IS-IS Routing Ptrotocol
IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS.
Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks.
IS-IS Routing Protocol in Networking
IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol.
IS-IS TLV Codes – Specified in RFC 1195
You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs.
1. IPv6 Address Family support (RFC 2308)
2. Multi-Topology support (RFC 5120)
3. MPLS Traffic Engineering (RFC 3316)
IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF.
IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID.
IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS.
IS-IS doesn’t require an IP address for the neighborship.
Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA
This article originally appeared on Packet Pushers Ignition on January 12, 2021. In broad terms, the SolarWinds attack is a standard (though well-executed) supply-chain compromise that breaches a trusted source of software, hardware, or services to gain entry into an organization’s internal infrastructure. Once inside, it spreads to other systems, installs additional tools, compromises user […]
The post Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA appeared first on Packet Pushers.
Rust Reading and Writing JSON
In this post, I will show you how to read and write JSON data with Rust using the wonderful serde library. Software The following software was used in this post. Rust - 1.59.0 serde - 1.0.136 serde_derive - 1.0.136 serde_json - 1.0.79 Dependencies Add the following libraries to the...continue reading
OSPF Configuration – A sample template on multi-vendor routers
There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router’s manufacturer.
We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper’s JunOS operation systems.
OSPF on Cisco IOS-XE
With ios-xe we start configuring OSPF by mentioning the numerical value of the:
OSPF Process ID
And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco.
Does it have to be matched on both the peering ends?, the answer is NO
Does it affect some priorities in some OSPF election processes?, the answer is also NO
Is it that mandatory?, well based on that “OS” it is, but it is not a general OSPF concept?
As it is missing with the other vendors!!
That makes the first line of configuration look like this:
OERouter1(config)#router OSPF [Process ID]
i.e. “OERouter1(config)#router ospf 10
OSPF Network Advertisement
the later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks.
these networks Continue reading
Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video
This lesson walks through how to use a Python script to send alerts via text messages using Twilio. Course files and code samples for this and the other lessons are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. […]
The post Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video appeared first on Packet Pushers.
OSPF Protocol Basic Overview
What is OSPF
Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols.
done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms.
In this article, we will review the basics and specs of this protocol, and see its own unique features.
OSPF Neighbor States
As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of 244.0.0.5 seeking any possible other OSPF routers in the area.
This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template.
Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default).
An OSPF neighbor process will start by:
-
Init:
- at the moment of confirmation that a bidirectional multicast hello has initiated
-
2-Way:
- communication from the 2 parts has successfully occurred
-
ExStart:
BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video
Melchior Aelmans of Juniper Networks explains what TCP/AO (RFC5925) is to Packet Pushers podcast host Ethan Banks. Then we get a Junos-based demo of TCP/AO in action authenticating a BGP session as an alternative to MD5. https://packetpushers.net https://datatracker.ietf.org/doc/html/rfc5925 Tweets by MelchiorAelmans About You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]
The post BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video appeared first on Packet Pushers.
Worth Reading: New Linux Command Line Tools
Julia Evans published a long list of new(ish) Linux command line tools. For example, did you ever want to have directory listing in nicely formatted JSON? How about ls -l | jc --ls | jq .?
Quite a few of these tools also work on Mac and can be installed with HomeBrew. Some are written in a scripting language, so you could (in theory) also use them on Windows (without WSL).
Worth Reading: New Linux Command Line Tools
Julia Evans published a long list of new(ish) Linux command line tools. For example, did you ever want to have directory listing in nicely formatted JSON? How about ls -l | jc --ls | jq .?
Quite a few of these tools also work on Mac and can be installed with HomeBrew. Some are written in a scripting language, so you could (in theory) also use them on Windows (without WSL).
Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored)
Today's Heavy Networking, sponsored by Juniper, dives into the custom vs. merchant silicon debate. Juniper makes the case for its Trio 6 ASIC in MX routers. We get into the specifics of Trio 6 capabilities, examine the needs of the multi-service edge, and discuss the technology and business cases for custom hardware.
The post Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored) appeared first on Packet Pushers.
Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored)
Today's Heavy Networking, sponsored by Juniper, dives into the custom vs. merchant silicon debate. Juniper makes the case for its Trio 6 ASIC in MX routers. We get into the specifics of Trio 6 capabilities, examine the needs of the multi-service edge, and discuss the technology and business cases for custom hardware.In Defense of Subscriptions
It’s not hard to see the world has moved away from discrete software releases to a model that favors recurring periodic revenue. Gone are the days of a bi-yearly office suite offering or a tentpole version of an operating system that might gain some features down the road. Instead we now pay a yearly fee to use the program or application and in return we get lots of new things on a somewhat stilted cadence.
There are a lot of things to decry about software subscription models. I’m not a huge fan of the way that popular features are put behind subscription tiers that practically force you to buy the highest, most expensive one because of one or two things you need that can only be found there. It’s a callback to the way that cable companies put their most popular channels together in separate packages to raise the amount you’re paying per month.
I’m also not a fan of the way that the subscription model is a huge driver for profits for investors. If your favorite software program doesn’t have a subscription model just yet you’d better hope they never take a big investment. Because those investors are hungry Continue reading
Cloud Engineering For The Network Pro: Part 6 – VPNs And Routes – Video
Michael Levan reviews different VPN options to connect to applications and services in Azure and AWS. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus selected videos from our events. It’s sort of like our podcasts, […]
The post Cloud Engineering For The Network Pro: Part 6 – VPNs And Routes – Video appeared first on Packet Pushers.
The Future of Innovation: How 5G Is Pushing Drone Technology Forward
The ultra-reliable, ultra-low-latency, and high-bandwidth communication links afforded by 5G networks offers a way to support safe and innovative applications for drones.Breaking down broadband nutrition labels
As part of the recently passed Infrastructure Investment and Jobs Act (Infrastructure Act) in the United States, Congress asked the Federal Communications Commission (FCC) to finalize rules that would require broadband Internet access service providers (ISPs) display a “label” that provides consumers with a simple layout that discloses prices, introductory rates, data allowances, broadband performance, management practices, and more.
While the idea of a label is not new (the original design dates from 2016), its inclusion in the Infrastructure Act has reinvigorated the effort to provide consumers with information sufficient to enable them to make informed choices when purchasing broadband service. The FCC invited the public to submit comments on the existing label, and explain how the Internet has changed since 2016. We’re sharing Cloudflare’s comments here as well to call attention to this opportunity to make essential information accessible, accurate, and transparent to the consumer. We encourage you to read our full comments. (All comments, from Cloudflare and others, are available for public consumption on the FCC website.)
The Internet, 6 years ago
Six years can change a lot of things, and the Internet is Continue reading
Practical Python For Networking: 2. 2 Python Virtual Environment Setup – Video
In this episode of the Python for Networking series, host Eric Chou covers setting up your Linux host and your Python 3 virtual environment. For more information, check out Python Virtual Environments: A Primer (https://realpython.com/python-virtual-environments-a-primer/) Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including […]
The post Practical Python For Networking: 2. 2 Python Virtual Environment Setup – Video appeared first on Packet Pushers.
Video: Challenges of Managed SD-WAN Services
When I published a link to the Is MPLS/VPN Too Complex? blog post to LinkedIn, someone asked whether I’m skeptical about service provider SD-WAN services due to lack of skills, and Kristijan Taskovski quickly identified the root cause in his reply:
The argument of a lack of skill is only one that is perpetuated by businesses. It’s not perpetuated by engineers. People that are trained, honed, and knowledgeable are expensive. Expense is the number one enemy for a business.
That’s exactly why I think most managed SD-WAN services will be a dismal failure.
Video: Challenges of Managed SD-WAN Services
When I published a link to the Is MPLS/VPN Too Complex? blog post to LinkedIn, someone asked whether I’m skeptical about service provider SD-WAN services due to lack of skills, and Kristijan Taskovski quickly identified the root cause in his reply:
The argument of a lack of skill is only one that is perpetuated by businesses. It’s not perpetuated by engineers. People that are trained, honed, and knowledgeable are expensive. Expense is the number one enemy for a business.
That’s exactly why I think most managed SD-WAN services will be a dismal failure.