in EIGRP. Also, in this post, we will share a topology that will be used to explain some design caveats with EIGRP design.
Before we explain the EIGRP Stub, let me explain some EIGRP convergence behaviors.
If you are looking for much more detail on EIGRP Design and Practical Labs, have a look at our EIGRP Training.
When the EIGRP node loses the Connection to the prefixes. If there is no feasible successor installed in the EIGRP topology database.
The router is marked as active and the EIGRP query is sent to every neighbor.
In the above topology, Router D doesn’t know the 192.168.0.0/24 network. Router C sends a summary 192.168.0.0/16. That’s why it replies without asking Router E.
Router B has an alternate path, thus, Router B replies immediately.
Router J doesn’t have any EIGRP neighbors. It replies to the Query immediately.
Router G doesn’t know the 192.168.0.0/24 network. Router F filters the 192.168.0.0/24.
That’s why Router G replies without asking Router H.
So, as you can see, Continue reading
ABR vs ASBR in OSPF
ABR vs ASBR in OSPF. If you are new to Network Engineering and you are learning Dynamic Routing Protocol from scratch, you want to understand the differences between ABR vs ASBR and if there are similarities you would like to learn those too. In this post, we will learn both similarities and differences.
Let’s first understand both of these terms. ABR is purely an OSPF terminology, but ASBR is not. In fact, the detailed post about ASBR and the usage of ASBR in Different Places of Networking is explained in our What is ASBR Blog post.
ABR – Area Border Router is a device which is connecting two different OSPF Areas. One of those OSPF areas has to be Area 0, which is also known as Backbone Area.
In the above topology, R3 is an ABR, connecting Area 0 and Area 1, R4 is an ABR as well, connecting Area 0 and Area 2.
R1 is referred to as Internal Backbone Roter as it doesn’t have any other connection than Area 0, Backbone Area.
In this topology, there is also an ASBR – Autonomous System Boundary Router. It is called ASBR because on that router external prefixes are injected Continue reading
Packet Forwarding 101: Header Lookups
Whenever someone asks me about LISP, I answer, “it’s a nice idea, but cache-based forwarding never worked well.” Oldtimers familiar with the spectacular failures of fast switching and various incarnations of flow switching usually need no further explanation. Unfortunately, that lore is quickly dying out, so let’s start with the fundamentals: how does packet forwarding work?
Packet forwarding used by bridges and routers (or Layer-2/3 switches if you believe in marketing terminology) is just a particular case of statistical multiplexing – a mechanism where many communication streams share the network resources by slicing the data into packets that are sent across the network. The packets are usually forwarded independently; every one of them must contain enough information to be propagated by each intermediate device it encounters on its way across the network.
Considering a Managed SASE? Be Sure to Look Under the Hood
Enterprise interest in SASE is exploding. The benefits of bringing together networking and security services into a single solution delivered from the cloud are too appealing to pass up. However, not all SASE is created equal. In this article, Palo Alto Networks’ Kumar Ramachandran shares what to look for when evaluating managed SASE solutions.An Eight-Step Plan to Updating Your Network Disaster Recovery Plan
Disaster recovery for the modern global enterprise: How to minimize the impact of cable cuts, criminal activity, and acts of God.What is MPLS used for?
What is MPLS used for?. A very common question among IT Engineers. What are the common use cases of MPLS – Multi-Protocol Label Switching?
When it is first invented, 20+ years ago, it was considered one of the most scalable ways of doing VPNs. Faster packet processing could be achieved compared to IP destination-based routing because the IP address was 32 bits long but the Labels are just 20 bits long.
But, quickly after the first invention purpose, MPLS VPNs became the most dominant reason for Networks to deploy MPLS – Multiprotocol Label Switching technology.
It supported Ethernet over MPLS – EoMPLS, which is known as Point to Point Layer 2 MPLS VPN, and then soon after VPLS, which is Virtual Private Lan Service, vendors started to support.
VPLS is any to any, or also known as many to many technologies. It means you can connect. your multiple sites in Layer 2 and extend IP subnet by using VPLS technology. It works based on a full mesh of Pseudowires.
After Pseuodowire based Layer 2 VPNs, MPLS actual boom happened with MPLS Layer 3 VPNs.
With MPLS Layer 3 VPN, which is also known as Peer-to-Peer VPN, MPLS CE, Continue reading
2022 Top 10 Cyber Security Certifications
Before Starting Cyber Security
Cyber Security, sometimes you might find it as Cyber Operations, CyberOps, is the branch of Network Security that focuses on attacks, from the internet or from the inside of the network, gaps, bugs, look for them before they get used, fix them, and look again.
so the engineers continue to keep looking and fixing, as the internet is always evolving and generating more threats.
How to Study Cyber Security
generally, the domain of security (Information Security, Cyber Security) has nowadays hundreds of certifications and exams from many different vendors.
some are involved in the industry of making security devices/components, others are there just to teach us and make us the best engineers in the domain.
and mostly, cyber stuff comes from companies that focuses on creating the content/references more.
rather than information security exams and books that comes from vendors that produces platforms (Firewalls, IPS, IDS, NGFW, NGIPS, ESA, WSA, and many others).
so as a beginner, up to higher than an expert, many exams should be studied.
of course alongside with some other general/networking exams that you might already hold before studying the cyber security, and these exams will be mentioned below.
Top 10 Cyber Continue reading
CCNP ENCOR vs ENARSI
CCNP ENCOR vs ENARSI
is it even related?, or should I ask “comparable?”
yes it is both actually, and in this blog we will review both of the exams, talk about the agenda, which one should be taken before the other, and result of both of them.
Relation between CCNP ENCOR vs ENARSI
both the exam belongs to the certificate of Cisco CCNP Enterprise, and taking each individually will grant you A Certificate!
- Cisco Certified Specialist – Enterprise Core
- Cisco Certified Specialist – Enterprise Advanced Routing and Service
so it is a win-win scenario, but still the question is which one should i take first, and that will be followed below
Difference between CCNP ENCOR vs ENARSI Agenda
ENCOR first, generally a Technology Core exam, focusing on 7 domains of knowledge:
- Architecture
- Virtualization (Device, Path, and Network Virtualization)
- Infrastructure (Switching, Routing, and IP Service)
- Assurance
- Security
- WLAN
- Automation
and NO DEEP DIVE in any of these!!!
while for ENARSI:
- Virtualization (Path Virtualization)
- Infrastructure (Routing and IP Services)
- Security
and that’s it!,
- no Architecture
- in Virtualization no Device nor Network Virtualization, and for the path Virtualization it is different than ENCOR.
- as in the ENCOR you Continue reading