DMVPN vs MPLS VPN
DMVPN – Dynamic Multipoint VPN and MPLS VPN are two of the most popular VPN mechanisms. In this post, we will look at DMVPN vs MPLS VPN comparison, from many different aspects. At the end of this post, you will be more comfortable positioning these private VPN mechanisms.
DMVPN vs MPLS VPN
When we compare the two protocols, we look at many different aspects. For this comparison, I think very first we should say that DMVPN is a Cisco preparatory tunnel-based VPN mechanism but MPLS VPN is standard-based, RFC 2547, non-tunnel based VPN mechanism. Although, whether MPLS LSP is a tunnel or not is an open discussion in the networking community, we won’t start that discussion here again.
DMVPN and MPLS VPN over the Internet
Another important consideration for MPLS VPN vs DMVPN is, that DMVPN can be set up over the Internet but MPLS VPN works over private networks, Layer 2 or Layer 3 based private networks. DMVPN tunnels can come up over the Internet and inside the tunnels routing protocols can run to advertise the Local Area Networks subnets.
But MPLS requires Private network underlay.
Figure – DMVPN Networks can run over Internet or Private Networks
Continue reading
Network Break 378: Barracuda Gets A New Owner; Intel Buys Ananki For Private 5G
Take a Network Break! This week we cover several acquisitions including Barracuda Networks being bought by KKR, SailPoint being picked up by Thoma Bravo, Perforce buying Puppet, and Intel snapping up Ananki to get into the private 5G market. Plus more tech news.Tech Bytes: Why Wi-Fi 6E Is Off To A Fast Start (Sponsored)
Today on Tech Bytes podcast we talk with Aruba, a Hewlett Packard Enterprise company, about the evolution of Wi-Fi standards, why Aruba is seeing the fast take-up of Wi-Fi 6E, practical enhancements in 6E, and what to expect with Wi-Fi 7.
The post Tech Bytes: Why Wi-Fi 6E Is Off To A Fast Start (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Why Wi-Fi 6E Is Off To A Fast Start (Sponsored)
Today on Tech Bytes podcast we talk with Aruba, a Hewlett Packard Enterprise company, about the evolution of Wi-Fi standards, why Aruba is seeing the fast take-up of Wi-Fi 6E, practical enhancements in 6E, and what to expect with Wi-Fi 7.Rust Query Pokemon API
This year I have been learning Rust, and I recently came across an excellent by Tyler Christiansen Dependencies Add the following libraries to the dependencies section of the cargo.toml file. tokio = futures = "0.3.21" serde = "1.0.136" serde_derive = "1.0.136" serde_json =...continue reading
Rust Query Pokemon API
This year I have been learning Rust, and I recently came across an excellent by Tyler Christiansen Dependencies Add the following libraries to the dependencies section of the cargo.toml file. tokio = futures = "0.3.21" serde = "1.0.136" serde_derive = "1.0.136" serde_json =...continue reading
IS-IS Routing Ptrotocol
IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS.
Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks.
IS-IS Routing Protocol in Networking
IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol.
IS-IS TLV Codes – Specified in RFC 1195
You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs.
1. IPv6 Address Family support (RFC 2308)
2. Multi-Topology support (RFC 5120)
3. MPLS Traffic Engineering (RFC 3316)
IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF.
IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID.
IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS.
IS-IS doesn’t require an IP address for the neighborship.
Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA
This article originally appeared on Packet Pushers Ignition on January 12, 2021. In broad terms, the SolarWinds attack is a standard (though well-executed) supply-chain compromise that breaches a trusted source of software, hardware, or services to gain entry into an organization’s internal infrastructure. Once inside, it spreads to other systems, installs additional tools, compromises user […]
The post Mitigate Supply-Chain Attacks With Microsegmentation And ZTNA appeared first on Packet Pushers.
Rust Reading and Writing JSON
In this post, I will show you how to read and write JSON data with Rust using the wonderful serde library. Software The following software was used in this post. Rust - 1.59.0 serde - 1.0.136 serde_derive - 1.0.136 serde_json - 1.0.79 Dependencies Add the following libraries to the...continue reading
OSPF Configuration – A sample template on multi-vendor routers
There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router’s manufacturer.
We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper’s JunOS operation systems.
OSPF on Cisco IOS-XE
With ios-xe we start configuring OSPF by mentioning the numerical value of the:
OSPF Process ID
And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco.
Does it have to be matched on both the peering ends?, the answer is NO
Does it affect some priorities in some OSPF election processes?, the answer is also NO
Is it that mandatory?, well based on that “OS” it is, but it is not a general OSPF concept?
As it is missing with the other vendors!!
That makes the first line of configuration look like this:
OERouter1(config)#router OSPF [Process ID]
i.e. “OERouter1(config)#router ospf 10
OSPF Network Advertisement
the later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks.
these networks Continue reading
Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video
This lesson walks through how to use a Python script to send alerts via text messages using Twilio. Course files and code samples for this and the other lessons are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. […]
The post Practical Python For Networking: 4.1 – SMS Alerting – Introduction To Twilio – Video appeared first on Packet Pushers.
OSPF Protocol Basic Overview
What is OSPF
Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols.
done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms.
In this article, we will review the basics and specs of this protocol, and see its own unique features.
OSPF Neighbor States
As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of 244.0.0.5 seeking any possible other OSPF routers in the area.
This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template.
Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default).
An OSPF neighbor process will start by:
-
Init:
- at the moment of confirmation that a bidirectional multicast hello has initiated
-
2-Way:
- communication from the 2 parts has successfully occurred
-
ExStart:
BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video
Melchior Aelmans of Juniper Networks explains what TCP/AO (RFC5925) is to Packet Pushers podcast host Ethan Banks. Then we get a Junos-based demo of TCP/AO in action authenticating a BGP session as an alternative to MD5. https://packetpushers.net https://datatracker.ietf.org/doc/html/rfc5925 Tweets by MelchiorAelmans About You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]
The post BGP Authentication? User TCP/AO Instead of MD5! With Melchior Aelmans – Video appeared first on Packet Pushers.
Worth Reading: New Linux Command Line Tools
Julia Evans published a long list of new(ish) Linux command line tools. For example, did you ever want to have directory listing in nicely formatted JSON? How about ls -l | jc --ls | jq .?
Quite a few of these tools also work on Mac and can be installed with HomeBrew. Some are written in a scripting language, so you could (in theory) also use them on Windows (without WSL).
Worth Reading: New Linux Command Line Tools
Julia Evans published a long list of new(ish) Linux command line tools. For example, did you ever want to have directory listing in nicely formatted JSON? How about ls -l | jc --ls | jq .?
Quite a few of these tools also work on Mac and can be installed with HomeBrew. Some are written in a scripting language, so you could (in theory) also use them on Windows (without WSL).
Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored)
Today's Heavy Networking, sponsored by Juniper, dives into the custom vs. merchant silicon debate. Juniper makes the case for its Trio 6 ASIC in MX routers. We get into the specifics of Trio 6 capabilities, examine the needs of the multi-service edge, and discuss the technology and business cases for custom hardware.
The post Heavy Networking 626: Choosing The Right Silicon For The Job (Sponsored) appeared first on Packet Pushers.