Hardware hacking isn’t a topic most network engineers are familiar with—but we always used to say that if I can get access to the console of a router, I can eventually get into the box. The same is largely true of all kinds of computing hardware, including laptops, compute nodes connected to a data center fabric, and, again, routers and switches. In this episode of the Hedge, Federico Lucifredi joins Tom Ammon and Russ White to discuss the many options hardware hackers have today.
In the latest episode of IPv6 Buzz, we tackle the first listener questions of the year (well, really left over from the end of 2021 but still good ones!). Those questions cover topics including Unique Local Addressing (ULA) and SD-WAN, NAT66, IPv6 prefix delegation, and more.
The post IPv6 Buzz 092: Listener Questions – NAT66, Stable IPv6 Prefix Delegation And More! appeared first on Packet Pushers.
Cisco already supports industry standard sFlow telemetry across a range of products and the recent IOS-XR Release 7.5.1 extends support to Cisco ASR 9000 Series Routers.
Note: The ASR 9000 series routers also support Cisco Netflow. Rapidly detecting large flows, sFlow vs. NetFlow/IPFIX describes why you should choose sFlow if you are interested in real-time monitoring and control applications.
The following commands configure an ASR 9000 series router to sample packets at 1-in-20,000 and stream telemetry to an sFlow analyzer (192.127.0.1) on UDP port 6343.
flow exporter-map SF-EXP-MAP-1
version sflow v5
!
packet-length 1468
transport udp 6343
source GigabitEthernet0/0/0/1
destination 192.127.0.1
dfbit set
!
Configure the sFlow analyzer address in an exporter-map.
flow monitor-map SF-MON-MAP
record sflow
sflow options
extended-router
extended-gateway
if-counters polling-interval 300
input ifindex physical
output ifindex physical
!
exporter SF-EXP-MAP-1
!
Configure sFlow options in a monitor-map.
sampler-map SF-SAMP-MAP
random 1 out-of 20000
!
Define the sampling rate in a sampler-map.
interface GigabitEthernet0/0/0/3
flow datalinkframesection monitor-map SF-MON-MAP sampler SF-SAMP-MAP ingress
Enable sFlow on each interface for complete visibilty into network traffic.
The diagram shows the general architecture of an sFlow monitoring deployment. All the switches stream sFlow telemetry to a central sFlow analyzer for network Continue reading
MPLS is such a user-friendly technology it needs a special label that does nothing.
Normally, the penultimate router in the LSP removes (pops) the top transport label, so that the egress LSR will deal either with the …
The post Tier 1 Carriers Performance Report: December, 2021 appeared first on Noction.
The holiday season is near. This means you will have to attend dinner parties. And, of course, conversations are the best way to have fun at most events.
When you interact with people at a dinner party, you can talk about various things. For example, you may want to discuss your hobbies, interests, and much more.
However, there are some topics that you should avoid. Here are the worst topics to discuss at a dinner party.
During dinner parties, you are not banned from making jokes. However, you should avoid controversial topics at all costs. Humor is harmless and good only if it’s not very sarcastic.
Besides that, you may decide to joke about another person that is not at the event. Well, we suggest you do not. That is because the individual you’re talking to may know that person. Additionally, it is not good etiquette to talk behind someone’s back.
Yes, we understand that at a dinner party eating is mainly the point. But of course, you should never tell someone to eat more. This is, of course, unless you’re the host.
A person may have eaten less as Continue reading
A few months ago I stumbled on a tweet pointing out a kind of [SFP optic](https://en.wikiped
I’m a little late in posting this, but I thought I’d put it out here anyway. Tomorrow I’m teaching through a three-hour webinar, How the Internet Really Works part 2. From the session description—
This training will provide short reviews of many of these systems and a deeper look at the many tools network engineers can use to discover the information they need to navigate through the DNS and routing systems on the global Internet. This training will be arranged as a set of case studies posing a problem, and then working through tools available to gather the information needed to understand the problem.
In this post, we look at the various access point specific configurations that are pushed to a fabric-enabled WLC.
In this post, we look at how an Access Point is onboarded in a SD-Access fabric.
In this post, we look at how a 9800-CL WLC is integrated into a SD-Access fabric.
If you’ve got “Create Content” as a 2022 goal but aren’t sure how to start, consider the Packet Pushers’ Community blog or our Human Infrastructure newsletter. We welcome articles from folks in networking and IT who have ideas to share or the inclination to write, but don’t have the interest in setting up their own […]
The post Want To Create Content? Consider The Packet Pushers’ Community Blog And Newsletter appeared first on Packet Pushers.
With the world at our fingertips via a simple Google search, it can sometimes be tough to figure out what’s fact and what’s fiction. Whether you’re an expert, novice, or beginner in the tech world, time should be spent putting capabilities and terms into action – rather than trying to piece them together and understand them like a Sudoku puzzle. That’s why we’re going to debunk six major East-West security myths for you – so you can get back to the good stuff.
Busted. East-West security does all of the fancy stuff mentioned, with one very important difference: it moves laterally through the network perimeter. This is a key understanding, since East-West security operates on the premise that threat factors will eventually find a way through next-generation firewalls – which means all internal network traffic is vulnerable.
Busted. While it’s important to have North-South security in place (filtering the traffic that is exiting and entering the network), it cannot protect the network on its own Continue reading